#authenticate user in custom GPT

1 messages · Page 1 of 1 (latest)

woeful dome Jan 6, 2024, 12:24 AM

how can you authenticate user for your api for your GPT?

timber juniperBOT Jan 6, 2024, 12:24 AM

Hi @woeful dome. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

Based on the information provided in the extracts, there are a few ways you can authenticate users for your API in your custom GPT.

Service Level Authentication: This method gives developers control over how their plugin is being used but doesn't introduce overhead for users. To implement this, you need to provide a client secret during the plugin installation flow. This means that all traffic from OpenAI plugins will be authenticated but not on a user level. Here's how you can do it:
- Select "Develop your own plugin" in the ChatGPT plugin store, and enter the domain where your plugin is hosted.
- In ai-plugin.json, set auth.type to "service_http".
- You will be prompted for your service access token, which is a string specified in your code. We securely store an encrypted copy of your service access token to enable plugin installation without additional authentication.
- The service access token is sent in the Authorization header for plugin requests.
- Once you add your service access token into the ChatGPT UI, you will be presented with a verification token.
- Add the verification token to your ai-plugin.json file under the auth section.
Here's an example of how your ai-plugin.json file might look:
```
"auth": {
 "type": "service_http",
 "authorization_type": "bearer",
 "verification_tokens": {
  "openai": "Replace_this_string_with_the_verification_token_generated_in_the_ChatGPT_UI"
 }
},
```
You can add additional applications you want your plugin to support in the verification_tokens section.

OAuth Authentication: This method requires setting up a remote server. While there's no specific guide provided in the extracts, one of the forum posts suggests that you could require an OAuth verification of the user and use the UID or token from this to identify users in future sessions.

Please note that the creators of GPTs cannot access user conversations with their GPTs, and OpenAI has automatic systems to help ensure GPTs adhere to usage policies, preventing harmful content and impersonation. For further details and updates on data privacy, please refer to OpenAI's official Privacy Policy (https://openai.com/policies/privacy-policy) and Terms of Use (https://openai.com/policies/terms-of-use).

Sources:

Forum Post: Custom GPT per user authentication [custom API programming] (https://community.openai.com/t/501937)
Docs > Plugins > Plugin authentication > Service level (https://platform.openai.com/docs/plugins/authentication)
Help Article > En > Articles > How are privacy and safety handled in GPTs? (https://help.openai.com/en/articles/8554407-gpts-faq#h_56e44d6ee1)

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

@woeful dome kapa.ai is still learning and improving, please let us know how it did by reacting below