Safely Maximize Claude Max with OAuth: Avoid Bans

The Golden Rule: One Human, One Subscription, One Beneficiary

The core principle for using Claude Pro or Max subscriptions without risking a ban is individual use only. Your OAuth token bills against your subscription for personal workflows where you are the sole beneficiary. The instant another human's requests route through your token—via shared bots, team tools, or products—switch to an API key. This aligns with Anthropic's Usage Policy: "Developers building products or services that interact with Claude's capabilities, including the SDK, should use API authentication."

Test any setup with this question: "Am I the only human whose work these agents are running?" If yes, OAuth is safe. If no, API key required. Building a product yourself is fine; embedding subscription access in it for others is not. Enterprise/team plans have looser rules—contact sales for clarity.

"Your Pro or Max subscription is for your individual use. The moment your code routes someone else's request through your subscription, stop using the subscription OAuth token and switch to an API key."

This rule prevents abuse detection from flagging high-volume, multi-user patterns that a single individual couldn't generate.

Usage Tiers: Safe, Controversial, and Bannable Practices

Safe: Personal, Solo Workflows

Run Claude's agent SDK, CLI, or Code apps (web/desktop) for your own scripts, cron jobs, dotfiles, CI on personal repos (with CLAUDE_CODE_OAUTH_TOKEN), or engineering on your laptop. Examples:

Agentic research pipelines.
Personal CI/CD with OAuth token set.
Claude Code for authoring code/products (as long as output benefits only you).

These bill against your subscription limits (e.g., Opus rate limits differ from API). No bans, as you're the sole user.

Controversial: Shared Outputs Blur Lines

Agency/contractor services, Slack bots, daily reports for teams, open-source CLIs with baked-in tokens, or internal tools on one Pro/Max seat. Output benefits multiple humans, violating individual use.

Honest fix: Switch to API key. For teams, get enterprise plan. Third-party agent harnesses (e.g., OpenClaw-style) are extra murky due to Anthropic's flip-flops—play safe and use API or contact sales.

"Slack bots daily reports used by multiple humans... we've broken that rule about who the intended output is for."

Bannable: Product Shipping and Token Abuse

Instant bans for:

Shipping products/SaaS on your OAuth token.
Multi-tenant apps proxying Claude logins.
Team-splitting one seat without enterprise.
Reselling access.
Extracting/sharing tokens from keychain.

Abuse classifiers detect anomalous token volumes/prompt patterns. Don't risk frontier models for savings—API keys scale predictably.

"Don't trade Frontier AI access and Frontier AI tooling for a few hundred bucks."

OAuth vs. API Key Mechanics and Gotchas

Claude Code subscriptions use OAuth tokens (CLAUDE_CODE_OAUTH_TOKEN) for CLI/SDK access, billing subscription quotas. API keys (ANTHROPIC_API_KEY) bill pay-per-token.

Precedence Chain (Critical Gotcha): Environment vars override: ANTHROPIC_API_KEY > CLAUDE_CODE_OAUTH_TOKEN. Set only OAuth for subscription billing; unset API key or use code to prioritize:

import os
if 'ANTHROPIC_API_KEY' in os.environ:
    del os.environ['ANTHROPIC_API_KEY']  # Force OAuth precedence

Verify billing in raw NDJSON event stream (CLI/SDK outputs):

API: "api_key_source", no subscription rate limits.
OAuth: Subscription rate limit events, OAuth indicators.

Step-by-Step Setup for Safe OAuth Usage

Install/Setup Claude Code CLI: Run claude setup-token to generate CLAUDE_CODE_OAUTH_TOKEN (stored securely).
Environment Prep:
- Export CLAUDE_CODE_OAUTH_TOKEN=your_token.
- Unset ANTHROPIC_API_KEY or use the del code above.
Test CLI: claude ping → Check NDJSON for OAuth source and subscription limits.
Agent SDK Example (Python):

from claude.agent_sdk import AgentSDK sdk = AgentSDK() # Uses env token response = sdk.run("your prompt") print(response) # Inspect NDJSON stream


5. **CI/Repo Usage:** Set token in CI secrets for personal repos only.

6. **Verify Billing:** Pipe output to grep: `claude ... | grep -i 'oauth|rate_limit'` → Confirms subscription hit.

Companion repo (https://github.com/disler/max-your-cc-sub) has Justfile with side-by-side API/OAuth scripts for comparison. Assumes UV (Astral's Python runner) for speed.

**Common Mistakes to Avoid:**
- Silent API override wasting subscription.
- Ignoring precedence—always verify stream.
- Gray areas without asking sales.

Level: Intermediate engineers comfortable with env vars, Python/TypeScript, CLIs. Fits early in agentic workflows: setup before building pipelines.

## Third-Party Harness Confusion and Recommendations

Anthropic's Twitter flip-flops (e.g., Tarq encouraging SDK experimentation, Boris Churny banning OpenClaw, reinstatements) create noise. Stick to docs over tweets:
- Local/personal SDK: OK.
- Production/business on SDK: API key.

Current state: OpenClaw unbanned for CLI but risky for gateways. Prefer controlled alternatives like PI Coding Agent (open-source Claude Code competitor) for multi-agent orchestration. Avoid bloat in official Claude Code.

Contact sales for permitted auth questions. Play conservative—preserve access to Opus-level intelligence.

> "I found myself just as confused as many other engineers, which is a serious problem."

## Key Takeaways
- Memorize: One human benefits → OAuth subscription; others involved → API key.
- Unset ANTHROPIC_API_KEY to force OAuth precedence; verify via NDJSON streams.
- Safe: Personal scripts/CI/agents. Controversial: Bots/team tools—switch to API.
- Bannable: Products/SaaS/team-sharing on personal token—instant detection.
- Test setups with repo examples; contact sales for gray areas like third-party harnesses.
- Prioritize docs over Twitter; don't risk bans for minor savings.
- Use PI Coding Agent for customizable harnesses in agentic scaling.