Skip to content
Agentic Levels

Everything starts here.

GuestLocal progress only
PreferencesSign in
01Start with one taskBest first move for beginners.02Check your LevelMeasure where you are.03Score an AI resultFind the habit to practice first.04Return to Your WorkScores, links, and checkpoints.
Start here

Begin

HomeThe main entry point.New to AIStart with one useful task.
Know where you are

Measure

Check your LevelUse this after you have tried AI.Fluency ScoreScore an AI result you can review.
Build the habit

Learn

LevelsLessonsTracks
Find the reference

Library

PromptsReferenceResourcesCompare Tools
Turn it into work

Apply

Your Next MoveChoose what AI should change next.Tool SetupGet the tools ready.
Come back later

Return

Your WorkScores, links, and checkpoints.My PathContinue from your level.Updates
Site

Site

PricingAboutFAQ & FeedbackPreferences

© 2026 Fuentes Studio

Privacy·Terms
yourCouncil
Ready to help
✦

What do you want to understand?

Ask anything about what you're learning.

Tracks›Codex Fundamentals
L4Lesson 3Free

Pick the right sign-in path

ChatGPT access, API key access, and workspace controls

After this, you'll be able to explain when to sign in with ChatGPT, when API-key sign-in fits, and why Codex cloud requires ChatGPT sign-in.

Before you start

Complete Layer instructions without conflict first.

The idea

How you sign in changes what rules apply. Codex supports ChatGPT sign-in and API-key sign-in for local workflows, but the policies behind those paths are different.

Two blank identity cards sit on opposite sides of one repo boundary before ownership is chosen.
Two blank identity cards sit on opposite sides of one repo boundary before ownership is chosen.
Auth ChoiceMove through Pick the right sign-in path, check proof, then fix only the weak part.
yesnorun it again
StartBegin with the real task
Pick the right sign-in pathAfter this, you'll be able to explain when to sign in with ChatGPT, when API-key
1Proof visible?The answer distinguishes ChatGPT sign-in from API-key sign-in
Ready to useChoose a Codex sign-in path for one scenario and name the policy and billing owner
Fix the weak partBreaks when a team expects workspace retention controls but the run used API-key

Here is the before and after: before, Codex is guessing from a loose request. After, you can explain when to sign in with ChatGPT, when API-key sign-in fits, and why Codex cloud requires ChatGPT sign-in.

Now try it use the exercise prompt on one real repo task. Keep the output small enough to check before you accept the change.

You are ready when the Codex action, boundary, and proof all match the task.

Try it (10 min)

Watch out for

  • Assuming API-key sign-in uses ChatGPT workspace policy.
  • Trying to use Codex cloud without ChatGPT sign-in.
  • Pasting an API key into a prompt.
  • Mixing personal and company work under the wrong account.

Paste this into Claude

Choose a Codex sign-in path for this scenario:

Work type: [personal repo, company repo, cloud task, CI job, local CLI task]
Needs Codex cloud: [yes/no]
Needs ChatGPT workspace policy: [yes/no/unknown]
Billing owner: [ChatGPT plan, OpenAI API org, company workspace, unknown]
Secrets involved: [yes/no]

Return the recommended sign-in path, what policy applies, and one thing to verify before running Codex.

Created by potrace 1.16, written by Peter Selinger 2001-2019 What a good response looks like

Use ChatGPT sign-in. This is a company repo that needs workspace controls and may run in Codex cloud. Verify that the repo is available in the workspace and that the cloud environment does not expose secrets during the agent phase.

Created by potrace 1.16, written by Peter Selinger 2001-2019 What good looks like

  • The answer distinguishes ChatGPT sign-in from API-key sign-in
  • Cloud work uses ChatGPT sign-in
  • API-key use is limited to appropriate local or programmatic cases
  • Secrets are not pasted into the task prompt

When this breaks

  • Breaks when a team expects workspace retention controls but the run used API-key sign-in.
  • Breaks when cloud access is planned but the chosen auth path does not support it.

AI can help with this

Use Codex to help you you can explain when to sign in with ChatGPT, when API-key sign-in fits, and why Codex cloud requires ChatGPT sign-in. Start with the exercise prompt and your real input. Ask for one draft, then check it against this proof: The answer distinguishes ChatGPT sign-in from API-key sign-in. Accept only the version you can verify yourself.

The sign-in path matches repo ownership, policy, and audit needs before work starts.

Created by potrace 1.16, written by Peter Selinger 2001-2019 You can now

✓

You can explain ChatGPT sign-in

  • ✓You can explain API-key sign-in
  • ✓You can name why cloud requires ChatGPT sign-in
  • ✓You can avoid putting secrets in prompts

Key takeaways

Authentication is part of the work boundary. Pick the sign-in path that matches who owns the repo and policy.

  1. 1ChatGPT sign-in ties Codex to ChatGPT plan or workspace controls.
  2. 2API-key sign-in follows API organization billing and data settings.
  3. 3Codex cloud requires ChatGPT sign-in.
  4. 4Secrets belong in managed setup, not in task prompts.

Created by potrace 1.16, written by Peter Selinger 2001-2019 Go deeper

  • Codex authentication
  • Using Codex with your ChatGPT plan

Was this helpful?

Up nextRead sandbox mode before approving→

Related lessons

Keep private work privateKeep network and secrets controlled
← Back to Codex Fundamentals