Hi everyone,
Has anyone experimented with using the ephemeral key on the client side? I was prototyping a solution and noticed something concerning.
The Realtime API documentation states:
A new Realtime session configuration, with an ephemeral key. Default TTL for keys is one minute.
However, in practice, I found that the expires_at value was set for 2 hours later instead of the documented 60 seconds. This discrepancy is a bit alarming and seems like it could pose a security issue.
I’m curious—has anyone else encountered this? If so, how have you addressed it?
Additionally, could someone from @openai take a look and clarify whether this behavior is expected or a bug?
Thanks in advance for your insights!
