Check api key doesn't do anything

[seabo]

It seems is_api_key_valid returns True whenever anything (truthy) is passed in. Is this the intended behaviour? I would have guessed this function queries the server to check that the key is valid.

cohere-python/cohere/utils.py

Lines 44 to 51 in 29e118e

	def is_api_key_valid(key: Optional[str]) -> bool:
	"""is_api_key_valid returns True when the key is valid and raises a CohereError when it is invalid."""
	if not key:
	raise CohereError(
	"No API key provided. Provide the API key in the client initialization or the CO_API_KEY environment variable." # noqa: E501
	)
	return True

[jairojair]

Hi @seabo, this function checks the API key:

cohere-python/cohere/client.py

Line 640 in 16454c5

raise CohereAPIError(

Ps: I agree the name is_api_key_valid could be better.

[seabo]

Hi @jairojair - thanks. So are you saying that the purpose of Client.check_api_key is simply to locally test for the presence of any string? Because this function returns True for any arbitrary string you pass as the API key.

Is there a way to test that the key being used is actually valid (i.e. authorised) on the server?

[jairojair]

If you run:

import cohere

co = cohere.Client()
prediction = co.generate(prompt='co:here')

You will be receiving this exception:

line 47, in is_api_key_valid
    raise CohereError(
cohere.error.CohereError: No API key provided. Provide the API key in the client initialization or the CO_API_KEY environment variable.

if you run:

import cohere

co = cohere.Client('YOUR_API_KEY')
prediction = co.generate(prompt='co:here')

You will be receive this exception:

line 640, in _check_response
    raise CohereAPIError(
cohere.error.CohereAPIError: invalid api token

Indeed, you are correct. Validate keys exclusively on the server side are crucial for enhanced security and data integrity. Maybe in the future, we could use the is_api_key_valid function to validate the format and key size, which is a good approach.