llm
agents
ai-tools
dev-productivity
View original source
article

Max Claude Max OAuth for Safe Agentic Coding

Stick to one human per subscription for personal scripts/agents via OAuth token; switch to API keys for any shared use to avoid instant bans while maximizing your paid compute.

The Golden Rule: One Human, One Beneficiary

Your Claude Pro or Max subscription's OAuth token is strictly for individual use. The core principle from Anthropic's Usage Policy: "Developers building products or services that interact with Claude's capabilities, including the SDK, should use API authentication." If agents process requests for anyone else, you've violated terms—switch to API keys immediately. This prevents abuse detection flagging high-volume, multi-user patterns that no single person would generate.

Why it matters: Subscriptions aren't designed for production-scale or shared workloads; they're for personal productivity. Violating this trades frontier AI access for short-term savings. Test: "Am I the only human whose work these agents run?" Yes → OAuth. No → API.

Common mistake: Assuming low token usage hides sharing. Anthropic's systems detect anomalies like diverse prompts or team-scale volume.

"Your Pro or Max subscription is for your individual use. The moment your code routes someone else's request through your subscription, stop using the subscription OAuth token and switch to an API key."

Usage Tiers: Safe, Controversial, Bannable

Distinguish patterns by beneficiary count to stay compliant.

Safe (Personal Only): Run personal scripts, cron jobs, dotfiles, Claude Agent SDK for your agents, CI on your solo repo (with CLAUDE_CODE_OAUTH_TOKEN), or Claude Code on your work machine. Building products is fine—as long as runtime uses your token solo.

Before: Paying API for personal cron jobs. After: OAuth bills subscription, saving costs.

Controversial (Blurry—Avoid or API): Agency/contractor services via your token, Slack bots/reports for teams, OSS CLIs embedding your token, internal tools shared across one Pro/Max seat. Principle: Output benefiting multiple humans blurs lines. Recommendation: Use API keys; contact sales for clarity.

Bannable (Instant Flag): Shipping SaaS/products on your token, multi-tenant apps proxying logins, team-splitting seats sans enterprise plan, reselling access, extracting/sharing tokens from keychain. Detection: Abnormal scale (e.g., random multi-user requests).

Quality criteria: Solo beneficiary → green. Shared process/output → yellow/red. Enterprise/team plans alter rules—verify via sales.

"Don't trade Frontier AI access and Frontier AI tooling for a few hundred bucks."

OAuth vs API Mechanics and Gotchas

Claude Code subscriptions use OAuth (CLAUDE_CODE_OAUTH_TOKEN) for web/desktop/CLI access, billing against your plan. API keys (ANTHROPIC_API_KEY) are pay-per-token, unlimited scale.

Precedence Chain (Critical Gotcha): Env vars override: ANTHROPIC_API_KEY silently trumps OAuth. Fix: Unset it or prefix-check in code:

if os.getenv('ANTHROPIC_API_KEY'):
    del os.environ['ANTHROPIC_API_KEY']  # Or handle explicitly

This ensures subscription billing. Third-party harnesses (e.g., OpenClaw) amplify risks—Anthropic flip-flops via tweets/docs, but policy prioritizes direct products.

Verification Principle: Check raw NDJSON event streams for api_key_source (API vs OAuth) and rate limits (OAuth has subscription caps, API none).

Current state: Avoid third-party harnesses for OAuth; prefer controlled OSS like PI Coding Agent. Anthropic prioritizes capacity for direct users amid compute constraints.

"Subscriptions weren't built for the usage patterns of these third-party tools. Capacity is a resource we manage thoughtfully."

Step-by-Step: Setup, Run, Verify OAuth

Assumes: Claude Max/Pro sub, Claude Code installed. For solo use only.

  1. Generate Token: Run claude setup-token (CLI). Copies CLAUDE_CODE_OAUTH_TOKEN to env/keychain.
  2. Unset API Override: In shell/script: unset ANTHROPIC_API_KEY or code-del as above.
  3. CLI Test: claude --ping. Stream shows oauth source, subscription rate limits.
    Example output diff:
    • API: {"api_key_source": "env", "rate_limit_events": []}
    • OAuth: {"oauth_source": true, "subscription_limits": [...]}
  4. Agent SDK/Repo CI: Set CLAUDE_CODE_OAUTH_TOKEN in your repo env. Run agents via SDK.
  5. Justfile Workflow (From Repo): Clone https://github.com/disler/max-your-cc-sub. Run just api-cli (API baseline), just oauth-cli (OAuth). Compare streams.
    # justfile snippet
api-cli: uv run api_cli.py
oauth-cli: uv run oauth_cli.py  # Unsets API key first

Practice: Build a personal cron agent (e.g., daily reports for you). Verify stream, scale to your limits.

Broader Fit: Use in dev productivity pipelines pre-product; transition to API at MVP.

Prerequisites: Basic Python/CLI, Claude Code setup. Level: AI-curious dev (2+ yrs).

"If you're unsure, contact sales. For questions about permitted authentication use, please contact sales."

Key Takeaways

  • Memorize: One human, one subscription, one beneficiary—API for anything shared.
  • Unset ANTHROPIC_API_KEY to force OAuth billing; verify via NDJSON api_key_source.
  • Safe: Personal scripts/CI/agents. Controversial: Team bots—API instead.
  • Bannable: SaaS/products on personal token—enterprise plans only.
  • Test streams in companion repo; contact sales for gray areas like third-party harnesses.
  • Prioritize access over savings: Anthropic's models are irreplaceable for agentic work.
  • Track docs over tweets; policy > social flip-flops.
  • For production: API keys scale predictably sans ban risk.

Summarized by x-ai/grok-4.1-fast via openrouter

8681 input / 2496 output tokens in 18980ms

© 2026 Edge