Hi Ishant! Apologies for reviving an old thread. The guidelines on bring-your-own-key applications page that you linked to redirects to the new “Usage policies” page which doesn’t provide details on this anymore.
So I want to demonstrate a scenario here (of how the API key is used in my app):
The users API key is stored in browser’s local session storage and is only transmitted to the server (encrypted with server’s public key in transit and decrypted server-side) when the user uses the service actively and only for those requests triggered by the user explicitly. The API key isn’t stored in the server/backend. Is this use-case permitted?
It doesn’t make any sense for App developers to charge for API usage from users to recover costs and pay it forward to OpenAI when users can directly pay OpenAI instead. It would simplify workflow a lot and remove burden on devs. Makes no sense for us to implement usage based billing for this (when most SaaS apps already provide a way to BYOK).
Really need more clarity on this in the “Usage policies” document as it seems to have replaced the earlier guidelines for BYOK apps but no longer makes any mention of the same.
Thanks!