Is Codex Hosted Against OpenAI's Terms? An Honest Reading
codex exec is documented functionality and Codex is included in ChatGPT plans. What the terms say, what they don't, and why OpenAI keeps the final call.
Short version: programmatic Codex use is documented, intended functionality. codex exec exists for scripts and CI, Codex is included in ChatGPT plans, and OpenAI documents signing in on headless machines. Hosting that setup for you is our packaging, and nothing in OpenAI’s terms names it either way. OpenAI keeps the final call over its own services, and any vendor who tells you otherwise is selling certainty they do not have.
Here is the full reading, with the sources.
What OpenAI documents as intended use
Three pieces of official documentation matter.
Non-interactive mode is a feature, not a workaround. OpenAI’s docs state that non-interactive mode “lets you run Codex from scripts (for example, continuous integration (CI) jobs) without opening the interactive TUI” (developers.openai.com/codex/noninteractive). The documented use cases include pipelines, scheduled jobs, and chaining output into other tools. There is an official Codex SDK for TypeScript and Python and an official GitHub Action.
Plan-backed usage is the recommended path. The Codex README says it plainly: “We recommend signing into your ChatGPT account to use Codex as part of your Plus, Pro, Business, Edu, or Enterprise plan” (github.com/openai/codex). The pricing page confirms Codex is included in ChatGPT plans.
Headless sign-in is documented. The auth docs describe a device-code flow for machines without a browser (developers.openai.com/codex/auth). That is the exact flow Codex Hosted uses: OpenAI shows you a code, you approve it at chatgpt.com, and the session lands in your container. We never see your password.
What the terms actually prohibit
OpenAI’s Terms of Use are specific about accounts: “You may not share your account credentials or make your account available to anyone else and are responsible for all activities that occur under your account.” The ChatGPT Pro help article adds prohibitions on “abusive usage, such as automatically or programmatically extracting data” and “reselling access or using ChatGPT to power third-party services.”
Read those against what Codex Hosted does:
| Terms concern | How Codex Hosted is built |
|---|---|
| Account sharing | One account, one container, used only for your own workloads. Never pooled, never shared. |
| Credential handling | Sign-in happens directly between you and OpenAI via device code. We hold no password. |
| ”Programmatically extracting data” | This is an anti-scraping clause. codex exec is OpenAI’s own documented programmatic interface, used as documented. |
| ”Reselling access” | We sell hosting and orchestration software for $129/month. Your subscription serves only you; we add no inference markup and resell no capacity. |
That is the strongest position available to a product like this. It is not the same as OpenAI’s blessing.
What nobody can promise you
No OpenAI document affirmatively addresses third parties hosting plan-authenticated Codex. Asked in a GitHub discussion whether third-party use of Sign in with ChatGPT complies with the terms, an OpenAI maintainer answered that the code is Apache-licensed and forkable, but on the legal question: “I’m an engineer, not a lawyer,” pointing back to the Terms of Use.
The terms also give OpenAI room to act on its own judgment. It may suspend accounts where “use of our Services could cause risk or harm to OpenAI” as it determines. The precedent for caution is real: in January 2026, Anthropic cut off third-party tools using Claude subscription auth overnight. We wrote up that episode and its lessons in why we don’t support Claude Code.
So our position, in the same words we use in the terms and the FAQ: using codex exec programmatically on your own plan is intended functionality. OpenAI has the final call. If OpenAI directs us to change or remove the feature, we comply without contest, your data stays yours, and the rest of the product carries on.
How to keep your own risk low
- Connect only your own account. You warrant this in our terms, and it is the rule that matters most in OpenAI’s.
- Keep workloads yours. Your container serves your apps. Reselling raw access to others is the thing the Pro terms actually name.
- Keep a fallback lane. An API key fallback means a policy surprise degrades you to metered pricing instead of an outage. See what happens when you hit your Codex limit.
- Watch the request log. Every request shows which lane served it, so you always know what ran where.
If the economics are what brought you here, the calculator shows what your current bill maps to, and the cost comparison walks the math in detail.
Frequently asked questions
Is running Codex programmatically allowed by OpenAI?
Yes. codex exec is the Codex CLI's documented non-interactive mode, built for scripts and CI jobs, and OpenAI ships an SDK and a GitHub Action for the same purpose. Codex usage is included in ChatGPT plans.
Does hosting the Codex CLI on a server violate OpenAI's terms?
OpenAI documents device-code sign-in for headless and remote machines, so running the CLI on a server is within documented use. What the terms prohibit is sharing your account or making it available to others. A hosted setup that keeps one account in one container, used only for your own workloads, is built around that rule. OpenAI still retains discretion over its services.
Can OpenAI ban my account for using Codex Hosted?
OpenAI's Terms of Use let it restrict, suspend, or terminate accounts at its discretion, and you are responsible for activity under your account. We designed Codex Hosted to stay inside the documented account rules, and if OpenAI directs a change, we comply immediately. The honest answer is that OpenAI has the final call.
Is ProxyLLM affiliated with OpenAI?
No. ProxyLLM is independent software. It is not affiliated with, endorsed by, or partnered with OpenAI. We run the official, unmodified Codex CLI and follow its documented behavior.