As the previous thread with a connected topic has been closed I’ll start this new one.
I would like to analyze texts of users on mobile devices, but without sending their information first to a web service under my control. Instead I want to directly contact the OpenAI API from the client device.
Obviously I can’t put an API key into a public app.
So how are we supposed to do this?
I don’t think there will be any good news for the case you outlined.
You can’t programmatically create OpenAI API keys at the moment.
There is a maximum number of 25 API keys you can have under your organization’s account.
OpenAI wants the developer to route their users traffic through a server the developer controls.
There are many advantages to routing the traffic through your own server and using your own API key because that’s the way the system has been designed.
Maybe you want to share why you think going another route would be a good idea in your case?
Yeah, it’s for privacy reasons.
For a certain set of users it may be acceptable that the app is sending their private information to OpenAI. Obviously they will be fully aware of this, as this is the whole purpose of the app. However, additionally sending it to some other party is not making things better.
It sounds rather trivial to solve this issue. I wonder if somebody has some insights why it is a good idea to keep the system as it now is.
This is not how security and data protection works.
Only because you trust your neighbour you won’t ask him to communicate your health issues to a doctor, whom you also trust.
Let’s send personal data to the smallest number of systems as possible!
It would be interesting to know if OpenAI has mentioned somewhere that they plan to add this capability. Otherwise what I would find satisfying is to understand the reason behind not doing it. Perhaps they have a really good point and we all would totally support not having this API functionality.
OpenAI wants the developer to route their users traffic through a server the developer controls
So openai is not interested in developers building scalable applications on openai platform?
Your platform has only one workflow for app credentials: to click in the console and copy secret strings around. Which means, at the very basic level, openai offers no integration to manage even basic permissions for the external apps.
And the credentials for the app’s user identities is a whole other level that’s completely absent.
I don’t like some of these “don’t they trust you” replies. OpenAI has usage tracking by API key now (newer feature). I assumed that this was so that I could ‘give’ out new API keys to different users, and be able to set usage limits and such there. This seemed like an ideal setup, especially since I didn’t really want to build a whole backend for my app, in which it would keep track of $$$ usage. I can just use OpenAI’s version.
However, this does not seem to be the case. I can’t automatically create API keys with any sort of API call. I’m either going to have to do it manually, or give them a shared ‘temp’ key until I can manually do it.
It’s all very odd to me. Especially since it looks like the infrastructure is built out and ready to go.
Yes, this doesn’t make sense really. We want to use a different key for each installation of our product (all controlled by us) so that accounts team can easily see at a glance who is using what without having to implement a token count ourselves. I don’t think this is unreasonable.