Skip to main content

Overview

Qwen Code supports two authentication methods, each suited for different use cases:

Qwen OAuth

Recommended for most users
  • Sign in with your qwen.ai account
  • 1,000 free requests per day
  • No API key management required
  • Browser-based authentication flow

API Key

For advanced users and production
  • Use your own API keys
  • Support for multiple providers
  • Full control over models and quotas
  • Works in headless environments
You can switch between authentication methods at any time using the /auth command.
Qwen OAuth is the easiest way to get started with Qwen Code. Sign in once and get immediate access to AI-powered coding assistance.

Features

  • Free tier: 1,000 requests per day at no cost
  • No API keys: No need to manage API keys or billing
  • Auto-refresh: Credentials refresh automatically
  • Secure: OAuth 2.0 standard with token encryption

Setup

1

Launch Qwen Code

Start Qwen Code from your terminal:
qwen
2

Run auth command

Type the auth command:
qwen> /auth
3

Select Qwen OAuth

Choose Qwen OAuth from the authentication options menu.
4

Complete browser flow

  1. A browser window opens automatically
  2. Sign in with your qwen.ai account (or create a new account)
  3. Authorize Qwen Code to access your account
  4. You’ll be redirected to a success page
  5. Return to your terminal—authentication is complete!
✓ Authentication successful!
✓ Signed in as: [email protected]
✓ Free tier: 1,000 requests/day remaining

Usage in Production

Qwen OAuth requires interactive browser access. In non-interactive environments (CI/CD, Docker containers, SSH sessions without X11), use API key authentication instead.
Environments where OAuth won’t work:
  • Continuous Integration (CI/CD) pipelines
  • Docker containers without display
  • SSH sessions without X11 forwarding
  • Headless servers
  • Automated scripts
For these scenarios, use API Key authentication.

Credential Storage

OAuth credentials are stored securely:
  • Location: ~/.qwen/auth/oauth-tokens.json
  • Encryption: Tokens are encrypted at rest
  • Auto-refresh: Access tokens refresh automatically before expiration
  • Privacy: Never shared or sent to third parties

Checking Your Usage

Check remaining requests at any time: 
qwen> /stats
Output: 
Session Statistics
──────────────────────────────────────
Provider:        Qwen OAuth
Model:           qwen3.5-plus
Requests today:  247 / 1,000
Tokens used:     45,892
Session time:    1h 23m

Signing Out

To sign out and clear credentials: 
qwen> /auth
# Select "Sign Out" or choose a different authentication method
Or manually remove credentials: 
rm -rf ~/.qwen/auth/

API Key Authentication

API key authentication gives you full control over which AI provider and model to use. It’s ideal for:
  • Production deployments
  • CI/CD pipelines
  • Custom model configurations
  • Team environments with shared API keys
  • Users who want to use their own API quotas

Supported Providers

Qwen Code supports multiple AI providers through API key authentication:
Providers:
  • Alibaba Cloud Dashscope (Qwen models)
  • Alibaba Cloud Bailian Coding Plan
  • OpenAI (GPT models)
  • OpenRouter (multiple models)
  • Any OpenAI-compatible API
Required:
  • API key
  • Base URL (if not using OpenAI directly)
  • Model ID

Quick Setup with settings.json

The recommended way to configure API key authentication is using ~/.qwen/settings.json:
1

Create settings file

Create or edit ~/.qwen/settings.json in your home directory:
mkdir -p ~/.qwen
nano ~/.qwen/settings.json
2

Add configuration

Example for Qwen models via Dashscope:
{
  "modelProviders": {
    "openai": [
      {
        "id": "qwen3-coder-plus",
        "name": "qwen3-coder-plus",
        "baseUrl": "https://dashscope.aliyuncs.com/compatible-mode/v1",
        "description": "Qwen3-Coder via Dashscope",
        "envKey": "DASHSCOPE_API_KEY"
      }
    ]
  },
  "env": {
    "DASHSCOPE_API_KEY": "sk-xxxxxxxxxxxxx"
  },
  "security": {
    "auth": {
      "selectedType": "openai"
    }
  },
  "model": {
    "name": "qwen3-coder-plus"
  }
}
3

Get your API key

4

Start Qwen Code

qwen
Your configuration takes effect automatically.

Configuration Fields

FieldDescription
modelProvidersDefine available models per protocol (openai, anthropic, gemini)
modelProviders[].idModel ID sent to the API (e.g., qwen3-coder-plus, gpt-4o)
modelProviders[].nameDisplay name shown in model selection
modelProviders[].baseUrlAPI endpoint URL (required for non-default endpoints)
modelProviders[].envKeyEnvironment variable name that holds the API key
modelProviders[].descriptionOptional description shown in model selection
envFallback place to store API keys (prefer environment variables for security)
security.auth.selectedTypeDefault auth protocol: openai, anthropic, gemini, vertex-ai, qwen-oauth
model.nameDefault model to use on startup

Example Configurations

Higher quotas with a fixed monthly subscription:
{
  "modelProviders": {
    "openai": [
      {
        "id": "qwen3.5-plus",
        "name": "qwen3.5-plus (Coding Plan)",
        "baseUrl": "https://coding.dashscope.aliyuncs.com/v1",
        "description": "qwen3.5-plus with thinking enabled",
        "envKey": "BAILIAN_CODING_PLAN_API_KEY",
        "generationConfig": {
          "extra_body": {
            "enable_thinking": true
          }
        }
      },
      {
        "id": "qwen3-coder-plus",
        "name": "qwen3-coder-plus (Coding Plan)",
        "baseUrl": "https://coding.dashscope.aliyuncs.com/v1",
        "envKey": "BAILIAN_CODING_PLAN_API_KEY"
      }
    ]
  },
  "env": {
    "BAILIAN_CODING_PLAN_API_KEY": "sk-xxxxxxxxxxxxx"
  },
  "security": {
    "auth": {
      "selectedType": "openai"
    }
  },
  "model": {
    "name": "qwen3-coder-plus"
  }
}
Get your API key from Alibaba Cloud Bailian.
Configure multiple providers and switch between them:
{
  "modelProviders": {
    "openai": [
      {
        "id": "gpt-4o",
        "name": "GPT-4o",
        "envKey": "OPENAI_API_KEY",
        "baseUrl": "https://api.openai.com/v1"
      }
    ],
    "anthropic": [
      {
        "id": "claude-sonnet-4-20250514",
        "name": "Claude Sonnet 4",
        "envKey": "ANTHROPIC_API_KEY",
        "baseUrl": "https://api.anthropic.com"
      }
    ],
    "gemini": [
      {
        "id": "gemini-2.5-pro",
        "name": "Gemini 2.5 Pro",
        "envKey": "GEMINI_API_KEY"
      }
    ]
  },
  "env": {
    "OPENAI_API_KEY": "sk-xxxxxxxxxxxxx",
    "ANTHROPIC_API_KEY": "sk-ant-xxxxxxxxxxxxx",
    "GEMINI_API_KEY": "AIzaxxxxxxxxxxxxx"
  },
  "security": {
    "auth": {
      "selectedType": "openai"
    }
  },
  "model": {
    "name": "gpt-4o"
  }
}
Switch between models during a session:
qwen> /model
# Select from: GPT-4o, Claude Sonnet 4, Gemini 2.5 Pro
For supported models with extended reasoning:
{
  "modelProviders": {
    "openai": [
      {
        "id": "qwen3.5-plus",
        "name": "qwen3.5-plus (thinking)",
        "envKey": "DASHSCOPE_API_KEY",
        "baseUrl": "https://dashscope.aliyuncs.com/compatible-mode/v1",
        "generationConfig": {
          "extra_body": {
            "enable_thinking": true
          }
        }
      }
    ]
  },
  "env": {
    "DASHSCOPE_API_KEY": "sk-xxxxxxxxxxxxx"
  },
  "security": {
    "auth": {
      "selectedType": "openai"
    }
  },
  "model": {
    "name": "qwen3.5-plus"
  }
}

Environment Variables

For better security, set API keys via environment variables instead of storing them in settings.json: 
# Add to ~/.bashrc or ~/.zshrc
export DASHSCOPE_API_KEY="sk-xxxxxxxxxxxxx"
export OPENAI_API_KEY="sk-xxxxxxxxxxxxx"
export ANTHROPIC_API_KEY="sk-ant-xxxxxxxxxxxxx"
Never commit API keys to version control. Use environment variables or .env files (added to .gitignore).

Priority Order

Qwen Code checks for API keys in this order (highest to lowest priority):
  1. Environment variables (from your shell or .env file)
  2. Custom envKey (defined in modelProviders[].envKey)
  3. settings.json env field (fallback, lowest priority)
Example: 
// In settings.json, define envKey
{
  "modelProviders": {
    "openai": [
      {
        "id": "qwen3-coder-plus",
        "envKey": "DASHSCOPE_API_KEY",  // Qwen Code will look for this env var
        ...
      }
    ]
  }
}

# Set the environment variable
export DASHSCOPE_API_KEY="sk-xxxxxxxxxxxxx"
qwen

Switching Authentication Methods

You can change authentication methods at any time:
1

Run /auth command

qwen> /auth
2

Select new method

Choose from:
  • Qwen OAuth
  • OpenAI-compatible API
  • Anthropic API
  • Google GenAI
  • Vertex AI
3

Complete setup

Follow the prompts to configure the new authentication method.

Project-Specific Configuration

Override global settings for specific projects by creating .qwen/settings.json in your project root: 
cd your-project/
mkdir .qwen
nano .qwen/settings.json
Project settings override global settings: 
{
  "security": {
    "auth": {
      "selectedType": "anthropic"
    }
  },
  "model": {
    "name": "claude-sonnet-4-20250514"
  }
}
Now this project always uses Claude, while other projects use your global defaults.
Use project-specific settings to configure different models for different types of projects (e.g., Claude for research, Qwen for coding).

Validation

Qwen Code validates your authentication configuration on startup: 
✓ Authentication: API Key (OpenAI-compatible)
✓ Model: qwen3-coder-plus
✓ Base URL: https://dashscope.aliyuncs.com/compatible-mode/v1
✓ API Key: Found (DASHSCOPE_API_KEY)
If validation fails, you’ll see helpful error messages: 
✗ Authentication failed
✗ DASHSCOPE_API_KEY environment variable not found

Please set the API key:
  export DASHSCOPE_API_KEY="your-api-key"

Or add it to ~/.qwen/settings.json

Troubleshooting

Solutions:
  1. Manually open the URL shown in the terminal
  2. Check if your BROWSER environment variable is set correctly
  3. Try running qwen from a different terminal emulator
  4. Use API key authentication in headless environments
Solutions:
  1. Verify the environment variable name matches envKey in settings
  2. Check if the variable is exported: echo $DASHSCOPE_API_KEY
  3. Restart your terminal after adding to .bashrc/.zshrc
  4. Use absolute paths for .env files
Solutions:
  1. Verify the API key is correct (no extra spaces)
  2. Check if the key has expired
  3. Ensure you have sufficient quota/credits
  4. Verify the key has permissions for the model you’re using
Solutions:
  1. Check security.auth.selectedType in settings.json
  2. Ensure the model ID matches the provider protocol
  3. Use /model to switch models during a session
  4. Verify baseUrl matches your provider’s API endpoint
Solutions:
  1. For Qwen OAuth: Wait until your daily quota resets (midnight UTC)
  2. For API keys: Check your provider’s rate limits
  3. Use /compress to reduce token usage
  4. Switch to a different model or provider with /model

Security Best Practices

Use Environment Variables

Store API keys in environment variables or .env files, never in settings.json committed to git.

Rotate Keys Regularly

Rotate API keys periodically, especially after team member changes.

Limit Key Scope

Use API keys with minimal required permissions. Avoid admin or billing access.

Use .gitignore

Add .env and settings.json files containing secrets to .gitignore.
The ~/.qwen/settings.json file in your home directory should be kept private. Never commit it to version control.

Next Steps

Quick Start

Complete your first AI-assisted coding session

Model Providers

Learn more about configuring multiple providers

Environment Variables

Full reference for environment variable configuration

Settings Reference

Complete settings.json documentation