Will the Azure OpenAI api key be expired and is there any way to regenerate the Azure OpenAI api key by SDK?

Dat Hoang 20 Reputation points
2024-03-25T04:05:08.3866667+00:00

I am using the Azure SDK to interact with the Azure OpenAI Service with the api keys (there are 2 generated keys from the portal)

One day, I cannot call the service anymore and received the expiration message

{  "error": {    "code": "ExpiredAuthenticationToken",    "message": "The access token expiry UTC time '6/17/2023 1:57:11 AM' is earlier than current UTC time '3/13/2024 3:35:34 AM'."  }}

My though when we work with the api key is that it will never be expired unless updated/deleted by the admin or there is should be the mechanism which we can fetch/refresh the api key.

I search in the Azure document and saw that there is only way to regenerate the api key that we have to access the portal and do it manually. But I do not want our client to update the key manually when they use our application.

Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
2,101 questions
0 comments No comments
{count} votes

Accepted answer
  1. dupammi 5,585 Reputation points Microsoft Vendor
    2024-03-25T07:08:19.6766667+00:00

    Hi @Dat Hoang

    Thank you for using the Microsoft Q&A forum.

    While there is no direct way to rotate Azure OpenAI API keys programmatically, you can use the OpenAI Python SDK to regenerate the keys in the case of compromise or to comply with the organization's key rotation process.

    Here's a simple code using the OpenAI Python SDK. In the code provide a prompt to the model and ask it to complete it for me and use one of the API keys to authenticate to it.

    Here's another link to a blog post that provides a code snippet using the OpenAI Python SDK to authenticate to the service using one of the API keys and regenerate the other key: https://journeyofthegeek.com/2023/04/02/authentication-in-azure-openai-service/

    Alternatively, you can utilize AAD-based tokens as well, as Azure OpenAI is based on the Azure Cognitive-aligned platform. If you generate a Bearer token in Azure AD and pass it over to the same Azure OpenAI endpoint, but using a slightly different header's key "Authorization," you would be able to retrieve the same data.

    Hope this helps.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Sedat SALMAN 13,070 Reputation points
    2024-03-25T07:07:46.09+00:00

    To handle API key rotation seamlessly without direct client intervention, consider using Azure API Management. This setup automates key rotation by having clients use an APIM subscription key instead of directly using the Azure OpenAI API keys. You can further secure your API keys by storing them in Azure Key Vault and referencing them in APIM. For monitoring, configure Azure Monitor to keep track of your OpenAI Service's performance and detect issues like expired tokens

    https://learn.microsoft.com/en-us/azure/ai-services/openai/quickstart

    https://learn.microsoft.com/en-us/semantic-kernel/deploy/use-ai-apis-with-api-management

    https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/monitoring