Skip to content
Clawdemy

Practice: API keys and the OAuth path

Self-check

Section titled “Self-check”

Six quick questions. Answer each in your head before opening the collapsible.

1. What does BYOK stand for, and what does it actually mean for who bills you?

Show answer

BYOK stands for “bring your own key.” It means the API key represents your account with the AI provider, not your account with Clawless. The provider bills you directly for every message at the provider’s published rates; Clawless takes no markup and does not sit in the middle of the bill.

2. Where does Clawless store the API key after you click Save?

Show answer

In your operating system’s secure store, the same place that holds your other saved passwords (Keychain on macOS, Credential Manager on Windows). Clawless does not store the key in a text file or in its own database. The key never appears on screen again once it is saved.

3. Where in Clawless do you add or remove a key after onboarding?

Show answer

Open Settings from the gear icon at the bottom of the navigation rail on the far left, then click the API Keys section in the sticky sidebar on the left of the Settings page. Every supported provider appears as a row with its current status; click a row to add or change a key.

4. You already pay for ChatGPT Plus. What is Codex, and what does it change in Clawless?

Show answer

Codex is the OAuth path that lets ChatGPT subscribers use OpenAI models in Clawless through their subscription, instead of paying per-token on an OpenAI API key. You sign in with your ChatGPT account during onboarding instead of pasting a key. Three things change: the model picker shows an OAuth indicator next to OpenAI models; the Usage dashboard shows Codex sessions at $0 (OAuth); and the model behavior is identical to the API path (same GPT family, different billing arrangement). No ChatGPT subscription means no Codex; use a regular OpenAI API key instead.

5. A provider’s row in Settings, API Keys turned red this afternoon after working fine this morning. Name the three most common causes.

Show answer

Typo on paste (re-copy and save again), the key was revoked or rotated on the provider side (generate a new one), or the account is out of credits (top up on the provider’s site). The red row in Clawless shows a brief description of which case it is.

6. Why does Clawless not sync your keys across machines?

Show answer

Syncing credentials between devices is the kind of thing where a small mistake becomes a big problem. The right tool for credential sync is your operating system’s own password sync, not the Clawless app. If you install Clawless on a second computer, you start fresh and re-add your keys there.

Try it yourself: the 15-minute key check

Section titled “Try it yourself: the 15-minute key check”

The body lesson covered the theory. This is the short hands-on. The goal is to confirm your existing provider is healthy, and optionally to add a second so you have a fallback. Fifteen minutes if you already have a key from another provider handy. Longer if you have to sign up for one.

Side effects: none beyond what onboarding already did. No new charges. Adding a second provider only takes effect when you actually pick a model from that provider in a future conversation.

Steps:

  1. Open Settings. Click the gear icon at the bottom of the navigation rail on the far left of the Clawless window. The Settings page opens.

  2. Click the API Keys section in the sticky sidebar on the left of the Settings page.

  3. Confirm your current provider is green. Find the row for the provider you connected during onboarding. Look for the green check that means the key authenticates and the account is reachable. If the row is red, read the brief description and fix the underlying cause (re-copy the key, generate a new one, or top up credits on the provider’s site).

  4. Optional: add a second provider. Pick one you do not have yet. If you have a paid ChatGPT subscription and have not yet added Codex, the Sign in with ChatGPT option in the OpenAI row is the fastest add. Otherwise, pick a free-tier-friendly provider (Google’s Gemini free tier or Groq) so you can experiment without spending. Click the row, click the Get API Key link, generate a key on the provider’s site, copy it, paste it into the Clawless input box, click Save. The row turns green when Clawless verifies it.

  5. Confirm the new provider appears in the model picker. Go back to the chat (click the Assistant agent on the left rail to leave Settings). Click the model picker chip in the dock row below the input. You should now see the new provider’s curated models under their own header in the dropdown.

  6. Send one message on the new provider. Pick a small model from the new provider’s list. Send “Tell me one short fact about the Roman aqueducts” or any quick question. Confirm the reply lands and the Usage dashboard (in the navigation rail) shows the request under the new provider.

Expected outcome: you finish with at least one green provider row that is verified working, the path to add or remove providers is in your hands, and you have seen what a healthy versus broken row looks like before it bites you in the middle of a real conversation.

If something went sideways: the five first-day surprises at the end of the lesson body cover the most common confusions, especially the “you do not pay Clawless for AI usage” and “free tiers vary widely” ones.

Flashcards

Section titled “Flashcards”

Ten cards. Review once a day for a week, then on the intervals your spaced-repetition tool suggests.

Q. What does BYOK stand for, and what is the billing model?
A.

Bring Your Own Key. The API key represents your account with the provider, not with Clawless. The provider bills you directly at the provider’s published rates. Clawless takes no markup.

Q. Where does Clawless store your API key after you save it?
A.

In your operating system’s secure storage (Keychain on macOS, Credential Manager on Windows), the same place your other saved passwords live. Not in a text file, not in a Clawless database. The key never appears on screen again once saved.

Q. Where in Clawless do you manage API keys after onboarding?
A.

Settings (gear icon at the bottom of the navigation rail) then the API Keys section in the sticky sidebar. Each supported provider has a row showing whether a key is set and whether it is currently working.

Q. What is Codex, and which provider is it for?
A.

Codex is the OAuth path for ChatGPT subscribers. Signing in with your ChatGPT account lets you use OpenAI models in Clawless through your subscription instead of paying per-token on an OpenAI API key. OpenAI only. Not a different model: same GPT family, different billing arrangement.

Q. Two visible cues that you are running on Codex (OAuth) instead of an API key?
A.

The model picker shows an OAuth indicator next to OpenAI models. The Usage dashboard shows those sessions at $0 (OAuth) instead of a per-message dollar amount. OpenAI still bills you on their side through the subscription.

Q. Three common reasons a working key suddenly fails?
A.

Typo on paste (re-copy and save), revoked or rotated key (generate a new one on the provider’s site), out of credits on a pay-as-you-go account (top up). The Settings row turns red with a brief description naming which case it is.

Q. Which providers tend to offer the gentler free-tier entry point for trying things without spending?
A.

Google’s Gemini free tier and Groq. Anthropic and OpenAI are pay-as-you-go on the API side; a small one-time signup credit is sometimes included, but no ongoing free tier.

Q. What happens to your past conversations when you remove a provider's key?
A.

Nothing. Past conversations stay in your local conversation history regardless of whether the key that produced them is still saved. Keys are about authentication going forward, not about access to your history.

Q. What does the green check on a provider row mean (and not mean)?
A.

It means the key authenticates and the account is reachable. It does not mean the model is fast today, that the provider has no rate limits, or that your free credits have not run out. Those are runtime conditions you discover as you go.

Q. Why does Clawless not sync API keys across machines?
A.

Syncing credentials between devices is where small mistakes become big problems. The right tool for credential sync is your operating system’s own password sync, not the app. Install on a second machine, re-add keys there.