Claude API Authentication & API Key Management

How to authenticate with the Anthropic Claude API. Set API keys securely in Python, Node.js, and shell. Rotate keys, use environment variables, and avoid common mistakes.

💥 50p impulse-buy: Power Prompts PDF (first 10 buyers) 30 battle-tested Claude Code prompts · 8-page PDF · paste into CLAUDE.md and never re-type a prompt again · 50p impulse-buy, no commitment

The Claude API authenticates every request with an API key passed as a Bearer token. The Anthropic Python and JavaScript SDKs read the key from the environment automatically.

Get your API key

Go to console.anthropic.com → Settings → API Keys → Create Key. Your key starts with sk-ant-.

Python: environment variable (recommended)

# In your shell before running:
# export ANTHROPIC_API_KEY="sk-ant-..."

import anthropic

# SDK reads ANTHROPIC_API_KEY automatically
client = anthropic.Anthropic()

# Or pass explicitly (for multi-key setups)
client = anthropic.Anthropic(api_key="sk-ant-...")

msg = client.messages.create(
    model="claude-haiku-4-5-20251001",
    max_tokens=128,
    messages=[{"role": "user", "content": "Hello"}]
)
print(msg.content[0].text)

JavaScript / Node.js

import Anthropic from "@anthropic-ai/sdk";

// reads process.env.ANTHROPIC_API_KEY automatically
const client = new Anthropic();

const msg = await client.messages.create({
  model: "claude-haiku-4-5-20251001",
  max_tokens: 128,
  messages: [{ role: "user", content: "Hello" }],
});
console.log(msg.content[0].text);

Load from .env (dotenv)

# .env  (never commit this file)
ANTHROPIC_API_KEY=sk-ant-...
# Python
from dotenv import load_dotenv
load_dotenv()          # loads .env into os.environ
import anthropic
client = anthropic.Anthropic()   # reads from env
# Node.js
import "dotenv/config";         // auto-loads .env
import Anthropic from "@anthropic-ai/sdk";
const client = new Anthropic();

Secrets managers (production)

# AWS Secrets Manager
import boto3, json, anthropic

secret = boto3.client("secretsmanager").get_secret_value(
    SecretId="prod/anthropic-api-key"
)
api_key = json.loads(secret["SecretString"])["ANTHROPIC_API_KEY"]
client = anthropic.Anthropic(api_key=api_key)
# Google Secret Manager
from google.cloud import secretmanager
import anthropic

sm = secretmanager.SecretManagerServiceClient()
name = "projects/MY_PROJECT/secrets/anthropic-api-key/versions/latest"
payload = sm.access_secret_version(name=name).payload.data.decode("utf-8")
client = anthropic.Anthropic(api_key=payload)

Raw HTTP (no SDK)

curl https://api.anthropic.com/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "content-type: application/json" \
  -d '{
    "model": "claude-haiku-4-5-20251001",
    "max_tokens": 128,
    "messages": [{"role": "user", "content": "Hello"}]
  }'

API key best practices

PracticeWhy
One key per environmentRevoke prod key without affecting dev
Rotate every 90 daysLimit blast radius of a stale leak
Add to .gitignore.env files are the #1 secret-leak vector
Enable usage alertsCatch a leaked key before it costs you
Never log the keyStructured logs ship to many downstream sinks

After authenticating, estimate costs with the Claude API Cost Calculator. For rate limit handling once you're authenticated, see the rate limits guide.

Frequently asked questions

Where do I set my Anthropic API key in Python?
Export ANTHROPIC_API_KEY as an environment variable. The SDK reads it automatically: client = anthropic.Anthropic(). Never hard-code the key in source code.
How do I get an Anthropic API key?
Log in at console.anthropic.com → Settings → API Keys → Create Key. Give each key a descriptive name (e.g. 'prod-app', 'ci-runner') so you can revoke specific ones without affecting others.
Can I use multiple Anthropic API keys?
Yes. Create one key per environment (dev/staging/prod) or per service. This lets you rotate or revoke a single key without affecting other services. The Anthropic SDK supports passing the key directly: anthropic.Anthropic(api_key='sk-ant-...').
What happens if my Anthropic API key is leaked?
Revoke it immediately at console.anthropic.com → Settings → API Keys. A leaked key can incur charges if used by a third party. Enable usage alerts in the console to catch unexpected spikes early.
Does the Claude API support OAuth or JWT authentication?
No — the Claude API uses API key authentication only (Bearer token in the Authorization header). There is no OAuth flow. Keep your API key in a secrets manager, not in version control.

Free tools

Cost Calculator → API Cookbook → Diff Summarizer → Skills Browser →

More examples

Claude API Python QuickstartClaude API Node.js / TypeScript QuickstartClaude API Streaming in PythonClaude API Streaming in Node.js / TypeScriptClaude API Tool Use in PythonClaude API Tool Use in Node.js / TypeScript