I’ve got two apps running. For one, I set up a proxy server, and for the other, the API key is stored in a remote database. I did try implementing a server for the second app, but it significantly degraded the user experience due to slow response times. So, I left it as is for another week. But just yesterday, the key was intercepted again, and it maxed out the hard limit I had established.
Now, I’m not even sure which API key was compromised. I suspect it’s the one with the app that doesn’t have the server. Before implementing the server in the second app, I want to exhaust all other alternatives, which is why I’m asking here for advice. Previously, with OpenAI’s old UI, I could track which account was making requests to GPT-4 or GPT-3.5, so I had split the API keys between two separate accounts. But with the new UI update, it’s no longer showing us the API request details, which is a big setback.