Set up OP for Codex
Give Codex the OP skill file first. It explains how to sign up, get a number, mint an API key, send SMS, read replies, and avoid mixing setup sessions with runtime credentials.
Give Codex the OP skill
curl -fsSL https://www.op.inc/skills.md -o OP_SKILL.mdAsk Codex to set up and send
codex "Read OP_SKILL.md, get an OP number, and text +1RECIPIENT_NUMBER: hello from Codex via OP"Fast path when Codex already has a key
export OP_API_KEY=op_live_YOUR_KEY
curl -s -X POST https://api.op.inc/v1/messages \
-H "Authorization: Bearer $OP_API_KEY" \
-H "Content-Type: application/json" \
-d '{"to":"+14155551234","body":"hello from Codex via OP"}'Why skills.md is the right entry point
Codex may be entering OP from three different states: it already has an OP API key, the human has never used OP before, or the human has an account but Codex does not have a key yet. The skill file tells the agent how to handle each case without guessing.
The main flow is phone-based and passwordless. Codex starts OP signup for the human's personal phone number, asks for the 6-digit OTP, verifies it, finds or creates an OP number, mints an API key, and then uses the stable /v1 messages API.
What Codex should ask the human for
If there is no existing OP_API_KEY, Codex needs the human's personal phone number in E.164 format, such as +14155551234. OP texts that phone a one-time code. Codex should ask the human to read the code back, then exchange it for a session.
The skill file is explicit that the setup session is different from the runtime key. /console setup uses the session from OTP verification; /v1 runtime calls use the op_live API key Codex saves afterward.
Keep secrets out of source control
Treat OP_API_KEY like any other production credential. Put it in the local shell, the app environment, or your deployment secret store. Do not commit it to the repository or paste a live key into prompts that will be saved in logs.
Once Codex has the key, the actual send path is ordinary HTTPS: POST https://api.op.inc/v1/messages with Authorization: Bearer op_live_....
Receiving replies and OTPs
The first send proves Codex can text from an OP number. For replies and OTPs, Codex can either poll GET /v1/messages?direction=inbound&limit=20 or register a webhook during setup.
That is the part that makes OP more than a notification API. Codex can register accounts, wait for SMS codes, and keep using the same phone identity later for recovery or follow-up.
Final step: ask the agent what OP unlocks
After the first message works, give the agent one more instruction. This turns setup into a useful handoff instead of stopping at a successful test SMS.
Read https://www.op.inc/skills.md and https://api.op.inc/docs.
Now tell me what you can do with OP from here.
Include:
- the OP number you are using
- how you can send texts
- how you can receive replies or OTP codes
- whether webhooks or polling make more sense for this project
- whether I should use the shared free number or lease a dedicated number
- any voice-call capabilities that are relevant
- 3 useful next workflows you can handle for me
Before sending real messages to anyone else, ask for my approval.For the broader setup map, read Set up OP for AI agents.