openai的apikey能干甚么的进一步展开说明

Always use a unique API key for each team member on your account

API keys are unique codes that identify your requests to the API. It is important to use a unique API key for each team member to ensure accountability and security. Sharing API keys is not allowed according to OpenAI’s Terms of Use. To grant API access to your team, invite new members to your account from the Members page. They will receive their own unique API key upon sign-in.

Never deploy your key in client-side environments like browsers or mobile apps

Deploying your OpenAI API key in client-side environments such as browsers or mobile apps is highly discouraged. Doing so can expose your key to malicious users who can make unauthorized requests on your behalf. This can result in unexpected charges or compromise of sensitive account data. To ensure security, always route requests through your own backend server where you can securely store your API key.

Never commit your key to your repository

Committing your API key to source code is a common way that keys get exposed to the internet. Even in private repositories, there is still a risk of data breaches that could lead to your keys being leaked. It is strongly recommended to use environment variables as a proactive key safety measure. By using environment variables, you can set and retrieve your API key without directly including it in your code. This adds an extra layer of security and prevents accidental exposure of your key.

Use Environment Variables in place of your API key

Environment variables are variables that are set on your operating system rather than within your application. By using environment variables, you can securely store and retrieve your API key. In this case, set the name of the variable to OPENAI_API_KEY. By keeping this variable name consistent across your team, you can share and commit your code without the risk of exposing your API key. Using environment variables also allows for easier management and updates of your API keys.

Windows Set-up

Option 1: Set your ‘OPENAI_API_KEY’ Environment Variable via the cmd prompt

To set your ‘OPENAI_API_KEY’ environment variable using the cmd prompt, follow these steps:

1. Open the cmd prompt.
2. Run the following command, replacing <yourkey> with your actual API key:

After running this command, you need to open a new cmd prompt window to use the environment variable with curl. You can validate that the variable has been set by opening a new cmd prompt window and typing:

Option 2: Set your ‘OPENAI_API_KEY’ Environment Variable through the Control Panel

To set your ‘OPENAI_API_KEY’ environment variable through the Control Panel, follow these steps:

1. Open the System properties.
2. Select Advanced system settings.
3. Select Environment Variables…
4. In the User variables section, select New…
5. Add your name/key value pair, replacing <yourkey> with your actual API key:

Variable name	Variable value
OPENAI_API_KEY	<yourkey>

Linux / MacOS Set-up

Option 1: Set your ‘OPENAI_API_KEY’ Environment Variable using zsh

To set your ‘OPENAI_API_KEY’ environment variable using zsh, follow these steps:

1. Run the following command in your terminal, replacing yourkey with your actual API key:

2. Update the shell with the new variable:

3. Confirm that you have set your environment variable using the following command:

The resulting output should be the value of your API key.

Option 2: Set your ‘OPENAI_API_KEY’ Environment Variable using bash

Follow the directions in Option 1, but replace .zshrc with .bash_profile.

Use a Key Management Service

For teams deploying applications into production, it is recommended to use a Key Management Service (KMS) to securely manage API keys. KMS tools provide a secure way to store and manage keys, allowing you to control access and improve overall data security. With KMS, even in the event of a data breach, your keys are encrypted and stored in a separate location, reducing the risk of compromise.

Monitor your account usage and rotate your keys when needed

Regularly monitoring your account usage is important to ensure the security of your API key and prevent unauthorized access. If you suspect any misuse or unauthorized activity, there are steps you can take to protect your account:

1. Track your team’s API usage by accessing the Usage page.
2. If you have concerns about misuse, consider rotating your API keys regularly. By generating new keys and updating your code and environment variables, you can prevent any potential compromises.
3. Stay vigilant and keep an eye out for any suspicious activity or unexpected charges. If you notice anything unusual, take immediate action to investigate and rectify the situation to minimize the impact on your account.

By following these best practices, you can ensure the security of your OpenAI API key and protect your account from unauthorized access or potential data breaches.

openai的apikey能干甚么的常见问答Q&A