Are you giving people the API key that they can steal and use themselves to make AI queries using your account?
Are you using an environment variable? Can it be extracted by executable code?
Thanks for the link. Most of my tools are for generating content (for auto-blogging ) - they call other third party APIs to embed images in between content and also give web links calling Bing APIs enabling users to generate a complete article along with internal links. I will probably have to move the API calling code to the server side to be on the safe side.
But if they can see the code calling the API, they can change it. It sounds more like your key(s) leaked, though, and someone is using the most expensive model for free on your dime…
I’d recommend sooner rather than later… I’d change all the API keys while you’re at it (after you have them stored securely on the server…) Even with obfuscation, it’s relatively trivial to find and steal an API key on the public-facing side … Good luck!
I was aware about it and paid a small price for it. I am now writing the code needed to move the api keys and all sensitive data to the serverside (php code outside public_html) and hopefully get my tools up and running shortly. Thanks to all of you for your guidance and help.