Overview and Background of the “Rate Limit Reset” Feature
To ensure service stability and fair allocation of computing resources, large-scale AI model services typically employ a “Rate Limiting” mechanism. Recently, OpenAI introduced a new feature for its AI programming assistant, Codex, called “rate-limit reset,” bringing greater flexibility to this standard policy.
According to OpenAI’s announcement on June 11, 2026, this feature is available to eligible Codex Plus and Pro subscribers. Users can obtain “Reset Cards” by participating in specific activities or through invitations, rather than having them distributed uniformly at a set time. This means the number of Reset Cards and the conditions for obtaining them may vary between accounts. The core value of this feature is that it partially returns control over the timing of quota refreshes to the user, allowing them to avoid work interruptions while waiting for the system’s automatic reset.
How It Works and Operating Procedure
The “rate-limit reset” feature is stored in a user’s account in the form of “Reset Cards,” distinct from the system’s scheduled automatic quota recovery. Users can decide when to use a Reset Card to manually refresh their usage limits.
Based on current observations, using one Reset Card can refresh multiple rate limit dimensions simultaneously (e.g., hourly and weekly limits). However, users should note that the specific scope of the reset is subject to the confirmation message displayed in the client interface at the time of use, as OpenAI may adjust its quota schemes.
The standard operating procedure is as follows:
- Locate the Entry Point: In the Codex desktop client, find the usage summary (may appear as a “Usage” pop-up in newer versions) near the settings or your profile icon, and look for the “resets available” prompt.
- Confirm Usage: After navigating to the reset list, select a card (usually the one expiring soonest) and click to use it. Users should carefully read the pop-up confirmation message to avoid mistaking the “Use” button for a “Details” button, which could lead to accidental consumption.
- Verify the Result: After the operation, return to the usage page to check if the number of Reset Cards has decreased and confirm that the relevant quotas have been refreshed. If the interface does not update immediately, try refreshing or restarting the client. Do not click repeatedly.
Reset Card Validity and Advanced Queries

Each Reset Card has its own lifecycle. Official documentation states that Reset Cards must typically be used within 30 days of being granted, or they will expire automatically. Expired cards are simply voided and do not trigger an automatic reset. Therefore, users need to manage them proactively, for example, by setting calendar reminders for expiring cards to avoid waste.
For users who need to precisely manage multiple Reset Cards, it is possible to query the exact expiration time for each card using specific technical methods. The Codex client itself can perform a read-only query by reading the access_token from the local path ~/.codex/auth.json and using this credential to send a request to OpenAI’s internal API endpoint chatgpt.com/backend-api/wham. This retrieves detailed data on rate-limit reset credits, including fields like available_count (available quantity), granted_at (time granted), and expires_at (expiration time).
Core Security Risk: Protecting Your Access Token
Performing advanced queries involves your access_token, and users must be acutely aware of the security implications. An access_token is a bearer token, which is technically equivalent to a temporary access key for your account. Any third party that obtains this token could potentially impersonate you without a password to make API calls or perform other actions.
Therefore, it is crucial to adhere strictly to the following security guidelines:
- Absolutely No Sharing: Never send your
access_token to anyone or post it on public platforms in any form (including text or screenshots).
- Beware of Third-Party Tools: Do not paste your
access_token into any untrusted web applications or third-party tools.
- Understand the API Risks:
wham is an internal OpenAI API. Its functionality, path, and response format are not guaranteed by public service commitments and may change or be deprecated at any time. It is not recommended for use in automated production workflows.
For users unfamiliar with these technical concepts, the safest and recommended practice is to rely solely on the official interface provided by the Codex client to manage Reset Cards to avoid potential security risks.