Private and public API Key to build browser client apps

KarmaLaundry · July 17, 2024, 3:23pm

Hello everyone, and forgive me for my poor cybersecurity knowledge.

To my understanding the only possible way to invoke the chat completion API without compromise the API key is from a server backend.
Is there a way to build an application that make calls to OpenAi APIs completely on the browser without making public the API key?

I wonder why there isn’t an authentication method with something like private and public key or some sort of encryption.
That would be extremely useful because it would allow many applications like chatbots to run directly in the browser, without the costs and latency of a server backend.

anon22939549 · July 17, 2024, 4:51pm

No.

grandell1234 · July 18, 2024, 1:03am

You mentioned you weren’t a cyber security expert so the reason is that if it’s all in the browser someone who still be able to view the private key making it just harder to use it then a regular key.

Topic		Replies	Views
Any safe way to have a client-side app talk to OpenAI API directly? API api-keys	2	724	January 28, 2025
OpenAI API_KEY Configuration on Client side Community api	1	3741	September 7, 2023
New API Feature Idea: Encrypted API Key Support Community gpt-4	4	1146	November 17, 2023
Web implentation and keeping the API key private? API	26	10947	June 7, 2024
Programmatically create API keys API	11	4429	April 16, 2025

Private and public API Key to build browser client apps

Related topics