Right, let’s talk about the part of the API that feels the least like magic and the most like a credit card transaction: getting in, not getting kicked out, and not accidentally funding a new data center for OpenAI with your grocery money. This isn’t the flashy part, but mastering it is what separates the pros from the amateurs who get a nasty surprise on their monthly bill.

First things first: they need to know who you are. Every single request you make to the API is authenticated using a secret API key. Think of this not as a username and password, but as a literal bearer token—as in, whoever bears this key gets access to your account and its associated billing. Guard this thing like it’s the actual password to your bank account, because functionally, it is.

You’ll get this key from your OpenAI dashboard. Once you have it, the standard way to use it is in the Authorization HTTP header. The most common rookie mistake is hardcoding this key directly into your application code and then, say, committing it to a public GitHub repository. Bots actively scrape for these, and they will find it, and they will use it to mine cryptocurrency or generate an entire library of terrible fanfiction on your dime. Don’t be that person. Use environment variables. Always.

# This is the way. Please do this.
import os
from openai import OpenAI

# Set your API key as an environment variable first!
# In your terminal: export OPENAI_API_KEY='your-secret-key'
client = OpenAI(api_key=os.environ.get("OPENAI_API_KEY"))

completion = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Explain authentication like I'm five."}]
)

# This is the way to bankruptcy and shame. NEVER do this.
from openai import OpenAI

# Your key is now in your source code. You've doomed us all.
client = OpenAI(api_key="sk-your-secret-key-here")

# ... and you're about to commit this to git, aren't you?

Rate Limits: The “Please Do Not Hammer Our Servers” Policy

You can’t just fire off a million requests a second. OpenAI imposes rate limits to keep their systems stable and, frankly, to be fair to other users. These limits are measured in requests per minute (RPM) and tokens per minute (TPM), and they vary by model and tier.

If you hit a rate limit, the API will return a 429 HTTP status code. The correct response isn’t to panic or immediately retry. That’s a great way to get stuck in a retry loop that never works. You need to implement a proper retry strategy with exponential backoff. This means waiting a short time, retrying, and if it fails again, waiting a progressively longer time before the next attempt. This politely gives the system time to recover. The openai Python library actually has this built-in for certain error types, but it’s crucial to understand what’s happening under the hood.

import time
from openai import OpenAI, RateLimitError

client = OpenAI()

def make_request_with_backoff():
    retries = 5
    base_delay = 1  # seconds
    for i in range(retries):
        try:
            return client.chat.completions.create(
                model="gpt-4",
                messages=[{"role": "user", "content": "Hello"}]
            )
        except RateLimitError:
            delay = base_delay * (2 ** i)  # Exponential backoff: 1, 2, 4, 8, 16s
            print(f"Rate limited. Waiting for {delay}s before retry...")
            time.sleep(delay)
    raise Exception("Rate limit retries exhausted.")

response = make_request_with_backoff()

Cost Management: Your Wallet’s Last Line of Defense

This is the big one. The API doesn’t have a monthly subscription; it’s pure pay-as-you-go. It feels cheap until it very, very doesn’t. A single, complex request to GPT-4 can cost a few cents. That seems negligible until you put a bug in a loop and accidentally make 80,000 of them.

Always, always estimate your costs before running a large batch job. For completions, cost is a direct function of the number of tokens you use (both input and output). You can use OpenAI’s tokenizer tool or the tiktoken library to count tokens in your prompts yourself. The pricing page tells you the cost per 1K tokens for each model. Do the math. It’s not hard, and it’s cheaper than an unexpected $400 charge.

import tiktoken

# Count tokens in a string for a specific model
def num_tokens_from_string(string: str, model_name: str) -> int:
    """Returns the number of tokens in a text string."""
    encoding = tiktoken.encoding_for_model(model_name)
    num_tokens = len(encoding.encode(string))
    return num_tokens

prompt = "Your entire prompt goes here."
token_count = num_tokens_from_string(prompt, "gpt-4")
cost_per_1k_tokens = 0.03  # Check latest price for gpt-4 input tokens
estimated_cost = (token_count / 1000) * cost_per_1k_tokens

print(f"Prompt will use ~{token_count} tokens and cost ~${estimated_cost:.4f}")

The most important best practice is to set hard spending limits. Go to your dashboard in the OpenAI platform and set a hard monthly limit. It’s the simplest and most effective way to prevent a catastrophe. It won’t stop you from spending money, but it will stop you from spending all of your money. It’s the single best piece of advice I can give you. Now go build something cool, but build it responsibly.