Question About Ephemeral Key TTL in Realtime API

Hi everyone,

Has anyone experimented with using the ephemeral key on the client side? I was prototyping a solution and noticed something concerning.

The Realtime API documentation states:

A new Realtime session configuration, with an ephemeral key. Default TTL for keys is one minute.

However, in practice, I found that the expires_at value was set for 2 hours later instead of the documented 60 seconds. This discrepancy is a bit alarming and seems like it could pose a security issue.

I’m curious—has anyone else encountered this? If so, how have you addressed it?

Additionally, could someone from @openai take a look and clarify whether this behavior is expected or a bug?

Thanks in advance for your insights!

You are right, the expires_at value is set for 2 hours later

2 Likes

Bump +1000
Same issue for weeks with no idea how to solve. Docs say its valid for 1minute only! Not 2hrs as calculated and seen

1 Like

Hi, could you please let me know if your issue has been resolved? It would be really helpful for me.

Hi, could you please let me know if your issue has been resolved for ephemeral key TTL? It would be really helpful for me.

It is the expires_at which is bugged, the ephemeral token will not be usable after about 5 min