#Organization wide API key

1 messages · Page 1 of 1 (latest)

crude shoal
#

Is there a way to create API keys not associated with any particular user, but associated instead with the whole organization?

In a production environment using API keys linked to a specific person is bad practice (what if said person leaves the organization?).
It seems to me that right now if I want to use an API key in a production environment I need to create a service user account and manage keys through that account.
This means that the credentials for this account must be shared with all members of the organization that need to manage production API keys.
This, again, seems like bad practice.

Isn’t there a way to create API keys not linked to a particular user?

turbid questBOT
#

Hi @crude shoal. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

#

Based on the information provided in the extracts, OpenAI recommends that each team member should have a unique API key for their account. Sharing of API keys is against the Terms of Use (https://beta.openai.com/terms-of-use) and is not supported by OpenAI. Instead of sharing your key, you can invite teammates to be part of your organization account through the Members (https://beta.openai.com/?code=uzJvMmP_BXfsXfnr&state=dEFBQzJRNDhFcnYuSXZuWWUwbThaVndTTXRMSU9vbUp%2BRmdXZW1BajJCTA%3D%3D) page. When they join, they'll get access to their own API Key (https://beta.openai.com/account/api-keys), which will keep your account even safer (source (https://help.openai.com/en/articles/5008148-can-i-share-my-api-key-with-my-teammate-coworker)).

As for the concern about a person leaving the organization, OpenAI allows you to set permissions for each of your API keys when you create a new secret key or by editing an existing key. This means you can restrict or revoke access as needed (source (https://help.openai.com/en/articles/8867743-assign-api-key-permissions)).

For managing secret API keys safely, OpenAI recommends using a Key Management Service. These tools allow you to control access to your keys and improve your overall data security (source (https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety#h_1f1872866a)).

However, the extracts do not provide information about creating API keys not linked to a particular user but associated with the whole organization. For more detailed information or specific use cases, you may want to reach out to OpenAI directly or check their official documentation.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: