claude CLI (interactive turns via the harness, one-shot
completions via claude -p). The credential that powers them is chosen per deployment and per
user (Settings → Models, resolved user > global > deployment env). Which credential you pick
determines which Anthropic terms you operate under.
The primary sources
| Document | Link |
|---|---|
| Claude Code — Legal and compliance (the authentication rules quoted below) | code.claude.com/docs/en/legal-and-compliance |
| Consumer Terms of Service (Free / Pro / Max subscriptions) | anthropic.com/legal/consumer-terms |
| Commercial Terms of Service (API / Team / Enterprise) | anthropic.com/legal/commercial-terms |
| Anthropic Usage Policy | anthropic.com/legal/aup |
| Use Claude Code with your Pro or Max plan | Help Center article |
| Use the Claude Agent SDK with your Claude plan (Agent SDK credit rules) | Help Center article |
OAuth authentication is intended exclusively for purchasers of Claude Free, Pro, Max, Team, and Enterprise subscription plans and is designed to support ordinary use of Claude Code and other native Anthropic applications.
Developers building products or services that interact with Claude’s capabilities, including those using the Agent SDK, should use API key authentication through Claude Console or a supported cloud provider. Anthropic does not permit third-party developers to offer Claude.ai login or to route requests through Free, Pro, or Max plan credentials on behalf of their users.
Advertised usage limits for Pro and Max plans assume ordinary, individual usage of Claude Code and the Agent SDK.
How Vexa’s credential modes map
Subscription mode (“Claude subscription (deployment credentials)”):- Workers invoke the official
claudebinary — never the raw HTTP API with an OAuth token. The credential file (~/.claude/.credentials.json) is bind-mounted read-only into worker containers at the CLI’s own standard path; only the official client consumes it. The token is never extracted into headers, third-party clients, or proxies. claude -pcompletions are plain subprocess calls of the compiled CLI. Per the Agent SDK help article, third-party apps authenticating with your subscription through the Agent SDK are a covered, credit-metered use: programmatic usage draws a per-user monthly Agent SDK credit (plan-dependent; overage at API rates when enabled). Nothing simulates a terminal to disguise programmatic calls as interactive use.
- Raw-API auth (
ANTHROPIC_BASE_URL/ANTHROPIC_AUTH_TOKEN, or the OpenAI-compatibleVEXA_LLM_*set) is only ever brokered when the deployment or user supplied an API key — Commercial Terms, no consumer authentication restrictions.
The boundary: one human, one subscription, one beneficiary
- Self-host, single user — your machine, your subscription, your turns: subscription mode as the deployment default is ordinary individual use.
- Any multi-user or hosted deployment — the deployment default must be an API key
(Settings → Models → Custom endpoint, or
ANTHROPIC_API_KEYin the deployment env), or each user brings their own credential via user-level settings. Never default tenants onto anyone’s consumer OAuth.
Operator checklist
- Exactly one human benefits from a mounted subscription credential. If
HOST_CLAUDE_CREDENTIALSis set and more than one active user runs turns, switch the deployment default to an API key. - Never move the OAuth token out of the credentials file — no proxies, no header injection, no gateway re-serving. API-style env vars are for API keys only.
- Expect
claude -pusage to draw the Agent SDK credit separately from interactive limits — exhaustion is a billing event, not a bug (it surfaces as a model-inference failure in the worker). - When in doubt for a new topology: use an API key — the Commercial Terms path has no authentication-shape restrictions.
Terms evolve (the Agent SDK credit rules changed during 2026 and the help article notes pending
updates). Re-verify the primary sources before relying on this page for a new deployment class.
This page is engineering compliance guidance, not legal advice.