Environment:Openai Openai node OpenAI API Credentials

Overview

API credentials and configuration environment variables required to authenticate with the OpenAI API.

Description

The OpenAI Node.js SDK reads authentication credentials from environment variables at client construction time. The `OPENAI_API_KEY` is the only required credential; all others are optional and provide organization scoping, project scoping, custom endpoints, webhook verification, and debug logging. The SDK supports both static string API keys and async functions that resolve to strings, enabling credential rotation at runtime.

Usage

Use this environment whenever instantiating the `OpenAI` client class. The API key is validated at construction time — if missing, the constructor throws immediately. For webhook signature verification, `OPENAI_WEBHOOK_SECRET` must also be set.

System Requirements

Dependencies

System Packages

• None

NPM Packages

• `openai` >= 5.0.0 (current: 6.22.0)

Credentials

The following environment variables must be configured:

• `OPENAI_API_KEY`: Required. API key for authenticating with the OpenAI API. Can also be passed programmatically via the `apiKey` constructor option.
• `OPENAI_ORG_ID`: Optional. Organization ID sent as `OpenAI-Organization` header. Scopes requests to a specific organization.
• `OPENAI_PROJECT_ID`: Optional. Project ID sent as `OpenAI-Project` header. Scopes requests to a specific project.
• `OPENAI_BASE_URL`: Optional. Overrides the default base URL `https://api.openai.com/v1`. Useful for Azure OpenAI or proxy setups.
• `OPENAI_WEBHOOK_SECRET`: Optional. Secret used to verify incoming webhook signatures via HMAC-SHA256.
• `OPENAI_LOG`: Optional. Controls SDK logging verbosity. Valid values: `off`, `error`, `warn`, `info`, `debug`. Defaults to `warn`.

Quick Install

# Set required environment variable
export OPENAI_API_KEY="sk-..."

# Optional: set organization and project
export OPENAI_ORG_ID="org-..."
export OPENAI_PROJECT_ID="proj-..."

# Optional: enable debug logging
export OPENAI_LOG="debug"

Code Evidence

Constructor defaults reading from environment in `src/client.ts:377-382`:

constructor({
    baseURL = readEnv('OPENAI_BASE_URL'),
    apiKey = readEnv('OPENAI_API_KEY'),
    organization = readEnv('OPENAI_ORG_ID') ?? null,
    project = readEnv('OPENAI_PROJECT_ID') ?? null,
    webhookSecret = readEnv('OPENAI_WEBHOOK_SECRET') ?? null,
    ...opts
  }: ClientOptions = {}) {

Missing API key error from `src/client.ts:385-389`:

if (apiKey === undefined) {
  throw new Errors.OpenAIError(
    'Missing credentials. Please pass an `apiKey`, or set the `OPENAI_API_KEY` environment variable.',
  );
}

Log level configuration from `src/client.ts:412-415`:

this.logLevel =
  parseLogLevel(options.logLevel, 'ClientOptions.logLevel', this) ??
  parseLogLevel(readEnv('OPENAI_LOG'), "process.env['OPENAI_LOG']", this) ??
  defaultLogLevel;

Common Errors

Compatibility Notes

• Azure OpenAI: Use the `AzureOpenAI` client class with `AZURE_OPENAI_API_KEY`, `AZURE_OPENAI_ENDPOINT`, and deployment-specific configuration instead.
• Async API Key Function: The `apiKey` option accepts `() => Promise<string>` for runtime credential rotation. The function is invoked before each request.
• Deno: Environment variables are read via `Deno.env.get()` — ensure permissions are granted with `--allow-env`.

Related Pages

• Implementation:Openai_Openai_node_OpenAI_Constructor
• Implementation:Openai_Openai_node_Jobs_Create
• Implementation:Openai_Openai_node_Files_Create