As a developer building ChatGPT plugins, am I responsible for the language model API credits, or does ChatGPT utilize the credits of the end users who install and use my plugin?
End users’ tokens are used. As described in the plug-ins docs:
We then pass it in the Authorization header when making requests to the plugin (“Authorization”: “[Bearer/Basic][user’s token]”)
As you can see, the user’s token (an encrypted version of the user’s API key) is used.
Hmm. I find the doc you link to confusing. Does this describe a protocol for authenticating the user wrt third parties the plugin wants to reference (e.g., corporate databases, etc), or can the oauth token sent to the plugin also be used in place of the developer openAI api-key for plugin requests to the openAI api itself?
Sorry if this seems dumb, I’m an AI guy, minimally networking / security saavy.
Don’t know for sure, but ChatGPT doesn’t have API credits. Your plugin will receive a user’s query text and respond with text. You aren’t interacting with the language model at all unless you are making additional OpenAI API calls (which would be against your API account, and up to you to develop a user authentication/monetization strategy)
Yup, that’s how my plugin (llmsearch on github) currently works. It would be nice, though, if the OAuth mechanism provided a plugin with an ‘in-session’ version of the user OpenAI key that the plugin could use to charge api calls to the user account. My plugin makes multiple calls to gpt-3.5-turbo internally.
Seems like the openAI doc mentioned earlier might provide such a token, but I’m not knowledgeable enough about OAuth to interpret it.
Can anyone clarify?
ChatGPT users don’t have an OpenAI token though. They might not even have any payment method on file.
The docs Authentication is discussing how to authenticate the user against your backend system, so a plugin user could use your plugin to access their specific user data, or you can track requests to a specific user and charge them through your own methods. You’ll receive a token that you can match up on your backend to your user accounts. It’s not authentication for OpenAI API.
thanks. That’s how I interpreted it, but was hoping maybe I was wrong.