Can I share my API key?
We do not recommend sharing your personal API key — even with trusted coworkers or teammates. API keys grant access to your organization's usage and billing, and sharing them can:
Compromise account security
Obscure usage tracking
Violate best practices for safe key management
What's the recommended way to collaborate?
You should not use user-based keys for team collaboration. Instead, we recommend using Project-based API keys, which are designed for safe, auditable, and scalable collaboration:
Create Projects in your OpenAI dashboard.
Assign members to Projects based on team, product, or environment (e.g., staging vs. production).
Generate distinct API keys per Project, with isolated rate limits and spend controls.
Monitor usage per Project in your usage dashboard.
This approach gives you:
Stronger access control
Better separation of environments
Clear, per-project usage visibility
Safer operational boundaries for production systems
Can I still invite users to the organization?
Yes. From the Team page, you can:
Invite teammates to your organization
Assign them as readers or owners
Let them use Projects securely without sharing personal keys
Each user can authenticate using keys tied to the Projects they’re authorized to access.
Where should I store API keys?
All API keys should be:
Stored securely using environment variables or secret management tools
Never committed to code or shared in plaintext
Rotated if you suspect they've been exposed
What if I want to separate environments?
You can:
Create separate Projects for staging, production, and development
Assign distinct API keys and users to each environment
Apply separate rate and spend limits per Project
This gives you tighter operational control and reduces the risk of accidentally affecting live systems.