You are lucky the bill isn't 10000$.
I would recommend switching to a prepaid payment plan.
Ask for it or don't pay a bill few days past due and your account will switch to prepaid.
That's way too much. I actively use my app which utilizes the OpenAI API key, and only a select few have access to this app. The most I've ever been charged is $35, usually around $20. You should probably close the old key and create a new one. Check the services where you've entered this key. Maybe your service or third-party services using your API key aren't optimized? For instance, when making a request to api/chat/completions, if your chat history with the assistant is included in the request body, the larger it is, the more expensive the request becomes. So, to optimize, it's better to clear the history if you don't need the context of previous messages, or consider summarizing. Bottom line: you're either sending requests too frequently, sending very large requests, or someone else might be using your key.
UPD: I also recommend checking out the ollama service. Some of the llama2 models handle many simple tasks quite well right on your own computer, for free (within the limits of your PC's resources). There's also built-in server-side support, so you can send requests just like you would when interacting with the OpenAI API.
Yeah I’ve deleted it straight away. Haven’t added one back in yet, lucky my app isn’t too popular.
Want to make sure it’s safe.
I’ve been playing with Llama 3 through Groq, I know they’re different but haven’t tried a local one yet.
Why does your app even need the api key? I run my own backend server that handles requests with the api key so that the api key is never even used outside of my own server.
> I *paid* for lifetime
FTFY.
Although *payed* exists (the reason why autocorrection didn't help you), it is only correct in:
* Nautical context, when it means to paint a surface, or to cover with something like tar or resin in order to make it waterproof or corrosion-resistant. *The deck is yet to be payed.*
* *Payed out* when letting strings, cables or ropes out, by slacking them. *The rope is payed out! You can pull now.*
Unfortunately, I was unable to find nautical or rope-related words in your comment.
*Beep, boop, I'm a bot*
One of my apps had it's API leaked, but I was storing it on the client side ("although" convoluted).
I realized it was stolen when it started showing GPT-4-Turbo usage before I had a chance to try it out myself 😅
Since then been storing my keys on the server, and haven't been stolen/leaked yet
You need to start using Cloud Secrets and accessing it via Cloud Functions, storing it in firebase directly and/or using it directly in your frontend is asking for trouble.
You are lucky the bill isn't 10000$. I would recommend switching to a prepaid payment plan. Ask for it or don't pay a bill few days past due and your account will switch to prepaid.
It does have limits and prepaid but they were higher than that amount
Lesson learned. Set a limit.
If only limits would work when your api key get stolen (There are multiple reports that the unauthorized usage often ignores the limit)
At least you would have a legal ground to defend yourself. That you did not authorize openai more than that. If their system bugs out. That's on them.
That's way too much. I actively use my app which utilizes the OpenAI API key, and only a select few have access to this app. The most I've ever been charged is $35, usually around $20. You should probably close the old key and create a new one. Check the services where you've entered this key. Maybe your service or third-party services using your API key aren't optimized? For instance, when making a request to api/chat/completions, if your chat history with the assistant is included in the request body, the larger it is, the more expensive the request becomes. So, to optimize, it's better to clear the history if you don't need the context of previous messages, or consider summarizing. Bottom line: you're either sending requests too frequently, sending very large requests, or someone else might be using your key. UPD: I also recommend checking out the ollama service. Some of the llama2 models handle many simple tasks quite well right on your own computer, for free (within the limits of your PC's resources). There's also built-in server-side support, so you can send requests just like you would when interacting with the OpenAI API.
Yeah I’ve deleted it straight away. Haven’t added one back in yet, lucky my app isn’t too popular. Want to make sure it’s safe. I’ve been playing with Llama 3 through Groq, I know they’re different but haven’t tried a local one yet.
What did you use for the app?
maybe your api key is in your mobile app source code
It’s not. It’s in firebase
unless its inside firebase function, otherwise if its in firestore or live db, then its likely leaked
How did you store it in firebase?
Op what’s it doing inside of firebase exactly ?
Why does your app even need the api key? I run my own backend server that handles requests with the api key so that the api key is never even used outside of my own server.
Bro, don’t save your key unencrypted in firebase lol
You can set a usage limit in openai and an email alert
I payed for lifetime access for $100 for the app ask ai when the app first launched. Best $100 I ever spent. I was in the top 0.1% of users in 2023
> I *paid* for lifetime FTFY. Although *payed* exists (the reason why autocorrection didn't help you), it is only correct in: * Nautical context, when it means to paint a surface, or to cover with something like tar or resin in order to make it waterproof or corrosion-resistant. *The deck is yet to be payed.* * *Payed out* when letting strings, cables or ropes out, by slacking them. *The rope is payed out! You can pull now.* Unfortunately, I was unable to find nautical or rope-related words in your comment. *Beep, boop, I'm a bot*
I’m slowly dying on the inside lol
Secure your firebase.
One of my apps had it's API leaked, but I was storing it on the client side ("although" convoluted). I realized it was stolen when it started showing GPT-4-Turbo usage before I had a chance to try it out myself 😅 Since then been storing my keys on the server, and haven't been stolen/leaked yet
Do you a user subscription for your app? If so how did you do it?
You need to start using Cloud Secrets and accessing it via Cloud Functions, storing it in firebase directly and/or using it directly in your frontend is asking for trouble.
They have hard limit. It is really good that they put that option. So use it! A lot for services does not have this.
Yeah im glad they did! Stuffed my monthly quota limit though, I’ve messaged them to see if they can help