From the course: OpenAI API: Building Front-End Voice Apps with the Realtime API and WebRTC

Unlock this course with a free trial

Join today to access over 24,800 courses taught by industry experts.

OpenAI authentication with ephemeral tokens

OpenAI authentication with ephemeral tokens - OpenAI API Tutorial

From the course: OpenAI API: Building Front-End Voice Apps with the Realtime API and WebRTC

Start my 1-month free trial Buy for my team

OpenAI authentication with ephemeral tokens

- [Instructor] The very first step of using the Realtime API through WebRTC isn't even using the Realtime API at all. It is to authenticate any call you make to the Realtime API because when you're working with WebRTC, you are working on the front end in your browser. But OpenAI's API keys are not secure. So if you are sending your API keys over the front end, anyone watching your connection can see those API keys, which would make your application extremely insecure. To solve this OpenAI now offers ephemeral API keys and you can request these ephemeral API keys by taking your private key and then using a server to send a request to the REST API and then get a response back and then use that in your actual calls. It's described here in the documentation page. You have your WebRTC application. It sends a request for an ephemeral token to a server you build for this purpose. That server sends your real token to OpenAI. OpenAI sends back an ephemeral token that gets sent back to your…

Contents