I’m working on an android app, I have a concern that somehow something could happen where it ends up making too many requests and costs too much. I plan to make the app try to limit how much the user can chat but it is always a concern something could go wrong and it would be using my API key so the potential for too many chat requests that could add up to a lot of money could be there.
If I could somehow set a total max request per day that would make me feel more comfortable, for example
Hi and welcome to the Developer Forum!
If your API key is in your application, even encrypted, you should withdraw the app now and revoke the API key, this is not a safe way to do it.
You need to use either a relay server that your application authenticates with vias a system such as OAuth or you should make use of an API key management service by one of the many cloud providers, Azure, AWS, etc.
Using the relay server method you will be able to allocate limits and regulate your users usage in a safe and manageable way. API keys inside of apps will eventually get decoded, so just don’t let that be the case.
adding to what @Foxabilo said,
if you want to make a production grade app, you’ll probably need proper api monetization anyways, and likely track and monitor revenue and cost by account.
what you can do in the meantime is go to OpenAI Platform billing limits and set a lower threshold there, until you have your internal billing sorted out.
thanks for the info… no my app is not in production yet so this is all just me planning it out. I’m an experienced dev but new to android dev so learning how this is normally done, thanks I will review more about using a relay server.
The OpenAI Platform billing limits page is great, that’s exactly what I was looking for. Right now I’m just concerned about worst case scenarios, my app probably won’t make much or any money at first I just want to be sure nothing can happen that would result in me getting a huge API usage bill.
Do not put your API token into the Android app. People will extract it from your app, and call the API on your behalf, and you will pay for their usage.
The way to manage model usage, is to provide your own API (could be a simple web service, or a lambda function, or something else) where the Android app calls your API, and your API calls the OpenAI API in turn. That way, nobody else will see your API token.
You still need some way to limit how many requests your app will make to your service; typically this is done by requiring some kind of account login (such as a google accout) and then have some kind of rate limit by account on the server side (typically in a memcache or redis or something, but could just be a database if your scale is small.)