Enhance your ChatGPT Plugin with Authentication

ChatGPT offers a wide range of plugin authentication options to cater to various use cases. By specifying the authentication schema in the manifest file, you can control access and security according to your requirements.

This article will provide an in-depth look at the available authentication options and how to implement them.

Authentication Schemas:

1. No Authentication:

For applications that do not require any authentication, ChatGPT supports the no-auth flow. This is useful for open APIs accessible to everyone, allowing traffic from various sources.

To specify no authentication, include the following in your ai-plugin.json file:

"auth": {

"type": "none"

2. Service Level Authentication:

To enable OpenAI plugins to work specifically with your API, provide a client secret during the plugin installation flow. This authenticates traffic from OpenAI plugins without user-level authentication.

To implement Service Level Authentication, follow these steps:

1. Select "Develop your own plugin" in the ChatGPT plugin store.

2. Set auth.type to "service_http" in the ai-plugin.json file.

3. Provide your service access token.

4. Add the verification token to your ai-plugin.json file.

Here's an example of how to set up service level authentication:

"auth": {

"type": "service_http",

"authorization_type": "bearer",

"verification_tokens": {



3. User Level Authentication:

Allow user-level authentication by enabling end users to paste their secret API key into the ChatGPT UI during plugin installation. Although this method is encrypted, it's not recommended due to the poor user experience.

To set up user-level authentication, use the following code:

"auth": {

"type": "user_http",

"authorization_type": "bearer",


4. OAuth:

The plugin protocol is compatible with OAuth.

Follow these steps to set up OAuth authentication:

1. Paste in your OAuth client id and client secret.

2. Add the verification token to your manifest file.

3. Store an encrypted version of the client secret.

4. Users log in through the plugin’s website during installation.

5. Store the OAuth access token (and optionally, refresh token) for the user, encrypted.

Here's an example of the OAuth flow in the manifest:

"auth": {

"type": "oauth",

"client_url": "https://my_server.com/authorize",

"scope": "",

"authorization_url": "https://my_server.com/token",

"authorization_content_type": "application/json",

"verification_tokens": {





Considerations for Plugins in Production:

1. Rate limits:

Implement rate limiting on your API endpoints to handle high volumes of requests.

2. Timeouts:

ChatGPT has specific thresholds for timeouts during API calls, such as 15 seconds for fetching ai-plugin.json/openapi.yaml and 45 seconds for API calls.

3. Updating your plugin:

When making changes to your ai-plugin.json manifest file, update it manually by going through the "Develop your own plugin" flow in the plugin store.


By using the appropriate authentication schema, you can optimize the security and accessibility of your ChatGPT plugin. These options provide flexibility in controlling access and delivering a seamless user experience.

About Writer

Swapnil Chouhan is Founder of Optimum Technical Labs LLP

Swapnil Chouhan is Founder of Optimum Technical Labs LLP, Worked on Several mobile app development projects, He writes about it.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Technology Insights

Subscribe to our blog and stay updated.

About Us

This is what we are.

We are team of professionals dedicated in highly optimized Mobile Apps, Alexa Skill, ChatGPT API Integration and ChatGPT Plugin Development. The only objective is to provide Great quality service because we deeply understand and respect expectations of client

Our Work Process. [We use Agile methodology]


We start with a direct discussion, communicate, talk about each and every detail. We required app code for push notification. Accounts for Firebase and Onesignal are also required. At the same time, we provide suggestions if required for a better product.


After getting clear about requirements, we start designing mockups and again, we discuss with you to make sure we are on the same page and ready to do updates and changes in it.


After designing and exploring each feature, we move towards development. While development also, we provide daily updates and give you a chance to be involved.


We provide you apk and video to check and test push notifications in a timely manner. We also provide code for the app. Before delivery, we try to fix bugs if any.


What our clients are saying.

  • MinguelArgentina

    Swapnil and team are excellent professional. 100% willing and qualified. They helped us with our project in a friendly way and with a smooth communication. 100% recommendable.


    I had a great time working with Optimum Team, They provides update on weekly basis ans communicates very well with clients.I will definitely hire them again .


    Amazing experience! Great seller - delivered everything on budget, exactly as I wanted, great communication! Will work again and highly recommend


    Amazing work quality, quick fast and responsive. UX and UI are so optimal!!! Would definitely suggest to hire them!

  • I first worked with Snehil and his talented team, in January this year, on an autocompletion issue and some database works related to the search engine of a directory wordpress website. During this very first project I was amazed by Snehil and his team availability, reactivity and a strong ability to go through my needs with great skills. Those guys are sharp, they deeply understand your problem and solve it with a high sense of duty. This first experience with Optimum Technical Labs LLP was really a good one so I've decided to keep working with them. Last couple of weeks they built a website in a blink of an eye with with a high expectation degree on time delivery and work quality. Result is far more than expected as the team have been able to bring corrections and last minute requests. Always with a great reactivity , despite time difference between our two countries. Outstanding job! On the other hand, Snehil is not only a skillful professional as he also appears to me as a great human being, able to build a true relationship. Great man, Great Team, Great Job! What can I say more? I highly recommend Snehil's Optimum Technical Labs LLP! It's still a pleasure to work with you guys, I'm up for an other round!

    Smiley face
  • ZachUSA

    "Swapnil is a greater worker. He put extra time to problem solve and learn new skill to complete task as needed. I will hire again."


    ?Perfect work.. He understands clearly what I need. My favorite developer on Freelancer. Thank you again bro. Excellent?


    "He is a kind guy, and he is very professional. I can only recommend him."


    "Excellent programmer,he replied to all my questions,very helpful,thanks."

  • Optimum Technical Labs team is amazing, my app was very complex and with new technology, they developed it with ease, were available each and every time I needed any help, we are working together on my project from 1 year. Snehil and whole Optimum Technical Labs team work very hard and always ready to make any changes I ask. They are expert in various technologies, which is great. We are like one team now. Looking forward to keep working with them continuously.

    Smiley face

Contact Us

Get in touch with us.

Your message was sent, thank you!