Skip to main content

OpenAI Admin API Key

Description

General

  • Documentation: https://platform.openai.com/docs/introduction
  • Summary: OpenAI is an AI-based service that can be used to perform any task that involves understanding or generating natural language, code, or images. It provides an API to interact with a wide variety of models. This detector aims at catching Admin API keys for this service which are used to programmatic administration of an account. Admin keys grant access to endpoints detailed in the [API Reference for Organizations](https://platform.openai.com/docs/api-reference/administration.
  • IPs allowlist: The number of IP addresses that can be used by a single user account can be reduced. Please refer to this documentation for more details.
  • Scopes: Admin API key grants admin access to the organization.

Revoke the secret

Secrets can be revoked from the platform in the dedicated section.

Check for suspicious activity

The last usage date is provided on the platform. This can help to detect suspicious activities.

Details for OpenAI Admin API Key

  • Family: token

  • Category: ai

  • Company: OpenAI

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.07

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - sk-admin-
- type: ContentWhitelistPreValidator
  patterns:
    - t3blbkfj

Examples

- text: |
    TOKEN=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
  apikey: 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

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /v1/me

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status