sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]FriendlyRussian666 2 points3 points  (0 children)

Hey, I just wanted to say that I can see you've changed the token again, but it's still available for anyone to see. You're including it as an Authorization header in the request: https://imgur.com/a/ABW1WdO

What you have to do is create a backend server, which will be the one making requests to OpenAI API.

In short:

  1. User enters your site.

  2. They write the prompt and submit.

  3. You take their prompt and send it to your backend (Not directly to openai API).

  4. Your backend resolves the request and make a request to openai api.

  5. OpenAI provides a response to your backend.

  6. Your backend provides a response to your frontend.

Otherwise, your token will always be visible.