Short Lived Restrictive API Keys

Good question, and you’re thinking about the right risks here. There isn’t currently a built-in feature for issuing short-lived, scoped API keys directly from OpenAI with restrictions like model-only access, IP binding, or per-session expiration. Also, even if a key is short-lived, exposing it on the client side is still risky. If someone grabs it during that window, they can make requests against your account and you’d be billed for that usage. So keeping API keys private is really important for protecting both your usage and your data. - Sky