To authenticate API requests with OpenAI, you use an API key provided in the request headers. OpenAI requires this key to verify your identity and track usage for billing and access control. When making a request, include the key in the Authorization header using the Bearer scheme. For example, in a curl command, you’d write -H "Authorization: Bearer YOUR_API_KEY". The API key is a unique string generated in your OpenAI account dashboard, and you must keep it secure to prevent unauthorized use.
Security is critical when handling API keys. Avoid embedding keys directly in code or version control systems like GitHub. Instead, store the key in environment variables or a secure configuration file. For instance, in Python, you might use os.environ.get("OPENAI_API_KEY") to retrieve the key from your system’s environment. Tools like AWS Secrets Manager or .env files (with proper access controls) can also help manage keys securely. If a key is exposed, revoke it immediately via OpenAI’s dashboard and generate a replacement. Additionally, ensure all API requests are sent over HTTPS to prevent interception.
Common authentication issues include receiving a 401 Unauthorized error, which typically means the API key is missing, invalid, or expired. Double-check the key’s spelling and ensure it’s correctly formatted in the header. If you’re part of multiple OpenAI organizations, specify the organization ID in the OpenAI-Organization header to avoid conflicts. For example, -H "OpenAI-Organization: org-yourorgid" in curl. If requests fail despite a valid key, verify your account’s billing status or usage limits in the OpenAI dashboard. Testing with a simple curl command or a tool like Postman can help isolate the problem. Always refer to OpenAI’s API documentation for updates, as requirements may change over time.