API Security with Proxy Server

[ppoh71]

Documentation about how a proxy server can work with this client. Otherwise, it is not recommended to use this client, since you expose your API key in your client which will result in a compromised API Key and financial costs on your side. (Speaking out of experience)

The feature request: A working example of secure server-side communication with a proxy server and openai and the macpaw/client

Context:

Since we all read this disclaimer:

⚠️ OpenAI strongly recommends developers of client-side applications proxy requests through a separate backend service to keep their API key safe. API keys can access and manipulate customer billing, usage, and organizational data, so it's a significant risk to expose.

I still deployed my app without a proxy and used the openai API directly in my app. After few days in the AppStore my API key got compromised and was used for by Chatgpt4 request. Luckily I had a set a limit and learned a lesson.

[SunburstEnzo]

I'm really sorry to hear your API key was compromised; this is a really good idea and something I'd love to see added myself. Though I'm not a moderator I'll have a look at adding some helpful text, but feel free to add a basic PR and we'll build on it.

[ppoh71]

please check the ongoing discussion here: https://github.com/MacPaw/OpenAI/discussions/116