Securing Open AI API Keys

apchitnis · April 30, 2024, 12:35pm

Hello there,
I have an app that uses open AI APIs. I stored the API key in the Firebase remote config, and the app accesses the keys just before making the API call.

Lately, I have noticed that my API key is getting hacked. From the API usage, I can see the usage for the models my app does not use.

I am now changing API keys every 24 hours (manually) and have also restricted certain permissions while creating the API key. Anything else I could do?

Thanks for your assistance.

Diet · April 30, 2024, 12:38pm

Welcome to the community!

Do NOT send your API key to your app!!

Use cloud functions or something to proxy the request. The API key can never even traverse a user controlled device!

apchitnis · April 30, 2024, 1:01pm

Thank you. I will explore Firebase cloud functions.

Topic		Replies	Views
My API is getting leaked.. need advice! API	10	1935	July 13, 2023
Excessive use of the API and interaction with unprogrammed models in the App API	5	735	September 30, 2023
Repeated Fraudulent Use of My API Keys API api	6	519	November 17, 2023
API key compromised, API key security API api	23	1353	March 23, 2024
Wrong API model is being utilised API chatgpt , api	12	1123	November 30, 2023

Securing Open AI API Keys

Related Topics