Sign In with ChatGPT: How Subscriptions Became Credentials
Sign in with ChatGPT turns a subscription into a credential: where the program started, how the device-code flow works, and which tools can bill work to your plan.
Sign in with ChatGPT is OpenAI’s program for authenticating software with a ChatGPT account instead of an API key. It debuted in the Codex CLI, where signing in bills the agent’s work to your flat subscription rather than metered tokens. The quiet consequence is the interesting part: a ChatGPT plan stopped being a login for a chat window and became a credential that tools can build against.
Where the program came from
OpenAI shipped the Codex CLI in 2025 with API-key billing, the default for anything programmatic at the time. ChatGPT sign-in arrived soon after, so that subscribers could use the coding agent their plan already included. The README at github.com/openai/codex now recommends ChatGPT sign-in as the primary auth method, with an API key as the alternative.
That ordering matters. Codex is included in ChatGPT Free, Go, Plus, Pro, Business, Edu, and Enterprise plans, so the sign-in is what connects a tool on your machine to capacity you have already paid for. OpenAI also opened an interest list for third-party apps to adopt the same sign-in, which named the pattern publicly: the account is the product surface, not just the chat app.
A ChatGPT subscription now carries entitlements the way a workplace SSO account carries app access. The plan defines what you can use; the sign-in is how software claims it.
How the sign-in actually works
The flow is OAuth-shaped. The tool asks OpenAI for authorization, you approve while signed in to your ChatGPT account, and the tool receives session tokens scoped to act on your behalf. Two variants exist in the Codex CLI:
codex login # browser flow: opens OpenAI's sign-in page,
# catches the redirect on localhost
codex login --device-auth # device-code flow: prints a short code,
# you approve it at chatgpt.com from any deviceThe device-code variant is the same pattern TVs and consoles use, and it exists for machines without a browser: servers, containers, anything reached over SSH. OpenAI documents it at developers.openai.com/codex/auth, and we walked through it step by step in codex login without a browser.
In both variants the password step happens on OpenAI’s pages. The tool never sees it. What lands on the machine is a session file, ~/.codex/auth.json in the CLI’s case, which deserves password-grade handling: readable by one user, never committed, never shared.
What signing in changes, next to an API key
The two credentials route to different products with different bills.
| ChatGPT sign-in | API key | |
|---|---|---|
| Billing | Flat plan, usage windows | Per token, metered |
| Identity | Your personal account | An org or project |
| Limits | Plan windows that reset on a schedule | Rate limits plus whatever budget you set |
| Sharing | One account, one user, per OpenAI’s terms | Keys rotate and distribute by design |
| Fits | Personal machines, bulk plan-backed work | Shared infrastructure, CI, streaming apps |
The billing row is the one that moves money. Signed-in Codex usage draws on plan windows instead of the meter, which is why the same workload can cost $20 flat on Plus or a four-figure sum on a key. The decision logic between the two is its own article: Codex auth: API key vs ChatGPT sign-in.
Which tools support it in June 2026
The production surfaces are OpenAI’s own Codex family, plus services that drive the documented flow against your account.
| Surface | What sign-in gets you |
|---|---|
| Codex CLI | Plan-billed agent in the terminal; codex exec for scripts |
| Codex IDE extension | The same account session inside VS Code and friends |
| Codex cloud | Tasks running on OpenAI’s infrastructure under your plan |
| Codex GitHub Action | The exception: the official action expects an API key |
| Hosted lanes (ProxyLLM’s Codex Hosted) | Device-code sign-in, your account in an isolated container, exposed as an OpenAI-compatible endpoint |
The GitHub Action row is worth pausing on. Shared CI runners sit awkwardly with a personal account, so OpenAI’s own action takes a key. That boundary is a fair one-line summary of the whole program: personal account, personal machines, personal capacity.
What it means for plan-backed tooling
For years the question “can my code use what my subscription pays for” had a flat no for an answer. Sign in with ChatGPT changed the answer to a qualified yes, with Codex as the gateway: the CLI runs non-interactively by design, sign-in works headless, and the usage bills to the plan. The full chain from subscription to endpoint is traced in can you use your ChatGPT subscription as an API?
The qualifications are OpenAI’s, and they are not fine print. The account is yours alone; sharing it breaks the terms. Capacity arrives as usage windows, not an unmetered pipe. And OpenAI’s Terms of Use govern the whole arrangement: programmatic Codex use is documented, intended functionality, but OpenAI has the final call on how its accounts may be used.
Worth noting for contrast: this posture is OpenAI’s, not the industry’s. Anthropic’s docs state it does not permit third-party developers to offer Claude.ai login or to route requests through plan credentials on behalf of users, and it enforced that line in January 2026. The details are in why there is no Claude Code support.
The flow is the trust model
When we built Codex Hosted, the sign-in design was the part we refused to improvise. Connecting your account runs the same device-code handshake described above, directly between you and OpenAI: we never see your password, the session lands in a container only your account uses, and disconnecting revokes our access entirely. A credential program is only as good as the custody habits around it.
If you pay for ChatGPT and your tooling still bills a separate API meter, the sign-in is the bridge worth understanding. The calculator shows what your current API spend would look like billed to a plan instead.
Frequently asked questions
What is Sign in with ChatGPT?
It is OpenAI's account-based sign-in for tools, debuted in the Codex CLI. Instead of pasting an API key, you authenticate with your ChatGPT account and the tool's usage bills to your plan's included limits. The handshake is OAuth-style: you approve in a browser, the tool receives session tokens, and your password never leaves OpenAI.
Which tools support Sign in with ChatGPT?
As of June 2026, the production surfaces are OpenAI's own Codex family: the Codex CLI, the Codex IDE extension, and Codex cloud tasks. Hosted services such as ProxyLLM's Codex Hosted connect through the same documented device-code flow. OpenAI has collected developer interest in broader third-party sign-in, but Codex remains the flagship implementation.
Is Sign in with ChatGPT the same as using an API key?
No. An API key bills every token against OpenAI's metered prices, while ChatGPT sign-in bills usage to your flat subscription's included limits. Identity differs too: a key belongs to an org or project, while a sign-in belongs to your personal account, which OpenAI's terms say may not be shared.
Does Sign in with ChatGPT give apps my password?
No. You sign in on OpenAI's own pages and approve the request; the tool only receives scoped session tokens, which the Codex CLI stores in ~/.codex/auth.json. Treat that file like a password, but the password itself stays between you and OpenAI.
Does signing in with ChatGPT use my subscription's limits?
Yes. Codex is included in ChatGPT Free, Go, Plus, Pro, Business, Edu, and Enterprise plans, and signed-in usage draws on your plan's usage windows instead of per-token billing. OpenAI publishes current limits on its pricing page and adjusts them over time.