Inform end users about the costs of using AI API connectors

[amykamala]

As of 7.0 users can connect to their generative AI provider API to enable AI features within plugins. The user, however, does not have any command over what requests are made and executed by plugins, neither quantity nor type, which creates a potential for excessive runaway AI bills and costs afflicted upon WordPress users.

To address this, the Connectors screen could include an option to approve or deny what requests are sent, rate limit or control request frequency, and/or an option to cap usage once it reaches a certain amount.

[GeekStreetWP]

Thanks for opening this, Amy and for reaching out directly.

This ticket addresses the rate limiting and control side of the problem, which is important. I want to add a layer that I think is equally urgent. The informed consent gap that exists before any of those controls come into play.

The documentation you linked, the 7.0 field guide and the dev note, does a solid job explaining the technical API surface to developers. But there is currently nothing in the WordPress admin UI, on the Connectors screen itself, or in any end-user-facing documentation that explains to a non-technical site owner what they are actually doing when they enter an API key. And this is what I'm advocating for. Clean, human readable text that says "KNOW THIS FIRST" or something. Of course, users can skip that link as well and we still end up in the same place where a user was charged separately from their Claude PRO/MAX plan. However, something clearly defining the connection process and explaining that there WILL BE COSTS for using the API is the over all goal.

Specifically, most users do not know

1. That an API key is a separate billing relationship from any AI subscription they already pay for. Claude Pro, ChatGPT Plus, none of those subscriptions cover API usage. A user who connects their Anthropic key thinking it extends their existing account is about to be billed in a way they did not anticipate.

2. That every plugin which hooks into the Connectors screen shares that same API budget, with no visibility into which plugin is consuming what. (This is explained somewhat in the links you sent over - but this needs to be clear as day and human readable.

3. That certain AI-assisted features like title suggestions, content rewrites and excerpt generation can fire multiple API calls in a single session without any indication that each interaction has a cost. A user who clicks "suggest a title" ten times has made ten round trips to the API. They have no way to know that. and they have no idea how many tokens were used per each. In my experience "suggest a title" features would need to read the content on each click of a button. That might require the AI model to read the content of the page/post on each click of a button to suggest a title. Hopefully, a plugin would come up with a way to suggest more than 1 title and offset the cost. However, in the examples I've seen online, these suggest 1 title. That's a lot of token burning and the end user may not know that.

4. Information knowing that a user can connect to MCP and use the WordPress Abilities API to do the same tasks (and this method does use their current AI Claude Pro/MAX budget would be a nice touch. That does require some technical setup and making sure that is clear is important. But the overall message here is that there are more ways to use AI in and with WordPress other then just the connectors screen and inside the dashboard.

The rate limiting and process control this ticket proposes would help manage costs once a user is already connected and I am all for that. However, the more immediate problem is that users are connecting without understanding what they're agreeing to or knowing that the end user is responsible for setting a spending cap on the AI API site to ensure that the user is never charged more than what is approved.

The practical fix is straightforward: the Connectors screen should include a prominent, plain-language notice & linked directly to documentation above where the inputs are for a user to enter an API key. Not buried in a help tooltip. Not in a field guide written for developers. Something visible, in plain English, that says: this connects to an external paid service, billed separately from any AI subscription you have, and usage costs real money/monies.

The dev notes and field guide you linked are good resources. But they should be one of the first things a user sees on that screen. A "read this before you connect" link that sets honest expectations before the key goes in.

I'm SUPER supportive of AI features in WordPress. A well-implemented Connectors screen could genuinely open the platform to a new generation of users. But that opportunity depends on those users being informed before they're committed, not after the bill arrives.

My goal here is to look out for the end users who are brand new to WP or maybe more of a site owner and not the technical developer side of things. It's one thing to have a plugin help you. But it's another thing with a poorly written prompt that can cost the end user some real money if not used carefully.

Happy to contribute further thinking on what that user-facing documentation should say.