{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiatxmamvz4koarh4d2qs72fyvofuy23fdpbikijzu62q4djewghle",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3mgupyk7ukpq2"
  },
  "path": "/t/short-lived-restrictive-api-keys/1376533#post_1",
  "publishedAt": "2026-03-12T15:21:23.000Z",
  "site": "https://community.openai.com",
  "textContent": "Hey there, Good day!\n\nI am building an app that will need to access your services on the client. However, I would rather not leak my API keys there.\n\nBesides deploying this part of the infra to the edge. I was thinking that it would be great to expose short-lived restricted api keys to the client.\n\nDo you have such functionality, or do I need to implement it by hand?\n\nExample: Api key for a specific response session with an expiration of 1 hour and only specific model access (only gpt 5 mini) and a specific user (via IP or GEO location) optional.\n\nThe client would then make requests directly to the OpenAI API (saving bandwidth).\n\nUsing the new WebSocket response API I believe this would be even better for load times and speed",
  "title": "Short Lived Restrictive API Keys"
}