ToolAIPilotTAP
Sub

Ad

How To Get An API Key For OpenAI Codex Step By Step
developerGuideยท 4 min readยท 4,294

How To Get An API Key For OpenAI Codex Step By Step

Codex actually has two separate ways to sign in, and only one of them uses an API key. I set up both so you can see exactly which one fits your situation.

๐Ÿ”ง Tools mentioned in this article
OpenAI Platform API Keys

OpenAI Platform API Keys

Where the actual Codex API key gets generated

platform.openai.com

Visit
OpenAI Codex GitHub

OpenAI Codex GitHub

Official install instructions and source for the Codex CLI

github.com

Visit
Codex Authentication Docs

Codex Authentication Docs

OpenAI's own reference for every sign in method Codex supports

developers.openai.com

Visit
PN

Priya Nair

July 17, 2026

#how to get api key for openai codex#openai codex api key setup#codex cli login with api key#openai codex authentication 2026#codex cli install guide

The Thing Most Guides Skip

Codex supports two completely different sign in paths, and only one of them needs an API key at all. Most searches for how to get an API key for OpenAI Codex actually just need to sign in with an existing ChatGPT account, which requires no key whatsoever. I set up both paths so this is clear from the start.

Path One, No API Key Needed

If you already have ChatGPT Plus, Pro, Business, Edu, or Enterprise, Codex usage is included in that plan through a normal browser login, no API key involved, no separate billing. This is the simplest path if Codex is already covered by a plan you pay for.

Path Two, With A Real API Key

Use an API key instead when you want usage billed directly through your OpenAI Platform account at standard API rates, separate from any ChatGPT plan credits. This is the right choice for CI or CD pipelines, scheduled automation, or any workflow that should not depend on a personal browser login.

Billing splits here. Signing in with a ChatGPT account uses your plan's included usage. Signing in with an API key bills separately at standard OpenAI API pricing. Mixing the two up is the most common reason people get confused by an unexpected bill or a plan that seems not to cover Codex.

Getting The Actual Key

  • Go to platform.openai.com/api-keys and sign in with your OpenAI account
  • Click Create new secret key
  • Name it something identifiable, like codex-cli-laptop, so you can find and revoke it later without guessing
  • Copy the key immediately, it starts with sk- and is only shown once
  • Make sure your OpenAI account has billing set up, API usage will not run without a payment method on file

Installing And Authenticating Codex

bash
# install Codex CLI
npm install -g @openai/codex
# or
brew install codex

# authenticate with your API key
echo "$OPENAI_API_KEY" | codex login --with-api-key

# or authenticate with your ChatGPT account instead, no key needed
codex login --device-auth

Problems I Ran Into

  • If Codex was previously logged in through a browser session, cached auth can conflict with a new API key login, clear it first with codex logout or by deleting ~/.codex/auth.json
  • API key billing needs a funded OpenAI Platform account separately from any ChatGPT subscription, they are not automatically linked
  • The sandbox blocks network access by default for safety, if a task genuinely needs it, that has to be enabled explicitly per session, not left on by default
  • CI environments need the key stored as a proper repository secret, never hardcoded into a workflow file

Do not expose a Codex API key in a public repository workflow file or an untrusted CI environment. Store it as an encrypted secret, and treat it the same way you would treat any production credential, since Codex can read, edit, and run commands against real code once it is authenticated.

How I Actually Use Mine

I use the ChatGPT login for everyday local coding sessions since it is already covered by my plan, and switch to the API key only for a scheduled GitHub Actions job that updates a changelog automatically after each release. Keeping the two separated made billing much easier to track.

yaml
# .github/workflows/codex-changelog.yml
- name: Run Codex
  run: |
    npm i -g @openai/codex
    codex exec --full-auto "Update CHANGELOG for the next release"
  env:
    OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

The Result

The API key path took about five minutes including generating the key and running the login command. The automated CI job has been running reliably since, billed cleanly through the API account with zero interaction from my ChatGPT plan.

Verdict. If Codex usage fits inside a ChatGPT plan you already pay for, skip the API key entirely and just log in with that account. Reach for a real API key specifically when you need separate billing, automation, or a login that does not depend on a personal browser session.

Should You Bother

For day to day personal coding, a ChatGPT login is genuinely simpler and often cheaper if Codex is already included in your plan. Set up the API key path only once you have an actual automation, CI job, or team workflow that specifically needs it.

Ad