Securing Open AI API Keys

apchitnis · April 30, 2024, 12:35pm

Hello there,
I have an app that uses open AI APIs. I stored the API key in the Firebase remote config, and the app accesses the keys just before making the API call.

Lately, I have noticed that my API key is getting hacked. From the API usage, I can see the usage for the models my app does not use.

I am now changing API keys every 24 hours (manually) and have also restricted certain permissions while creating the API key. Anything else I could do?

Thanks for your assistance.

Diet · April 30, 2024, 12:38pm

Welcome to the community!

Do NOT send your API key to your app!!

Use cloud functions or something to proxy the request. The API key can never even traverse a user controlled device!

apchitnis · April 30, 2024, 1:01pm

Thank you. I will explore Firebase cloud functions.

Topic		Replies	Views
My API is getting leaked.. need advice! API	10	2593	July 13, 2023
Excessive use of the API and interaction with unprogrammed models in the App API	5	1002	September 30, 2023
Repeated Fraudulent Use of My API Keys API api	6	739	November 17, 2023
API key compromised, API key security API api	23	3003	March 23, 2024
Wrong API model is being utilised API chatgpt , api	12	1394	November 30, 2023

Securing Open AI API Keys

Related topics