Skip to content
Clawdemy

Summary: API keys and the OAuth path

The short version

Section titled “The short version”

An API key is a string of characters the AI provider gives you so their system can recognize your requests, both for authentication and for billing. You paste it into Clawless once, it goes into your operating system’s secure storage, and Clawless uses it on every message. This is the BYOK model: bring your own key, the provider bills you directly, Clawless takes no markup. There is one specific alternative for ChatGPT subscribers, the OAuth path called Codex, which lets you use OpenAI’s models in Clawless through your subscription instead of paying per-token. Keys live in Settings, API Keys after onboarding. When a key stops working, the row turns red and the cause is one of three things: typo on paste, revoked or rotated, or out of credits. The fix is straightforward in each case.

Core ideas

Section titled “Core ideas”
  • An API key is a string the provider issues so their system can recognize your requests. It serves two roles in one: authentication (you are allowed to use it) and accounting (who to bill).
  • A typical key has a short prefix that identifies the provider followed by a long string of characters, in this shape (Anthropic example, other providers vary):
sk-ant-1a2b3c4d5e6f...

You paste it into Clawless once during onboarding or in Settings.

  • The key never appears on screen again once saved. Clawless stores it in your operating system’s secure storage (Keychain on macOS, Credential Manager on Windows), the same place your other saved passwords live.
  • BYOK stands for “bring your own key.” The key represents your account with the provider, not with Clawless. The provider bills you directly at the provider’s published rates; Clawless takes no markup.
  • There is no combined bill. The Clawless app has its own license; the AI conversations bill through whichever provider’s key you have set up. This catches people on the first day who assume one bill covers both.
  • Keys are managed in Settings, API Keys. The page lists every supported provider as a row (Anthropic, OpenAI, Google, Groq, Mistral, Cohere, Together, Fireworks, OpenRouter, and others). Each row shows whether you have a key and whether it currently works.
  • A green check on a provider row means the key authenticates and the account is reachable. It does not mean the model is fast today or that you have credits left; those are runtime conditions.
  • The default agent model follows the first provider you connect during onboarding. You can change a default in Settings, Models without re-doing anything else.
  • The Codex path is the OAuth alternative for ChatGPT subscribers. Sign in with your ChatGPT account during onboarding instead of pasting an OpenAI API key, and Clawless connects to OpenAI through your subscription. The model picker shows an OAuth indicator on those models; the Usage dashboard shows Codex sessions at $0 (OAuth) because OpenAI bills you on their side through the subscription. (One thing to know: the OAuth path bills through your ChatGPT subscription, so it is governed by that subscription’s consumer terms rather than the API terms; worth a glance if your messages are sensitive.)
  • The underlying model behavior is the same under Codex. It is a billing arrangement, not a different model. Same GPT family, different bill.
  • Codex is OpenAI-only. Each provider connection is separate.
  • When a key stops working, the row turns red with a brief description. Three common causes: typo on paste, revoked or rotated key, out of credits on a pay-as-you-go account. Fix the cause; the row goes green again.
  • Removing a key does not delete your past conversations. Keys are about authentication going forward.
  • Free tiers vary widely. Google’s Gemini free tier and Groq run a generous free allowance, good places to experiment without spending. Anthropic and OpenAI are pay-as-you-go on the API side from the start.
  • Multiple providers are supported but not required. Two or three connections is plenty for most people. More connections means more keys to keep current and more potential failure points.
  • Keys do not sync across machines. Install on a second computer, start fresh on keys. Intentional: credential sync between devices is where small mistakes become big problems, and your operating system’s password sync is the right tool for that, not the app.

What changes for you

Section titled “What changes for you”

Before this lesson, the path from “I want to use AI” to “AI is actually responding to me in Clawless” probably involved some hand-waving about how the bill works. Now you have the mental model directly: there is no Clawless account that holds your AI usage, there is your provider account, and Clawless is the place where you bring it together. The most useful new habit is checking the Settings, API Keys page when something feels off, before you assume Clawless is broken. A red row with a one-line description tells you whether it is a typo, a revoked key, or empty credits, three different fixes with different speeds. The lessons that follow on this track all assume you have at least one provider connected and healthy, so leaving this lesson with a green row (or two) is the working foundation for everything else.