Will my api key be exposed | OpenAI | Page 1

tepid vessel Feb 20, 2024, 9:50 PM

#

Will using openai.completions.create in a client component expose my API key?

trail thornBOT Feb 20, 2024, 9:50 PM

#

Hi @tepid vessel. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

#

Yes, deploying your API key in client-side environments like browsers or mobile apps can expose your OpenAI API key. This can allow malicious users to take that key and make requests on your behalf, which may lead to unexpected charges or compromise of certain account data. Therefore, it's recommended to always route requests through your own backend server where you can keep your API key secure source (https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety#h_d26766269f).

In your backend server, you can use the OpenAI Python API library to create completions. Here's an example of how to do it:

from openai import OpenAI

client = OpenAI(
  api_key=os.environ['OPENAI_API_KEY'],  # this is also the default, it can be omitted
)

client.chat.completions.create()

This code is from the OpenAI Python API library (https://github.com/openai/openai-python/issues/233). The API key is retrieved from an environment variable, which is a safer way to handle sensitive data like API keys.

Remember to store your API keys in a secure location and expose them to your application using environment variables or a secret management service, so that you don't need to hard-code them in your codebase source (https://platform.openai.com/docs/guides/production-best-practices).

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

#

@tepid vessel kapa.ai is still learning and improving, please let us know how it did by reacting below

tepid vessel Feb 20, 2024, 11:25 PM

#

@trail thorn Why is this wrong
'openai.chat.completions.create({
messages: [getSystemMessageForTeachingResponses(currentTopic, generalrKs),
...messageHistory.map(m => ({ role: m.role, content: m.content }))],
model: "gpt-3.5-turbo"
})'

trail thornBOT Feb 20, 2024, 11:25 PM

#

Let me check the knowledge base for you. One moment! :books:

#

The code you've provided seems to be written in JavaScript, which is typically used for OpenAI's Node.js library. However, the extracts provided above only contain information about the Python library.

In Python, the syntax for creating chat completions with OpenAI's GPT-3.5-turbo model would look something like this:

response = openai.ChatCompletion.create(
  model="gpt-3.5-turbo",
  messages=[
        {"role": "system", "content": "You are a helpful assistant."},
        {"role": "user", "content": "Who won the world series in 2020?"},
    ]
)

This is just an example and the actual content of the messages would depend on your specific use case.

If you're using the Node.js library, the syntax might be slightly different. Unfortunately, I don't have the exact information from the provided extracts. For accurate information, please refer to the OpenAI Node.js library documentation or the OpenAI Cookbook's Node.js examples.

#Will my api key be exposed

Remember to store your API keys in a secure location and expose them to your application using environment variables or a secret management service, so that you don't need to hard-code them in your codebase source (https://platform.openai.com/docs/guides/production-best-practices).

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

If you're using the Node.js library, the syntax might be slightly different. Unfortunately, I don't have the exact information from the provided extracts. For accurate information, please refer to the OpenAI Node.js library documentation or the OpenAI Cookbook's Node.js examples.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: