Tutorial · 8 min read
Build a Chrome Extension That Calls the OpenAI API
Use AI inside your extension safely: where to store the API key, how to call OpenAI from a service worker, and how to handle rate limits.
One of the most popular Chrome extension categories in 2026 is 'AI-powered' — summarizers, rewriters, translators, code explainers. Almost all of them call an LLM API from inside the extension.
Where to store the API key
- Never hardcode it in the manifest or source files — anyone can unzip your extension.
- Use `chrome.storage.local` for user-supplied keys (each user pastes their own).
- Use a backend proxy for keys you own — your extension calls your server, your server calls OpenAI.
- ManifestGo's secrets vault handles the proxy automatically.
Calling OpenAI from a service worker
Service workers can use `fetch` directly — no need for content scripts or message passing for the network call itself. The pattern is: content script captures user selection → posts to service worker → service worker calls OpenAI → returns the response.
Handling rate limits and errors
- Wrap every fetch in try/catch — network errors are the most common failure mode.
- Respect 429 responses with exponential backoff.
- Show a clear error in the popup, not a silent failure.