The OpenAI Safety Best Practices are intended to limit the possibility of misuse. One Best Practice is to know your customers. To that end, we’ve made it possible to log which user makes an API request when API calls are made using your application. The API is able to receive a “user” ID with each API request.
This is done by creating a uniqueID string for each user of your product, then passing that string in the format of user = ‘$userIDString’ in your API calls.
For example, the below Python script calls the Responses endpoint with a userID of ‘1’.
response = client.responses.create(model="gpt-4.1", prompt = "This is a test", max_tokens = 5, user = "1")The same API call as a cURL POST body would look like the following:
{
"prompt": "This is a test",
"max_tokens": 5,
"user": "1"
}