Quote:
Originally Posted by Bradles
[*]Would people be comfortable knowing that my backend infrastructure could log their API key, as well as the content of the prompt and response. I wouldn't of course, but there's no way to prove this.[/LIST]
|
I am assuming that if you can log the API key then you get access to the person's account. Why not make the login info required each time and it is not saved so that way you do not have access? Or force the user to use an authenticator like duo mobile. If my assumption is incorrect, then sorry, and please disregard this post.