Will there be OAuth Available for the API endpoints?

Instead of using the API key I would like to be able to use a ClientID and Secret with short access tokens and refresh tokens. I assume this is in the roadmap since it is pretty standard OAuth functionality but is there any information as to how long this will take? I am concerned that because it is a simple key it will be easy to compromise and hard to rotate, and this makes me hesitant to have my account tied to my CC.

Thank you guys this is a great product.


Seconded! Would be awesome feature to allow me to share my software with others and not pay for their usage

1 Like

In fact I do not really know how people is sharing their API key to any of those app which nowadays are using openAI APIs to do awesome things…

We have two use-cases here for a better Authentication / Authorization.

  1. M2M Authentication: Products which want to call OpenAI Services on behalf of themselves. Supporting something like private-key-jwt Client Authentication would make this much more secure. As the products can rely on asymmetric cryptography, instead of plain Api Keys.
  2. Products calling OpenAI/ChatGPT on behalf of some user: Some website/tools instead of managing OpenAI subscriptions themselves, may want to ask users consent to use their OpenAI subscriptions. In this case, oAuth 2.0 Login/Consent flow maybe used.

Both would be a great addition to OpenAI or to ChatGPT in my opinion. These are common practices in other products which require M2M or Resource Owner Consent.

We need something more than an Api Key :pray:

1 Like

+1, this would be awesome to support.