As a developer building ChatGPT plugins, am I responsible for the language model API credits, or does ChatGPT utilize the credits of the end users who install and use my plugin?
End usersā tokens are used. As described in the plug-ins docs:
We then pass it in the Authorization header when making requests to the plugin (āAuthorizationā: ā[Bearer/Basic][userās token]ā)
As you can see, the userās token (an encrypted version of the userās API key) is used.
Hmm. I find the doc you link to confusing. Does this describe a protocol for authenticating the user wrt third parties the plugin wants to reference (e.g., corporate databases, etc), or can the oauth token sent to the plugin also be used in place of the developer openAI api-key for plugin requests to the openAI api itself?
Sorry if this seems dumb, Iām an AI guy, minimally networking / security saavy.
Donāt know for sure, but ChatGPT doesnāt have API credits. Your plugin will receive a userās query text and respond with text. You arenāt interacting with the language model at all unless you are making additional OpenAI API calls (which would be against your API account, and up to you to develop a user authentication/monetization strategy)
1 Like
Yup, thatās how my plugin (llmsearch on github) currently works. It would be nice, though, if the OAuth mechanism provided a plugin with an āin-sessionā version of the user OpenAI key that the plugin could use to charge api calls to the user account. My plugin makes multiple calls to gpt-3.5-turbo internally.
Seems like the openAI doc mentioned earlier might provide such a token, but Iām not knowledgeable enough about OAuth to interpret it.
Can anyone clarify?
ChatGPT users donāt have an OpenAI token though. They might not even have any payment method on file.
The docs Authentication is discussing how to authenticate the user against your backend system, so a plugin user could use your plugin to access their specific user data, or you can track requests to a specific user and charge them through your own methods. Youāll receive a token that you can match up on your backend to your user accounts. Itās not authentication for OpenAI API.
1 Like
thanks. Thatās how I interpreted it, but was hoping maybe I was wrong.