科技回声

This question has been around my mind lately.The context is, if you are building a web application that allows user to use their own OpenAI API key to interact with OpenAI, how would you store their API key?1. Local storage, let them send your API key through your server2. Local storage, and the API key is called right from the user's browser3. On your server??? How to store it securely? Using a vault manager?#2 seems like a good choice, but in case you need to secure your prompt, then this is not feasible.I've been struggling to find a good way to handle this situation.Anyone have any idea or best practice on how to go about this scenario?

It’s technically prohibited by OpenAI’s ToS to share your key with any third party, so presumably options 1 and 3 could get your users’ accounts banned. That being said, until OpenAI releases some kind of OAuth, there isn’t a great option unless your app is entirely client side.

Why not use your own api key and collect payment from your customers?or add advertising and make sure you use 3.5

Definitely local storage.

Why not use your own api key and collect payment from your customers?or add advertising and make sure you use 3.5

Definitely local storage.

Ask HN: If you are building OpenAI apps, how do you store user's API key?

3 条评论

Ask HN: If you are building OpenAI apps, how do you store user's API key?

3 条评论