Workspace Agents API adds dedicated Workspace Agent access tokens
API calls that trigger published ChatGPT workspace agents now authenticate with dedicated Workspace Agent access tokens sent as Bearer auth against api.chatgpt.com. Tokens are created in ChatGPT Admin with the Workspace Agents scope and are valid only for Workspace Agents operations.
Action note
To call workspace agents programmatically, have an admin enable the token permission, mint a Workspace Agents-scoped token, and store it in your secrets manager instead of reusing platform API keys.
Compliance API exports audit events for Codex and ChatGPT workspace activity
OpenAI's Compliance API lets enterprise admins programmatically export audit records covering Codex activity (prompts, tool approvals, code review events) for eDiscovery, DLP, and SIEM pipelines. ChatGPT-authenticated Codex audit logs are retained up to 30 days on OpenAI's side.
Action note
If you run Codex under an Enterprise workspace, wire the Compliance API export into your SIEM before the 30-day source retention window lapses on events you may need.