How to get an OpenAI API key
Step-by-step walkthrough to create, scope, and verify an OpenAI API key — including project keys and service accounts.
Published 1/15/2026
You can get an OpenAI API key in under three minutes. The full path is platform.openai.com → log in → API keys → Create new secret key. The clicks are easy. The decisions you make along the way determine whether the key you walk away with is safe to ship.
Set up the account
If you have a ChatGPT account, the same login works for the developer platform. The two are separate billing surfaces — your ChatGPT Plus subscription does not give you API credits, and your API spend does not unlock ChatGPT Plus. The first time you log into platform.openai.com, you'll be asked to either join an existing organization (if your employer already has one) or create a personal one.
Add a payment method before generating the key. New accounts get a small one-time starter credit, but it expires after a few months. Most production workloads burn through the starter in a single afternoon.
Create a project
Don't skip this step. Projects let you scope keys to a specific app, set per-project spend limits, and audit usage independently. The default Default project exists for convenience but treating everything as one bucket is the fastest way to get a $4,000 bill from a key that leaked into a stale CI job.
From the platform sidebar, click Settings → Projects → Create project. Give it a name that matches your repo. Set a monthly spend cap. The cap is the most important setting on this entire page; pick something a few times your expected spend so a misconfigured retry loop can't drain your bank account.
Create the key
Open API keys from the sidebar, click Create new secret key, and pick:
- Project: the one you just created.
- Permissions: Restricted, then check only the scopes the app actually needs (Models, Chat completions, Embeddings — uncheck Audio, Files, Fine-tuning unless you use them).
- Name: something descriptive like
kf-prod-2026. You'll thank yourself when you're staring at a list of 14 keys two years from now.
The key is shown once. Copy it into your secret manager (1Password, Vault, AWS Secrets Manager, Doppler — anywhere except a chat thread or a config commit).
Verify it works
Paste the key into the OpenAI tester. We'll call /v1/models with your key, list the models it can access, and time the round trip. If you see a 200 and a list of model ids, you're done.
If you see a 401, double-check that nothing got truncated on copy. If you see a 200 but no GPT-4o, your account hasn't unlocked that tier yet — top up another five dollars and the gate usually opens within an hour.
Service accounts vs project keys vs user keys
Service account keys (sk-svcacct-...) belong to the project, not to you. Use them for backend services so a key doesn't die when an employee leaves. Project keys (sk-proj-...) belong to the user but are scoped to a single project. Plain sk-... keys are legacy and still work, but you should migrate.
What to do next
Set up key security. Schedule a 90-day rotation. Add the same key to your dev and prod secret stores under different names so you can rotate one without touching the other. And go ship something.
Related guides
- API key security best practices for LLMs
How to store, scope, rotate, and revoke LLM API keys without leaking them through git, logs, or shared environments.
- OpenAI vs Anthropic pricing in 2026
A side-by-side breakdown of OpenAI and Anthropic per-token pricing, batch discounts, and prompt-caching savings.