Admin API capabilities
The Admin API enables Organization Owners and Security Teams to programmatically manage their OpenAI Organizations to enforce existing identity and access management policies to improve security and meet compliance requirements.
With the Admin API, they can:
List, create, retrieve, delete Invites in an Organization.
List, create, update, retrieve, and delete Users in an Organization.
Update the roles of existing Users in an Organization.
List, add, update, retrieve, and archive Projects in an Organization.
List, add, retrieve, and remove Users in a Project.
List, create, retrieve, and delete Service Accounts from a Project.
List, retrieve, and delete API Keys in a Project.
How do I create an Admin API key for my organization?
Organization Owners can create Admin API Keys in their API Platform dashboard by selecting Admin keys on the left-hand panel, and selecting Create new admin key on the top-left of the page.
Who can use Admin API keys?
Only Organization Owners can create and use Admin API keys.
Can I recover data I deleted with the Admin API?
Deleted data is not recoverable. This API does not provide the capability for deleting any data logged for audit or security within OpenAI. All authenticated requests to this API are logged for security and compliance purposes. When an item is deleted using this API, it is also removed from all internal search and retrieval indexes.
How long does OpenAI retain my data for once I delete it with the Admin API?
Data is retained internally for no greater than 30 days following a deletion request.
I lost my Admin API key - how do I recover it?
If an API key is lost, it cannot be recovered. We suggest deleting the previous key from your Admin Keys and creating a new one.
Audit logging capabilities
The Audit Log API provides Security Teams with complete visibility into the state of their OpenAI Organizations by providing an immutable, auditable log of events that can help identify security issues, compliance risks, and gaps in operational procedures. With the Audit Logs API, they can track:
The lifecycle of API Keys — creation, updates, and deletion.
Account invitations — when the invitation was sent, accepted or deleted.
The lifecycle of Users and Service Accounts — creation, updates, deletions, role assignment and changes.
Login and logout failures.
Updates to the Organization configuration.
The lifecycle of Projects — creation, updates, and archival.
How do I enable Audit logging for my organization?
Please note: Once audit logging is enabled for your API Platform organization, it cannot be disabled. Only Organization owners can contact support to disable audit logging. |
Organization Owners can enable audit logging by going to their Organization General settings and turning on the Enable under Audit logging at the bottom. Once you save your selection, Audit logging will be enabled for your API Platform organization
Who can use Audit log API keys?
Only Organization Owners can create and use Admin API keys for the purposes of accessing Audit Logs. Please note that Audit logging will need to be enabled to receive Audit log data.