Securing Open AI API Keys

Hello there,
I have an app that uses open AI APIs. I stored the API key in the Firebase remote config, and the app accesses the keys just before making the API call.

Lately, I have noticed that my API key is getting hacked. From the API usage, I can see the usage for the models my app does not use.

I am now changing API keys every 24 hours (manually) and have also restricted certain permissions while creating the API key. Anything else I could do?

Thanks for your assistance.

Welcome to the community!

Do NOT send your API key to your app!!

Use cloud functions or something to proxy the request. The API key can never even traverse a user controlled device!

Thank you. I will explore Firebase cloud functions.