How to Get an OpenAI Ads API Key

May 20, 2026

OpenAI's Ads API lets you programmatically manage campaigns, ad groups, ads, creative assets, and performance reporting inside ChatGPT. This guide covers how to get your key, how authentication works, and how to connect OpenAI Ads to a unified advertising integration alongside LinkedIn Ads, Google Ads, and Meta Ads.

What is an OpenAI Ads API key?

An OpenAI Ads API key is a Bearer token that authenticates requests to the OpenAI Ads API (api.ads.openai.com/v1). It is scoped to a single ad account and issued directly from the OpenAI Ads Manager — not from the standard OpenAI developer console at platform.openai.com.

If you're looking for keys to call GPT models, those live at platform.openai.com/api-keys. This guide covers the Ads API only.

Prerequisites

Before you can issue a key, you need to clear several gates. OpenAI's Ads product is currently in beta with restrictions that block access before you reach the Settings tab.

Geography: Ads Manager Beta is currently limited to U.S. advertisers. Non-U.S. entities may not see the beta entry point or may be unable to complete verification.

Account verification: You must create an Ads Manager Beta account using your OpenAI login, enter business details, and wait for OpenAI to review and approve your advertiser account. Access is granted via email confirmation.

Category eligibility: OpenAI currently accepts advertisers in specific verticals — local services, travel and entertainment, household and consumer goods, digital products, and education. Regulated categories (health, mental health, politics, financial products) are unlikely to be accepted in the current beta.

Billing: You must configure a billing profile and payment method before campaigns can deliver. This is not optional — without credits, API calls that incur billable usage will fail. Set up spend alerts before you go live.

Beta availability: Even within the U.S., Ads Manager is still rolling out. Some accounts won't see it until the rollout reaches them.

Step 1: Access Ads Manager

Go to https://ads.openai.com and sign in with your OpenAI credentials. If your advertiser account has been approved, you'll land in the Ads Manager dashboard.

Step 2: Open Settings

In the Ads Manager navigation, go to the Settings tab. Look for the API Keys section.

Step 3: Issue your API key

Click Create new key (label may vary by UI version). Name it clearly — for example, prod-openai-ads or reporting-only — so you can distinguish keys across environments or services.

The key is displayed once. Copy it immediately and store it securely.

Step 4: Store and configure your key

Never hardcode the key in source files or commit it to a repository. Store it as an environment variable:

export OPENAI_ADS_API_KEY="your_key_here"

For production, use a secrets manager — AWS Secrets Manager, GCP Secret Manager, or Azure Key Vault. Use separate keys per environment (dev, staging, prod) and per service where possible, so you can revoke one without impacting everything else.

Step 5: Test the key

Confirm the key is working with a call to the ad account endpoint:

curl -X GET "https://api.ads.openai.com/v1/ad_account" \
  -H "Authorization: Bearer $OPENAI_ADS_API_KEY" \
  -H "Accept: application/json"

A successful response returns your account ID, name, timezone, and currency:

{
  "id": "act_123",
  "name": "Acme Ads",
  "timezone": "UTC",
  "currency_code": "USD"
}

If you get a 401, verify the key format and that your account has completed verification. If you get a 403, billing may not be configured.

Authentication pattern

Every request to the Ads API uses the key as a Bearer token in the Authorization header:

Authorization: Bearer $OPENAI_ADS_API_KEY

There is no OAuth flow, no token refresh cycle, and no cloudId resolution step. Authentication is simpler than most advertising APIs — the complexity lives in account eligibility and billing, not the auth pattern itself.

Key scoping and multi-account usage

By default, each API key is scoped to one ad account. This works for most single-brand use cases.

If you need to manage multiple ad accounts — for example, as an agency or a multi-brand organization — there is no self-serve multi-account key UI. Each ad account requires its own key. If you need cross-account management from a single integration, contact OpenAI support or sales to discuss the options.

Billing behavior

The OpenAI Ads API uses a prepaid credit model. If your account's credit balance reaches zero, API calls that trigger billable usage will fail — this is a hard gate, not a warning. Configure spend alerts and monitor balance proactively so you don't discover this during a live campaign.

Rate limits

The Ads API enforces two limits simultaneously:

Handle 429s with exponential backoff. Read rate-limit headers (x-ratelimit-remaining-requests, x-ratelimit-reset-requests) to decide when to resume rather than hardcoding retry intervals. For high-volume reporting workflows, cache read-heavy data where freshness isn't critical.

Note: a 429 caused by an exhausted credit balance or billing hard limit won't resolve with retries. If the error indicates insufficient quota or a billing limit has been reached, add credits before retrying.

Common errors and fixes

401 Unauthorized

• Key is invalid or was not copied correctly
• Account verification is incomplete

403 Forbidden

• Billing is not configured
• Account does not have permission for the requested resource

429 Too Many Requests

• Rate limit hit — implement exponential backoff and respect the reset headers
• If the error indicates a billing or quota issue, add credits; retrying won't help

Campaigns not delivering

• Ad, ad group, and campaign must all have status: active
• Ad must clear review (review_status field) — typically takes a few minutes
• Credits balance may be exhausted

The ad object hierarchy

Understanding the structure before you build avoids failures from calling endpoints in the wrong order:

Ad Account
  └── Campaign          (budget, schedule, status)
        └── Ad Group    (bidding, targeting)
              └── Ad    (creative, headline, URL)

An ad only serves when the ad, its parent ad group, and its parent campaign are all active and the ad has cleared review.

What you can do with the Ads API

The API covers the full campaign management workflow:

Campaigns — create, read, update, remove. Writable fields include budget_amount, budget_period, name, status, start_at, end_at, and targeting.

Ad Groups — create, read, update, remove. Requires campaign_id. Writable fields include bid_amount, billing_event, campaign_id, name, and status.

Ads — create, read, update, remove. Requires group_id. Writable fields include creative_ids, description, final_url, group_id, headline, name, and status.

Creative assets — upload image files; returns a file_id for use in ad creation.

Insights — retrieve performance data (impressions, clicks, spend) at the account, campaign, ad group, or ad level with configurable time granularity.

Passthrough — direct access to any Ads API endpoint via POST, GET, PUT, DELETE for use cases outside the normalized objects above.

Connect OpenAI Ads to a unified advertising integration

If OpenAI Ads is one of several advertising integrations your product needs to support — alongside LinkedIn Ads, Google Ads, or Meta Ads — managing separate auth flows, data models, and rate-limit logic per integration compounds quickly.

Unified's advertising category includes OpenAI Ads (launched May 14, 2026) alongside LinkedIn Ads, Google Ads, Meta Ads, and others. The auth pattern, endpoint structure, and response shape are consistent across all of them. The only variable that distinguishes one ad network from another is the connection_id.

How auth works

You don't pass platform-specific API keys into Unified manually. Instead:

As a developer, you configure which advertising integrations are enabled in Unified, then embed Unified's hosted authorization component into your product's connect flow. This is a one-time setup.

Your customers click "Connect your ad accounts" inside your product, which launches Unified's hosted UI. They authenticate with OpenAI Ads (or LinkedIn, Google, Meta, etc.) directly. Unified stores the resulting tokens — your backend never handles platform credentials.

When the authorization flow completes, Unified redirects to your callback URL with the connection ID as a query parameter:

https://your-app/callback?id=cn_1234...&state=...

Your callback handler reads that id, associates it with the relevant user or account record in your system, and stores it. That connection_id is what you pass into every subsequent Unified Advertising API call for that customer.

Calling the API

Once a connection exists, every Unified Advertising API call follows the same URL pattern regardless of provider:

GET https://api.unified.to/ads/{connection_id}/campaigns

OpenAI Ads campaigns and LinkedIn Ads campaigns use identical paths — only the connection_id changes:

# OpenAI Ads
GET https://api.unified.to/ads/{openai_connection_id}/campaigns

# LinkedIn Ads
GET https://api.unified.to/ads/{linkedin_connection_id}/campaigns

Same method, same response shape, same endpoint name. The provider is encoded in the connection metadata and abstracted away entirely.

To create an ad using the Node SDK:

import { UnifiedTo } from '@unified-api/typescript-sdk';

const sdk = new UnifiedTo({
  security: {
    jwt: '<YOUR_UNIFIED_API_KEY>',
  },
});

const result = await sdk.ads.createAdsAd({
  connectionId: 'your_openai_ads_connection_id',
  adsAd: {
    name: 'Spring launch ad',
    group_id: 'your_group_id',
    headline: 'Try the new workspace planner',
    description: 'Coordinate tasks, docs, and meetings in one place.',
    final_url: 'https://example.com/workspace-planner',
    status: 'ACTIVE',
  },
  fields: 'id,name,status,headline,final_url',
});

Swap the connectionId for a LinkedIn Ads or Google Ads connection and the same call works against those networks.

What's covered for OpenAI Ads

→ Start your 30-day free trial

→ Book a demo

FAQs

Is the OpenAI Ads API key the same as my OpenAI developer API key? No. Developer API keys for GPT models are issued at platform.openai.com. Ads API keys are issued from Ads Manager and authenticate against a different base URL (api.ads.openai.com). The two are not interchangeable.

Can I use one key for multiple ad accounts? Not by default. Each key is scoped to one ad account. Contact OpenAI to discuss multi-account arrangements.

What happens if my credits run out? API calls that trigger billable usage will fail. This is a hard stop. Configure balance alerts to avoid disruption.

Is the Ads API available outside the US? Currently, Ads Manager Beta and the Ads API are focused on U.S. advertisers. Non-U.S. availability has not been announced.

Do Ads API keys expire? OpenAI's Ads docs do not currently document any time-based expiry or auto-rotation policy for Ads API keys. Treat them as long-lived secrets regardless: rotate proactively, monitor for unusual usage, and revoke immediately if you suspect compromise. If key lifecycle matters for your compliance requirements, confirm with OpenAI before relying on long-lived keys.

What ad format does the Ads API support? Currently chat_card creatives — a title, body, target URL, and image asset displayed within ChatGPT conversations.

Key takeaways

• OpenAI Ads API keys are issued from Ads Manager, not platform.openai.com
• Access is currently beta and gated by geography, account verification, category eligibility, and billing
• Authentication is a single Bearer token — no OAuth flow required
• Each key is scoped to one ad account; multi-account requires contacting OpenAI
• Billing is prepaid and a hard gate — zero balance stops API calls
• Rate limits are 600 req/min per endpoint and 1,200 req/min overall; billing-related 429s require adding credits, not retrying
• Unified's advertising category includes OpenAI Ads alongside LinkedIn, Google, and Meta — one connection_id pattern across all integrations