What is the point of per-project limits when any org member can charge the default project?

Noneofyourbusiness · November 6, 2024, 10:50pm

What is the point of per-project limits when any org member can charge the Default Project? I have a team and need to keep each team member to a strict individual budget. I cannot trust my team to not jump into the Default Project and spend up to the org hard limit.

_j · November 7, 2024, 12:13am

Don’t invite people.

Distribute API keys.

Then, expect that OpenAI’s project limiter will not shut off a key with timeliness, allowing massive overage of a monthly budget by an attacker.

Noneofyourbusiness · November 7, 2024, 9:36pm

I obviously know that. But users can only track usage / cost through the dashboard via invited accounts. If I give anyone access to the dashboard, they have full access to spend our entire org’s budget.

I need to be able to give a less trusted user access to a limited budget (through project-specific API keys), but also need to give them the ability to track their own budget (cannot be done through the API).

_j · November 8, 2024, 3:18am

The API is to build user-facing products, not to be a user product.

Topic		Replies	Views
Get budget / spend / usage from the API API	0	52	November 7, 2024
Limits to Default project API projects	2	489	September 3, 2024
Default organization does not take organization rate limits into account API api-billing	3	831	May 3, 2024
Is it possible to set the budgets per project / user key in organization? API api , api-billing	0	102	August 23, 2024
How to enforce usage of project API keys / prevent billing of organization via user API keys / overbudgeting loophole Feedback api-keys	6	501	September 26, 2024

What is the point of per-project limits when any org member can charge the default project?

Related topics