Codex has two different sign-in contracts: ChatGPT sign-in gives you subscription access, Codex cloud, included limits, and eligible credits; API key sign-in moves local or automated work onto usage-based OpenAI Platform billing. If you are choosing between a Codex API key and a subscription, choose the route and meter first, not the key first.
| Your Codex job | Use this route | What bills it | First check |
|---|---|---|---|
| Interactive Codex work under a ChatGPT plan | ChatGPT sign-in | Your ChatGPT plan limits and eligible Codex credits | Codex Settings -> Usage |
| Codex cloud tasks, browser review, or hosted integrations | ChatGPT sign-in | ChatGPT plan or workspace policy | Confirm the session is signed in with ChatGPT |
| Local CLI, IDE, SDK, CI, or headless automation that should be usage-based | API key sign-in | OpenAI Platform usage at standard API rates | OpenAI Platform Usage and project key scope |
| You hit included limits and want to continue eligible Codex use | Credits, after checking usage | Credits extend included Codex usage; they are not the same as manual API-key billing | Codex Settings -> Usage before buying credits |
Official OpenAI authentication, pricing, and credit facts were checked on April 21, 2026. Treat plan windows, promo multipliers, workspace credits, and rate-card migration details as dated facts, not permanent rules.
Codex API Key vs Subscription in One Table
The route choice is simpler than the pricing page makes it look. ChatGPT sign-in is the subscription route. API key sign-in is the OpenAI Platform route. Credits sit next to subscription usage as an extension path after included limits, not as a promise that ordinary API calls are paid by your ChatGPT plan.
| Route | Best for | What you get | What you do not get |
|---|---|---|---|
| ChatGPT sign-in | Personal Codex use, cloud tasks, browser review, hosted integrations, and included plan usage | Subscription access, Codex cloud, included plan windows, eligible credits, and ChatGPT-controlled feature availability | It does not make arbitrary OpenAI API calls free |
| API key sign-in | Local CLI work that should be usage-based, SDKs, CI, headless automation, and service-account style workflows | OpenAI Platform billing, project-scoped control, usage reporting, and API-rate economics | No Codex cloud-only features, and new Codex models or fast-mode features may not arrive on this route first |
| Credits | Continuing eligible Codex work after included usage is exhausted | Additional Codex usage for the eligible plan or workspace route | Credits are not the same as creating a manual API key and sending platform-billed calls |
The safest default is ChatGPT sign-in when the job is interactive Codex work and you bought a ChatGPT plan for that experience. Use an API key only when you intentionally want a platform-billed workflow: automation, CI, SDK integration, or predictable token-based accounting.
For the broader limits picture, use the OpenAI Codex usage limits guide. The route decision stays narrower: which path should run your next Codex job, and which account pays for it?
Check Your Current Codex Route Before Spending
Do the route check before you upgrade, buy credits, or create another key. Most surprise billing comes from assuming every Codex surface shares one meter.
Start with three surfaces:
- Codex Settings -> Usage: use this for subscription-route usage, plan windows, included usage, and eligible credits.
- Codex CLI or IDE sign-in state: confirm whether the current session is using ChatGPT sign-in or an API key. OpenAI's Codex authentication docs describe both routes for CLI and IDE use.
- OpenAI Platform Usage: use this when an API key is involved. Platform usage is the ledger for API-key billing, project budgets, service accounts, and rate-limit pressure.
If you cannot tell which route is active, stop the long run. A five-minute route check is cheaper than discovering that a local automation was running under a platform key when you expected subscription usage.
The practical rule is:
“If the work needs Codex cloud or ChatGPT plan features, sign in with ChatGPT. If the work needs CI, SDK, headless automation, or explicit token billing, use an API key and budget it as API usage.
What API Key Sign-In Changes
API key sign-in is not merely a different password. It changes the owner of the session.
With API key sign-in, the work belongs to an OpenAI Platform account and project. That is useful when you need service accounts, project-level keys, spend controls, and automation that should not depend on a personal ChatGPT session. It is the right fit for CI jobs, SDK-driven workflows, app backends, and scripts that should be metered like other API workloads.
The tradeoff is feature availability. OpenAI's Codex authentication and pricing pages separate ChatGPT sign-in from API key sign-in. The API-key route is for local and programmatic usage, while Codex cloud requires ChatGPT sign-in. API key usage also does not include cloud-based features such as hosted code review or Slack-style integrations, and some ChatGPT credit features require ChatGPT sign-in.
That makes API key sign-in a good answer to a narrow job:
- You want local Codex use billed by API rates.
- You want CI or automation that does not rely on a user's ChatGPT plan.
- You need project-level platform governance, budgets, and service-account control.
- You are willing to give up Codex cloud-only features for that route.
It is a poor answer when the real problem is "I paid for ChatGPT Plus or Pro and want Codex cloud or included usage." In that case, creating an API key can move you away from the subscription contract you wanted.
If you need setup detail for platform scoping, use the OpenAI API key, organization ID, and project ID guide. Keep that setup step separate from the route decision.
What Subscription and Credits Cover
ChatGPT sign-in is the route for subscription access. It is the route to use when you want Codex to draw from included plan limits, eligible credits, and cloud features controlled by ChatGPT access.
Credits need careful wording. OpenAI describes credits as a way to continue eligible Codex usage after included limits are exhausted. That does not mean every OpenAI API call is now covered by a ChatGPT subscription. It means credits can extend the Codex route that is eligible for those credits.
As of April 21, 2026, this is the useful boundary:
| Question | Short answer |
|---|---|
| Does ChatGPT Plus or Pro cover normal API-key calls? | No. API-key usage is billed through OpenAI Platform at standard API rates. |
| Do I need an API key for ordinary subscription Codex use? | No. ChatGPT sign-in is the subscription route. |
| Do credits replace API billing? | No. Credits extend eligible Codex usage after included limits; manual API key usage remains platform billing. |
| Does Codex cloud work with API key sign-in alone? | No. Codex cloud requires ChatGPT sign-in. |
| Can a team workspace have different credit behavior? | Yes. Business, Enterprise, Edu, and flexible-pricing arrangements can change the workspace contract, so admins should check the current workspace terms. |
The right reader move is not "buy credits whenever Codex slows down." First check the active route and remaining usage. Then decide whether the interruption is best solved by credits, a model or workflow change, a higher plan, or an intentional API-key workflow.
Which Route Should Your Workflow Use?
Choose by workflow, not by account inventory.
Personal CLI or IDE coding
Use ChatGPT sign-in first if you expect subscription usage and do not need the run to be billed like an API workload. This keeps the mental model clean: your Codex activity is tied to your ChatGPT plan, current usage window, and eligible credits.
Use API key sign-in only if you deliberately want API billing for local work. That can make sense for repeatable jobs where you want Platform usage reporting, project budgets, or a separate team accounting path.
Codex cloud, browser review, and hosted work
Use ChatGPT sign-in. Codex cloud is not an API-key-only feature. If the job depends on hosted execution, browser review, or cloud-based integrations, start from the ChatGPT route and then check the current plan or workspace rules.
CI, SDKs, app backends, and automation
Use an API key. These jobs usually need non-interactive credentials, project-level permissions, and cost reporting. The API key route makes billing explicit and easier to govern, especially when the work belongs to a product or engineering pipeline rather than one person's interactive session.
Team or workspace governance
Decide who should own the spend before you decide which credential to use. A personal ChatGPT subscription, a team workspace, and an OpenAI Platform project are different administrative surfaces. If the work is shared, repeatable, or budget-sensitive, the owner should be visible in the route decision.
Avoid Surprise API Spend
Use this checklist before a long Codex run.
- Check the route first. Confirm whether the session is using ChatGPT sign-in or API key sign-in.
- Check the meter second. Subscription usage belongs in Codex Settings -> Usage; API-key usage belongs in OpenAI Platform Usage.
- Check feature needs third. If you need cloud work, stay on ChatGPT sign-in. If you need headless automation, use API key sign-in.
- Check volatile facts last. Plan windows, credits, promos, and migration language can change. Date those facts when they affect a spending decision.
The failure mode is not that an API key exists. The failure mode is letting the wrong route own the job without noticing. Treat the API key as a billing switch, not a harmless accessory.
FAQ
Do I need a Codex API key if I already have ChatGPT Plus or Pro?
Not for ordinary subscription-route Codex use. Use ChatGPT sign-in when you want included plan usage, Codex cloud, and eligible credits. Create or use an API key only when you intentionally want OpenAI Platform usage-based billing.
Does a ChatGPT subscription pay for OpenAI API calls?
No. Standard API-key usage is billed through OpenAI Platform. A ChatGPT subscription can include Codex usage and eligible credits, but that is not the same contract as manual API calls with a platform key.
Are Codex credits the same as an API key balance?
No. Credits can extend eligible Codex usage after included limits, depending on plan and workspace rules. API-key usage is platform-billed usage. Treat the two balances as separate until the current OpenAI docs for your plan say otherwise.
Which route should I use for CI or SDK automation?
Use an API key. CI, SDKs, app backends, and headless jobs need explicit platform credentials and should be budgeted as OpenAI Platform usage.
Which route should I use for Codex cloud?
Use ChatGPT sign-in. Codex cloud and cloud-based features require the ChatGPT route rather than API-key-only access.
Where should I check usage before spending more?
Check Codex Settings -> Usage for subscription-route Codex usage and credits. Check OpenAI Platform Usage for API-key spend. If the numbers do not match your expectation, stop the job and confirm which route is active before you buy credits, upgrade, or launch another automation run.