How To Get An API Key For OpenAI Codex Step By Step
Codex actually has two separate ways to sign in, and only one of them uses an API key. I set up both so you can see exactly which one fits your situation.
Codex Authentication Docs
OpenAI's own reference for every sign in method Codex supports
developers.openai.com
Priya Nair
July 17, 2026
The Thing Most Guides Skip
Codex supports two completely different sign in paths, and only one of them needs an API key at all. Most searches for how to get an API key for OpenAI Codex actually just need to sign in with an existing ChatGPT account, which requires no key whatsoever. I set up both paths so this is clear from the start.
Path One, No API Key Needed
If you already have ChatGPT Plus, Pro, Business, Edu, or Enterprise, Codex usage is included in that plan through a normal browser login, no API key involved, no separate billing. This is the simplest path if Codex is already covered by a plan you pay for.
Path Two, With A Real API Key
Use an API key instead when you want usage billed directly through your OpenAI Platform account at standard API rates, separate from any ChatGPT plan credits. This is the right choice for CI or CD pipelines, scheduled automation, or any workflow that should not depend on a personal browser login.
Billing splits here. Signing in with a ChatGPT account uses your plan's included usage. Signing in with an API key bills separately at standard OpenAI API pricing. Mixing the two up is the most common reason people get confused by an unexpected bill or a plan that seems not to cover Codex.
Getting The Actual Key
- Go to platform.openai.com/api-keys and sign in with your OpenAI account
- Click Create new secret key
- Name it something identifiable, like codex-cli-laptop, so you can find and revoke it later without guessing
- Copy the key immediately, it starts with sk- and is only shown once
- Make sure your OpenAI account has billing set up, API usage will not run without a payment method on file
Installing And Authenticating Codex
# install Codex CLI
npm install -g @openai/codex
# or
brew install codex
# authenticate with your API key
echo "$OPENAI_API_KEY" | codex login --with-api-key
# or authenticate with your ChatGPT account instead, no key needed
codex login --device-authProblems I Ran Into
- If Codex was previously logged in through a browser session, cached auth can conflict with a new API key login, clear it first with codex logout or by deleting ~/.codex/auth.json
- API key billing needs a funded OpenAI Platform account separately from any ChatGPT subscription, they are not automatically linked
- The sandbox blocks network access by default for safety, if a task genuinely needs it, that has to be enabled explicitly per session, not left on by default
- CI environments need the key stored as a proper repository secret, never hardcoded into a workflow file
Do not expose a Codex API key in a public repository workflow file or an untrusted CI environment. Store it as an encrypted secret, and treat it the same way you would treat any production credential, since Codex can read, edit, and run commands against real code once it is authenticated.
How I Actually Use Mine
I use the ChatGPT login for everyday local coding sessions since it is already covered by my plan, and switch to the API key only for a scheduled GitHub Actions job that updates a changelog automatically after each release. Keeping the two separated made billing much easier to track.
# .github/workflows/codex-changelog.yml
- name: Run Codex
run: |
npm i -g @openai/codex
codex exec --full-auto "Update CHANGELOG for the next release"
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}The Result
The API key path took about five minutes including generating the key and running the login command. The automated CI job has been running reliably since, billed cleanly through the API account with zero interaction from my ChatGPT plan.
Verdict. If Codex usage fits inside a ChatGPT plan you already pay for, skip the API key entirely and just log in with that account. Reach for a real API key specifically when you need separate billing, automation, or a login that does not depend on a personal browser session.
Should You Bother
For day to day personal coding, a ChatGPT login is genuinely simpler and often cheaper if Codex is already included in your plan. Set up the API key path only once you have an actual automation, CI job, or team workflow that specifically needs it.