From 60d009f75a3cab23085e53a5413d9125474a840f Mon Sep 17 00:00:00 2001
From: Eugene Yurtsev <eyurtsev@gmail.com>
Date: Fri, 27 Oct 2023 17:09:42 -0400
Subject: [PATCH] Add security note to API chain (#12452)

Add security note
---
 libs/langchain/langchain/chains/api/base.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/libs/langchain/langchain/chains/api/base.py b/libs/langchain/langchain/chains/api/base.py
index 52f4afecfe..01a0e24d6e 100644
--- a/libs/langchain/langchain/chains/api/base.py
+++ b/libs/langchain/langchain/chains/api/base.py
@@ -17,7 +17,22 @@ from langchain.utilities.requests import TextRequestsWrapper
 
 
 class APIChain(Chain):
-    """Chain that makes API calls and summarizes the responses to answer a question."""
+    """Chain that makes API calls and summarizes the responses to answer a question.
+
+    *Security Note*: This API chain uses the requests toolkit
+        to make GET, POST, PATCH, PUT, and DELETE requests to an API.
+
+        Exercise care in who is allowed to use this chain. If exposing
+        to end users, consider that users will be able to make arbitrary
+        requests on behalf of the server hosting the code. For example,
+        users could ask the server to make a request to a private API
+        that is only accessible from the server.
+
+        Control access to who can submit issue requests using this toolkit and
+        what network access it has.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     api_request_chain: LLMChain
     api_answer_chain: LLMChain