Skip to content

OpenAI API Key

Service Name: OpenAI

Service Description: OpenAI is an AI research and deployment company that provides access to powerful language models like GPT-4, DALL-E, and other AI capabilities through its API platform.

Service Address: https://openai.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level in OpenAI's dashboard.

Secret Access Scope: Grants programmatic access to OpenAI's models and services, including text generation, embeddings, fine-tuning, and image generation.

Secret Revokement URL: https://platform.openai.com/account/api-keys

Secret Example: sk-1234abcd5678efgh9012ijkl3456mnop7890qrst

Suspicious Activity Investigation Instructions:

  • Review API usage logs in the OpenAI dashboard for unusual patterns or excessive requests.
  • Check for unauthorized model access or unexpected usage spikes.
  • Monitor billing for unexpected charges that might indicate unauthorized use.
  • Verify if the key has been used from unusual geographic locations or IP addresses.
  • Examine the types of requests made with the key to identify potential misuse.

Mitigation Instructions:

  • Immediately revoke the compromised API key by navigating to the OpenAI API keys dashboard.
  • Create a new API key to replace the compromised one.
  • Update all legitimate applications and services to use the new API key.
  • Implement proper secret management practices to store the new API key securely.
  • Consider implementing usage limits and monitoring for the new API key.
  • Review OpenAI's best practices for API key security and implement additional safeguards.
  • If available, enable IP restrictions for your OpenAI organization to limit access to trusted networks.