Cheatsheet: API keys and the OAuth path
The mental model
Section titled “The mental model”An API key is a string of characters the AI provider gives you so their system can recognize your requests. Two roles in one: authentication (you are allowed to use it) and accounting (who to bill). You paste it into Clawless once and Clawless does the rest.
BYOK in one line
Section titled “BYOK in one line”BYOK = Bring Your Own Key. Your key, your provider account, the provider bills you directly at published rates. Clawless takes no markup. No combined bill: Clawless app license is separate from AI usage.
Where the key lives
Section titled “Where the key lives”| State | Where |
|---|---|
| You typed it once | The Save dialog in onboarding or Settings, API Keys |
| Forever after | Your operating system’s secure storage (Keychain on macOS, Credential Manager on Windows) |
| Never shown again | The key does not appear on screen after Save |
| Not in Clawless | No text file, no Clawless database, no cloud sync |
The Settings page (where you manage keys)
Section titled “The Settings page (where you manage keys)”- Settings. Gear icon at the bottom of the navigation rail on the far left.
- API Keys section. Sticky sidebar on the left of the Settings page.
- Row per provider. Anthropic, OpenAI, Google, Groq, Mistral, Cohere, Together, Fireworks, OpenRouter, and others.
- Per-row controls. Get API Key link (jumps to the provider’s key page), input box, Save button, status indicator (green check or red error).
- Remove a key. Trash icon at the end of the row. Wipes from secure storage; provider goes inactive.
The OAuth path (Codex)
Section titled “The OAuth path (Codex)”| Item | Value |
|---|---|
| Who it is for | ChatGPT Plus or Pro subscribers |
| Provider it covers | OpenAI only |
| How to enable | Sign in with ChatGPT during onboarding (instead of pasting an OpenAI API key) |
| Visual cue 1 | OAuth indicator next to OpenAI models in the model picker |
| Visual cue 2 | Usage dashboard shows Codex sessions at $0 (OAuth) |
| What changes | Billing path (your ChatGPT subscription handles it) |
| What does NOT change | Model behavior (same GPT family on the other end of the wire) |
| Terms that govern it | Billed via your ChatGPT subscription; governed by consumer terms, not API terms. Worth a glance if your messages are sensitive. |
| If you do not have ChatGPT | Ignore Codex; use a regular OpenAI API key |
When a key turns red
Section titled “When a key turns red”| Cause | Fix |
|---|---|
| Typo on paste | Re-copy the key from the provider’s dashboard; paste again; Save |
| Revoked or rotated | Generate a new key on the provider’s dashboard; paste the new one |
| Out of credits | Top up on the provider’s site; Clawless resumes on the next successful call |
The row stays red with a brief description until the underlying cause is fixed; goes green when it resolves.
Free tier vs pay-as-you-go (rough map)
Section titled “Free tier vs pay-as-you-go (rough map)”| Provider | Entry economics |
|---|---|
| Google (Gemini) | Generous free tier; gentle entry point if “no spending yet” matters |
| Groq | Generous free tier; same |
| Anthropic | Pay-as-you-go; small one-time signup credit sometimes included; no ongoing free tier |
| OpenAI | Pay-as-you-go on API; small one-time signup credit sometimes included; no ongoing free tier on API path |
| OpenAI via Codex | If you already pay for ChatGPT Plus/Pro, OAuth lets you skip the per-token API charge |
The provider’s terms are the provider’s terms; Clawless does not change them.
Adding a second provider (the 5-step path)
Section titled “Adding a second provider (the 5-step path)”- Settings, gear icon at the bottom of the navigation rail.
- Click the API Keys section.
- Find the provider’s row, click it.
- Click the Get API Key link, generate a key on the provider’s site, copy it.
- Paste it into the Clawless input box, click Save. Green check on the row when verified.
Practical: do not connect more providers than you actually use. Two or three is plenty for most people.
Default agent model
Section titled “Default agent model”When you create a new agent, the agent’s default model follows the first provider you connected during onboarding. You can change a default in Settings, Models without redoing anything else.
Pitfalls to dodge
Section titled “Pitfalls to dodge”- Assuming there is one combined Clawless-plus-AI bill (there is not; the AI bill is between you and the provider)
- Assuming Codex unlocks all providers (Codex is OpenAI-only)
- Treating the green check as a quality signal (it only means authenticated and reachable; runtime conditions like rate limits and empty credits are not the same as “key works”)
- Connecting six providers because the list looks tempting (each is one more thing to keep current; two or three is plenty)
- Expecting keys to sync to a second computer (they do not; OS-level password sync is the right tool for that, not the app)
Worth opening once
Section titled “Worth opening once”The API Keys page in Settings, weekly for the first month. The fastest way to learn whether a “this is broken” feeling is actually a broken key (red row), an empty wallet, or something else.
What lands next
Section titled “What lands next”A later lesson covers agents end-to-end (the rail on the left, what each agent is set up for, and how to customize one). A later lesson covers Memory, Tools, Skills, Channels, Cron, Logs, Usage, and Settings panels one by one. Everything else in the track assumes you have at least one healthy provider connected. That is what this lesson left you with.