Skip to main content

Service-Level Authentication

✅ You want this if you want make sure the user is using ChatGPT to access your service.

Think of it like this: If user-level authentication is like checking individual tickets at a concert, service-level authentication is like renting out the entire venue for a private event. Everyone who's part of your event (in this case, users of your plugin) gets to enjoy the concert (your service), without needing their own ticket.

Implementing Service-Level Authentication

Here's a step-by-step guide on how to implement service-level authentication for your ChatGPT plugin:

  1. Develop Your Plugin: Begin by selecting "Develop your own plugin" in the ChatGPT plugin store and enter the domain where your plugin is hosted.

  2. Set Auth Type: In the ai-plugin.json file, set auth.type to "service_http".

  3. Service Access Token: You'll be prompted for your service access token - a special secret that's like the master key to your service.

"auth": {
  "type": "service_http",
  "authorization_type": "bearer"
}

  1. Store Token Securely: OpenAI will securely store an encrypted copy of your service access token to enable plugin installation without additional authentication.

  2. Sending the Token: The service access token is sent in the Authorization header for plugin requests.

  3. Verification Token: Once you add your service access token into the ChatGPT UI, you'll be presented with a verification token.

"auth": {
  "type": "service_http",
  "authorization_type": "bearer",
  "verification_tokens": {
    "openai": "Replace_this_string_with_the_verification_token_generated_in_the_ChatGPT_UI"
  }
}
  1. Multiple Applications: The verification tokens are designed to support multiple applications. If you want your plugin to support additional applications, you can simply add them:
"verification_tokens": {
  "openai": "Replace_this_string_with_the_verification_token_generated_in_the_ChatGPT_UI",
  "other_service": "abc123"
}

With service-level authentication, your plugin users enjoy a streamlined experience, free of the usual authentication steps. However, it's worth noting that while this method offers simplicity, it also requires you to manage and secure the service access token appropriately.