openAI API authentication method

Hi!

Maybe a strange question. I’m building a small app with Bubble which uses OpenAI API to generate text based on input from the user. My question is, what is a safe authentication method without having the risk someone could steal my API Key? Is ‘self handled’ or ‘private key in header’ safe enough?

Im a little autistic so I have a hard time to find and understand the right information about this.

Thanks in advance!

There is a “private” checkbox next to the header. Check that. I think that should help.

Thanks for you reply!
So, if the authentication method is on ‘none or self handled’ and the ‘private’ checkbox is checked it would be safe enough? Without having to worry that someone can steal the private key?

Hi there, you would also a) keep the POST urls private by adding the url as a parameter instead of in the Method URL field eg. put https://[url] in the Method URL field and the full url is a URL parameter and b) only call the API in a backend workflow eg. schedule the API from the front end and run it in the backend and c) ensure that all 3 checkboxes in the API call are unchecked (Expose as a public API workflow + run without auth/ignore privacy rules, if these 2 apply to your app).

Hi, thank you so much for your message. Point A is pretty easy done, point B is a difficult one because I find working with backend workflows pretty harsh. Point C has to do with the backend workflows?