CDX-301f · Module 2

API Access from Sandbox

3 min read

Some Codex tasks legitimately need to call external APIs — testing webhook integrations, validating API contract changes, or running end-to-end tests against staging environments. Enabling API access from the sandbox requires three steps: adding the API domain to the allowlist, injecting the necessary credentials (API keys, tokens), and configuring the task to use the correct endpoint. Each step introduces risk, and the combination of all three — open network + live credentials + autonomous execution — demands careful scoping.

The safest pattern for API access is the staging-only rule: never allow sandbox tasks to reach production APIs. Create a dedicated staging environment or sandbox API key with limited permissions (read-only, rate-limited, scoped to test data). This way, even if the agent generates code that makes unexpected API calls, the blast radius is contained. The staging environment can be reset, the test data is not sensitive, and the rate limits prevent abuse.

# API access configuration

network:
  allowlist:
    - "api.staging.example.com"      # Staging only — never production
    - "hooks.staging.stripe.com"     # Stripe test mode
    - "api.sandbox.twilio.com"       # Twilio sandbox

credentials:
  STAGING_API_KEY:
    source: vault                     # Pulled from secrets manager
    scope: task                       # Available only during execution
    permissions: read-only            # Cannot modify staging data

# AGENTS.md rules for API access
## Rules
- NEVER call production API endpoints from cloud tasks
- Always use staging/sandbox API keys — never production keys
- All external API calls must include error handling and timeouts
- Log all external API calls for audit
  1. Create sandbox API keys For each external service your tests need, create a dedicated API key with minimal permissions. Label it clearly as "Codex sandbox" for audit purposes.
  2. Configure staging endpoints Set environment variables in the task configuration that point to staging endpoints. Never rely on the agent to choose the right endpoint — inject it.
  3. Add rate limits Even staging APIs can be overwhelmed by parallel tasks. Set per-key rate limits on your staging environment that match your expected parallel task count.