Skip to main content
OpenAI Codex CLI is a lightweight coding agent that runs directly in your terminal, letting you interact with AI to analyze, modify, and execute code in your projects. While Codex delivers powerful code generation and execution capabilities, Portkey adds essential enterprise controls for production deployments:
  • Unified AI Gateway - Single interface for 250+ LLMs with API key management (beyond Codex’s default model options)
  • Centralized AI observability: Real-time usage tracking for 40+ key metrics and logs for every request
  • Governance - Real-time spend tracking, set budget limits and RBAC in your Codex setup
  • Security Guardrails - PII detection, content filtering, and compliance controls
This guide will walk you through integrating Portkey with OpenAI Codex CLI and setting up essential enterprise features including usage tracking, access controls, and budget management.
If you are an enterprise looking to use Codex CLI in your organization, check out this section.

1. Setting up Portkey

Portkey allows you to use 1600+ LLMs with your OpenAI Codex setup, with minimal configuration required. Let’s set up the core components in Portkey that you’ll need for integration.
1

Create an Integration

Navigate to the Integrations section on Portkey’s Sidebar. This is where you’ll connect your LLM providers.
  1. Find your preferred provider (e.g., OpenAI, Anthropic, etc.)
  2. Click Connect on the provider card
  3. In the “Create New Integration” window:
    • Enter a Name for reference
    • Enter a Slug for the integration
    • Enter your API Key and other provider specific details for the provider
  4. Click Next Step
In your next step you’ll see workspace provisioning options. You can select the default “Shared Team Workspace” if this is your first time OR chose your current one.
2

Configure Models

On the model provisioning page:
  • Leave all models selected (or customize)
  • Toggle Automatically enable new models if desired
Click Create Integration to complete the integration
3

Copy the Model Slug

Once your Integration is created:
  1. Go to Model CatalogModels tab
  2. Find and click on your model (if your model is not visible, you need to edit your integration from the last step)
  3. Copy the slug (e.g., @openai-dev/gpt-4o)
This slug follows the format @your-provider-slug/model-name and you’ll need it for configuring Codex CLI.
4

Create Portkey API Key

Create a Portkey API key:
  1. Go to API Keys in Portkey
  2. Create new API key
  3. Generate and save your API key
Save your API key securely - you’ll need it for OpenAI Codex integration.
🎉 Voila, Setup complete! You now have everything needed to integrate Portkey with OpenAI Codex CLI.

2. Integrate Portkey with OpenAI Codex CLI

Now that you have your Portkey components set up, let’s connect them to OpenAI Codex CLI. The integration leverages Codex’s config.toml file to define custom model providers that route all requests through Portkey’s AI Gateway.
For detailed information on Codex CLI configuration options, refer to the official Codex local configuration documentation.

Understanding wire_api: Chat vs Responses

OpenAI Codex CLI supports two API protocols via the wire_api setting:
wire_apiDescriptionUse When
responsesUses OpenAI’s Responses APIModel supports Responses API (e.g., GPT-5, o3, o4-mini)
chatUses Chat Completions APIModel doesn’t support Responses API (e.g., GPT-4o, Claude, Gemini)
If you plan to use models with different API support, you can configure multiple providers in your config.toml and switch between them as needed.

Configure Codex with config.toml

OpenAI Codex CLI uses a TOML configuration file located at ~/.codex/config.toml. Let’s set up Portkey as a custom model provider.

Option 1: Single Provider (Responses API)

If you’re only using models that support the Responses API (like GPT-5 or o3): 
# ~/.codex/config.toml

# Set your default model using the Portkey model slug
model = "@your-provider-slug/gpt-5"
model_provider = "portkey-responses"

# Portkey provider configuration (Responses API)
[model_providers.portkey-responses]
name = "Portkey - Responses API"
base_url = "https://api.portkey.ai/v1"
env_key = "PORTKEY_API_KEY"
wire_api = "responses"

Option 2: Single Provider (Chat Completions API)

If you’re using models that use the Chat Completions API (like GPT-4o, Claude, Gemini): 
# ~/.codex/config.toml

# Set your default model using the Portkey model slug
model = "@your-provider-slug/gpt-4o"
model_provider = "portkey-chat"

# Portkey provider configuration (Chat Completions API)
[model_providers.portkey-chat]
name = "Portkey - Chat API"
base_url = "https://api.portkey.ai/v1"
env_key = "PORTKEY_API_KEY"
wire_api = "chat"

Option 3: Multiple Providers (Both APIs)

For maximum flexibility, configure both providers and switch between them: 
# ~/.codex/config.toml

# Default configuration - using Responses API model
model = "@your-provider-slug/gpt-5"
model_provider = "portkey-responses"

# Optional: Set reasoning effort for supported models
model_reasoning_effort = "medium"

# Portkey provider for Responses API models (GPT-5, o3, o4-mini, etc.)
[model_providers.portkey-responses]
name = "Portkey - Responses API"
base_url = "https://api.portkey.ai/v1"
env_key = "PORTKEY_API_KEY"
wire_api = "responses"

# Portkey provider for Chat Completions API models (GPT-4o, Claude, Gemini, etc.)
[model_providers.portkey-chat]
name = "Portkey - Chat API"
base_url = "https://api.portkey.ai/v1"
env_key = "PORTKEY_API_KEY"
wire_api = "chat"

Set Environment Variable

Set your Portkey API key as an environment variable: 
export PORTKEY_API_KEY="your-portkey-api-key-here"
This command sets the key only for your current terminal session. Add the export line to your shell’s configuration file (e.g., ~/.zshrc, ~/.bashrc) for persistence.

Test Your Integration

Run a simple command to verify everything is working: 
codex "explain this repository to me"
You should see your requests logged in the Portkey dashboard with full observability.

3. Set Up Enterprise Governance for OpenAI Codex

Why Enterprise Governance? If you are using OpenAI Codex inside your organization, you need to consider several governance aspects:
  • Cost Management: Controlling and tracking AI spending across teams
  • Access Control: Managing team access and workspaces
  • Usage Analytics: Understanding how AI is being used across the organization
  • Security & Compliance: Maintaining enterprise security standards
  • Reliability: Ensuring consistent service across all users
  • Model Management: Managing what models are being used in your setup
Portkey adds a comprehensive governance layer to address these enterprise needs. Enterprise Implementation Guide

Step 1: Implement Budget Controls & Rate Limits

Model Catalog enables you to have granular control over LLM access at the team/department level. This helps you:
  • Set up budget limits
  • Prevent unexpected usage spikes using Rate limits
  • Track departmental spending

Setting Up Department-Specific Controls:

  1. Navigate to Model Catalog in Portkey dashboard
  2. Create new Provider for each engineering team with budget limits and rate limits
  3. Configure department-specific limits

Step 2: Define Model Access Rules

As your AI usage scales, controlling which teams can access specific models becomes crucial. You can simply manage AI models in your org by provisioning model at the top integration level.
Portkey allows you to control your routing logic very simply with it’s Configs feature. Portkey Configs provide this control layer with things like:
  • Data Protection: Implement guardrails for sensitive code and data
  • Reliability Controls: Add fallbacks, load-balance, retry and smart conditional routing logic
  • Caching: Implement Simple and Semantic Caching. and more…

Example Configuration:

Here’s a basic configuration to load-balance requests to OpenAI and Anthropic:
{
	"strategy": {
		"mode": "load-balance"
	},
	"targets": [
		{
			"override_params": {
				"model": "@your-openai-slug/gpt-4o"
			}
		},
		{
			"override_params": {
				"model": "@your-anthropic-slug/claude-sonnet-4"
			}
		}
	]
}
Create your config on the Configs page in your Portkey dashboard.
Configs can be updated anytime to adjust controls without affecting running applications.

Step 4: Implement Access Controls

Create User-specific API keys that automatically:
  • Track usage per developer/team with the help of metadata
  • Apply appropriate configs to route requests
  • Collect relevant metadata to filter logs
  • Enforce access permissions
Create API keys through:Example using Python SDK:
from portkey_ai import Portkey

portkey = Portkey(api_key="YOUR_ADMIN_API_KEY")

api_key = portkey.api_keys.create(
    name="frontend-engineering",
    type="organisation",
    workspace_id="YOUR_WORKSPACE_ID",
    defaults={
        "config_id": "your-config-id",
        "metadata": {
            "environment": "development",
            "department": "engineering",
            "team": "frontend"
        }
    },
    scopes=["logs.view", "configs.read"]
)
For detailed key management instructions, see our API Keys documentation.

Step 5: Deploy & Monitor

After distributing API keys to your engineering teams, your enterprise-ready OpenAI Codex setup is ready to go. Each developer can now use their designated API keys with appropriate access levels and budget controls. Apply your governance setup using the integration steps from earlier sections Monitor usage in Portkey dashboard:
  • Cost tracking by engineering team
  • Model usage patterns for AI agent tasks
  • Request volumes
  • Error rates and debugging logs

Enterprise Features Now Available

Codex CLI now has:
  • Departmental budget controls
  • Model access governance
  • Usage tracking & attribution
  • Security guardrails
  • Reliability features

Portkey Features

Now that you have enterprise-grade Codex CLI setup, let’s explore the comprehensive features Portkey provides to ensure secure, efficient, and cost-effective AI operations.

1. Comprehensive Metrics

Using Portkey you can track 40+ key metrics including cost, token usage, response time, and performance across all your LLM providers in real time. You can also filter these metrics based on custom metadata that you can set in your configs. Learn more about metadata here.

2. Advanced Logs

Portkey’s logging dashboard provides detailed logs for every request made to your LLMs. These logs include:
  • Complete request and response tracking
  • Metadata tags for filtering
  • Cost attribution and much more…

3. Unified Access to 250+ LLMs

You can easily switch between 250+ LLMs. Call various LLMs such as Anthropic, Gemini, Mistral, Azure OpenAI, Google Vertex AI, AWS Bedrock, and many more by simply changing the model slug in your config.toml.

4. Advanced Metadata Tracking

Using Portkey, you can add custom metadata to your LLM requests for detailed tracking and analytics. Use metadata tags to filter logs, track usage, and attribute costs across departments and teams.

Custom Metadata

5. Enterprise Access Management

Budget Controls

Set and manage spending limits across teams and departments. Control costs with granular budget limits and usage tracking.

Single Sign-On (SSO)

Enterprise-grade SSO integration with support for SAML 2.0, Okta, Azure AD, and custom providers for secure authentication.

Organization Management

Hierarchical organization structure with workspaces, teams, and role-based access control for enterprise-scale deployments.

Access Rules & Audit Logs

Comprehensive access control rules and detailed audit logging for security compliance and usage tracking.

6. Reliability Features

Fallbacks

Automatically switch to backup targets if the primary target fails.

Conditional Routing

Route requests to different targets based on specified conditions.

Load Balancing

Distribute requests across multiple targets based on defined weights.

Caching

Enable caching of responses to improve performance and reduce costs.

Smart Retries

Automatic retry handling with exponential backoff for failed requests

Budget Limits

Set and manage budget limits across teams and departments. Control costs with granular budget limits and usage tracking.

7. Advanced Guardrails

Protect your Codex CLI’s data and enhance reliability with real-time checks on LLM inputs and outputs. Leverage guardrails to:
  • Prevent sensitive data leaks
  • Enforce compliance with organizational policies
  • PII detection and masking
  • Content filtering
  • Custom security rules
  • Data compliance checks

Guardrails

Implement real-time protection for your LLM interactions with automatic detection and filtering of sensitive content, PII, and custom security rules. Enable comprehensive data protection while maintaining compliance with organizational policies.

FAQs

The wire_api setting determines which OpenAI API protocol Codex uses:
  • responses: Uses OpenAI’s newer Responses API, required for models like GPT-5, o3, and o4-mini that support advanced reasoning features
  • chat: Uses the standard Chat Completions API, compatible with most models including GPT-4o, Claude, Gemini, and others
Choose based on the model you’re using - if the model supports the Responses API, use responses for full feature support.
Configure both provider types in your config.toml:
[model_providers.portkey-responses]
wire_api = "responses"
# ... other settings

[model_providers.portkey-chat]
wire_api = "chat"
# ... other settings
Then use CLI arguments to switch: codex --model "@slug/model" --provider portkey-chat
Portkey provides several ways to track team costs:
  • Create separate integrations for each team with unique slugs
  • Use metadata tags in your API keys
  • Set up team-specific API keys with metadata
  • Monitor usage in the analytics dashboard
When a team reaches their budget limit:
  1. Further requests will be blocked
  2. Team admins receive notifications
  3. Usage statistics remain available in dashboard
  4. Limits can be adjusted if needed
Yes! Portkey fully integrates with OpenAI’s open source Codex CLI. This gives you the flexibility to leverage both the power of open source with the enterprise controls of Portkey.
For comprehensive configuration options including profiles, feature flags, sandbox settings, and more, refer to the official Codex CLI configuration documentation.

Next Steps

Join our Community
For enterprise support and custom features, contact our enterprise team.