Identifying API Keys with Traffic from Unsupported Regions

We received a concerning email from OpenAI today indicating that our API usage includes traffic from unsupported regions:

We are eager to comply and block traffic from unsupported regions. We use the OpenAI API across multiple projects, each with its own API key.

Is there a way to identify which API keys are generating traffic from these unsupported regions?

Thanks in advance for your help!

1 Like

Connections that you make to OpenAI, using your API keys, should be coming from datacenter locations known by you. There should be no reason why you do not know how and where your API keys are being employed, such as client applications that connect directly to OpenAI and not through you.

OpenAI does not provide you a detailed log of what you are doing, neither with accounting of individual API calls and how they are costing you, nor showing the IP addresses employed.

1 Like

We have an application deployed to Cloudflare Worker.

My best guess is that Cloudflare Worker is run on “Edge”. That might be it.

Yes, we can stop this app or whitelist traffics to only the list of supported regions.

However, we still don’t know if this would work… I know that I can contact OpenAI support and wait for 3 days to get reply :slight_smile:

1 Like

Workers functions run on Cloudflare’s global network - a growing global network of thousands of machines distributed across hundreds of locations.

The most likely scenario is a user in an unsupported locale connects to Cloudflare and gets a geolocated instance. That then connects to OpenAI.

It seems if you want to continue, you might need your backend session to constantly be asking “geolocate my IP” to some service (hopefully with the same data as OpenAI) before sending API calls to OpenAI to protect yourself and deny some hosting locations.

Thanks for your answer.

Yes, we whitelist traffic to entire app already.

This is the reply from openai customer support, which seems to be not very helpful :slight_smile - i do hope the customer support could be a bit more professional:

Anyways, we made changes, but just don’t know if the changes work… We’ll wait and see if our account gets suspended after July 9.

We’ll continue monitoring all traffic from our end.

1 Like

Finally, after some waiting and communication, the customer support team revealed the issue:

OpenAI detected that a portion of our traffic (likely ~5%) from our Cloudflare Worker app originated from China, Hong Kong, and Macau before June 2, 2024.

Lessons learned: If you plan to use OpenAI’s API key in Cloudflare Worker or other edge computing products, make sure to whitelist traffic only from regions supported by OpenAI. You can find the supported countries here: OpenAI Supported Countries.

Overall, we have had great experiences interacting with OpenAI in the past, but this time, the customer support was lacking. It seemed like they intentionally avoided revealing that they were blocking traffic from China and other regions. If I hadn’t been persistent in my inquiries, I wouldn’t have known the exact issue.

As of now, we are still uncertain if this case is resolved. Customer support hasn’t confirmed if we are still receiving traffic from non-supported countries. We are left to guess and wait.

I hope OpenAI improves its customer support in the future.


oh god
I use hosting server location based on hongkong. I purchase hosting until end 2025. any solution?