{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreid7u2lxusrccvlceljswf6jluyapuhkhd2i6oeisnuwlk2glblnra",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3mlfvp4u5xrm2"
  },
  "path": "/t/openai-api-token-is-stolen-last-friday-and-not-showing-in-log-any-api-calls-history-at-may-8-2026-big-bug/1380551#post_2",
  "publishedAt": "2026-05-09T08:48:53.000Z",
  "site": "https://community.openai.com",
  "tags": [
    "https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety",
    "https://help.openai.com/en"
  ],
  "textContent": "Welcome to the forum!\n\nIf you think an API key was stolen, I’d treat this as a **security issue** first, not only a bug.\n\nIn this situation, I’d delete/rotate the affected API key immediately if you haven’t already, then check usage /logs by project/key and make sure spend limits are set.\n\nOpenAI’s API key safety doc also says to rotate a key immediately if you believe it has been leaked:\n\nhttps://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety\n\nIf the usage does not match your logs, I’d contact OpenAI Support through the **Help Center** and include screenshots, timestamps, affected project/org, key name or key ID if available, usage details and what you already rotated/deleted.\n\nhttps://help.openai.com/en",
  "title": "OpenAI API token is stolen last Friday, and not showing in Log any api calls history at May 8 2026. big bug"
}