Skip to main content

User-Level Authentication

While service-level authentication gives a universal access pass to all users of your ChatGPT plugin, user-level authentication takes a more personalized approach. Instead of a universal pass, each user is issued an individual ticket in the form of an API key. This ticket then grants them access to your service.


Currently, due to UI limitations, plugins with user authentication are not permitted in the plugin store. This policy is expected to change in the near future.

Think of user-level authentication as a library where each patron needs their own library card to check out books. Similarly, with this kind of authentication, each user needs their own secret API key to access the features of your plugin. While this approach provides increased control and can be more secure, it does present a less smooth user experience as each user needs to manually enter their API key.

Implementing User-Level Authentication

Here's a simple guide on how you can implement user-level authentication for your ChatGPT plugin:

  1. User Inputs Token: When a user installs your plugin, they'll need to enter their access token.

  2. Storing the Token: OpenAI will store an encrypted version of the user's token.

  3. Using the Token: Whenever OpenAI makes a request to your plugin, it includes the user's token in the Authorization header in the format Authorization: [Bearer/Basic] [user’s token].

Here's what the auth field in your ai-plugin.json would look like for user-level authentication:

"auth": {
"type": "user_http",
"authorization_type": "bearer"