Tygart Media

Anthropic API Key: How to Get One, Set Up Billing & Keep It Safe (2026)

Written by

Will Tygart

in

,

About Will

I run a multi-site content operation on Claude and Notion with autonomous agents — and I write about what we do, including what breaks.

Connect on LinkedIn →

Published: May 25, 2026 | Last fact-check: May 25, 2026 against Anthropic Console behavior and current API key format

Quick Answer

Get an Anthropic API key at console.anthropic.com → API Keys → Create Key. The key starts with sk-ant- and is shown once — copy and store it in a password manager immediately. Add billing credits before making API calls.

Full setup, security, and usage walkthrough below.

An Anthropic API key is the credential that lets your application, script, or tool call Claude programmatically. Whether you are wiring Claude into Claude Code, building an internal agent, or integrating Claude into a SaaS product, the API key is the first step. This walkthrough covers how to create one, how to keep it safe, and the most common mistakes people make in the first 48 hours after they have it.

What an Anthropic API Key Is (and Isn’t)

The Anthropic API key authenticates requests to the Anthropic Messages API. It identifies which workspace and organization is making the call, what model permissions it has, and where to bill the token usage.

What an API key is not: a login. You cannot use an API key to sign into claude.ai. The web interface and the API are separate billing surfaces. Your Pro or Max subscription does not grant API credit by default; API usage requires its own billing setup.

How to Get an Anthropic API Key

The process takes three minutes if you already have an Anthropic account, ten if you do not.

  1. Go to console.anthropic.com. This is the Claude Console (sometimes called the Anthropic Console), the developer dashboard separate from the consumer claude.ai interface.
  2. Sign in or create an account. If you already use claude.ai, your login works here. New accounts require email verification.
  3. Click “API Keys” in the left sidebar. You may need to expand the navigation under your workspace name first.
  4. Click “Create Key.” Give the key a descriptive name (e.g., “Claude Code Laptop,” “Production Backend,” “Local Dev”). The name is for your reference only.
  5. Copy the key immediately. Anthropic shows the full key exactly once. After you close the modal, you cannot retrieve it — only revoke it and create a new one.
  6. Store it in a password manager or secret vault. 1Password, Bitwarden, AWS Secrets Manager, GCP Secret Manager — anywhere except a text file on your desktop or a committed .env in a public repo.

Adding Billing Before You Can Use the Key

A common surprise: a freshly created API key cannot make calls until you add a payment method and credits to your Anthropic account. The key exists, but every request returns a billing error.

To add billing:

  1. In the Claude Console, click “Billing” or “Plans & Billing” in the left sidebar.
  2. Add a payment method (credit card; Anthropic also supports invoicing for enterprise).
  3. Either pre-purchase API credits or enable auto-recharge. Most users enable auto-recharge with a low threshold to avoid hitting empty mid-job.
  4. Set a monthly usage limit if you want a safety cap.

Once billing is set up, your API key works.

Anthropic API Key Format

An Anthropic API key starts with the prefix sk-ant- followed by a long alphanumeric string. The full key is roughly 100 characters. If your key does not start with sk-ant-, you have copied something incomplete.

Different key types exist:

  • Live keys (sk-ant-api...): Production calls, real billing.
  • Admin keys (sk-ant-admin...): Workspace admin operations, not for inference calls.

Most developers only need a live key.

Which Claude Models the API Key Works With

A standard live API key gives you access to the current generation of Claude models:

  • Claude Opus 4.7 (claude-opus-4-7) — current flagship, released April 16 2026. $5/$25 per million tokens.
  • Claude Sonnet 4.6 (claude-sonnet-4-6) — released February 17 2026. $3/$15 per million tokens. The production default for most workloads.
  • Claude Haiku 4.5 (claude-haiku-4-5) — released October 15 2025. $1/$5 per million tokens. Fast and cheap for high-volume work.

Earlier model versions (Sonnet 4, Opus 4.6, Haiku 3.5, etc.) are still callable by their specific snapshot IDs until Anthropic announces deprecation. Check the deprecation timeline in the Claude Console for any model you depend on in production.

How to Use the API Key

You pass the key in the x-api-key header on every request to the Messages API:

curl https://api.anthropic.com/v1/messages \
  --header "x-api-key: $ANTHROPIC_API_KEY" \
  --header "anthropic-version: 2023-06-01" \
  --header "content-type: application/json" \
  --data '{
    "model": "claude-opus-4-7",
    // Other current options: claude-sonnet-4-6, claude-haiku-4-5
    "max_tokens": 1024,
    "messages": [{"role": "user", "content": "Hello"}]
  }'

In Python or Node.js, the official SDKs read ANTHROPIC_API_KEY from your environment automatically. You should never hardcode the key in source code.

Security: How to Not Leak Your Key

Anthropic API keys leak constantly. Most leaks happen the same way:

  1. Committing the key to a public GitHub repo. The single most common leak. GitHub scans for known credential patterns and notifies Anthropic; your key gets auto-revoked within minutes. You will know because your calls suddenly start failing.
  2. Pasting the key into a shared chat or document. Anyone with access becomes a credential holder.
  3. Putting the key in client-side JavaScript. A browser app shipping its API key to users is giving the key away. Always proxy through a backend.
  4. Logging the key. Any logging system that captures HTTP headers can leak the key. Mask sensitive headers in your logger config.

The good rule: treat your API key like a credit card number, because that’s what it functions as.

Rotating an Anthropic API Key

You should rotate keys quarterly at minimum, and immediately if a key is suspected compromised. Rotation in the Claude Console:

  1. Go to API Keys.
  2. Create a new key with a fresh name (e.g., “Claude Code Laptop 2026 Q3”).
  3. Update your application’s environment variable or secret manager to use the new key.
  4. Verify the new key works.
  5. Revoke the old key.

The five-minute rotation is far cheaper than dealing with a leaked key that was used by an attacker for hours before you noticed.

Workspace and Organization Keys

Anthropic accounts are organized as: Organization → Workspaces → API Keys. Most individuals only use one of each. Teams use multiple workspaces to separate environments (production, staging, dev) or projects.

Each key belongs to one workspace. Billing rolls up to the organization. If you need separate billing visibility per project, separate workspaces are the lever.

Monitoring API Key Usage

The Claude Console shows per-key usage in the “Usage” section. You can see:

  • Token spend per key per day
  • Model breakdown (Opus, Sonnet, Haiku usage)
  • Input vs output token split
  • Cache usage (if you have prompt caching enabled)

Set up usage alerts in Billing. The Anthropic console can email you when daily or monthly spend crosses a threshold. This is the cheapest insurance against a runaway loop or compromised key.

Frequently Asked Questions

How do I get an Anthropic API key?

Sign in to console.anthropic.com, open API Keys in the sidebar, click Create Key, name it, and copy the key immediately. You cannot retrieve the full key after closing the creation modal.

Is the Anthropic API key free?

The key itself is free to generate. Using it costs money — Anthropic bills per token at the API pricing in effect. You must add billing credits before the key works.

Does my Claude Pro or Max subscription include API credits?

No. Pro and Max subscriptions cover the chat interface and Claude Code (with usage caps). API usage is billed separately against your Anthropic account.

What does an Anthropic API key start with?

Live API keys start with sk-ant-api. Admin keys start with sk-ant-admin. The key is roughly 100 characters long.

What happens if my Anthropic API key gets leaked?

Anyone with the key can use it to make API calls billed to your account until the key is revoked. If you suspect a leak, revoke immediately in the Claude Console and check Usage for any suspicious activity.

Can I use the same API key for Claude Code and my own app?

You can, but you should not. Use separate keys per environment (Claude Code Laptop, Production Backend, Local Dev). Separate keys make revocation surgical instead of catastrophic.

Where should I store my Anthropic API key?

In a password manager (1Password, Bitwarden) for personal use, or in a secret manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault) for production. Never commit it to a repo or hardcode it in source.

How do I rotate an Anthropic API key?

Create a new key in the Claude Console, update your application to use the new key, verify it works, then revoke the old key. Rotate quarterly as a baseline.

The Bottom Line

Getting an Anthropic API key is a three-minute process. Keeping it safe is a discipline. Use a password manager, rotate quarterly, never put the key in client-side code, and set usage alerts in the Claude Console. Treat the key as production infrastructure, not a developer toy, and it will serve you for years without incident.

What to explore next
AI Strategy
Claude 5 Release Date 2026: Leak Signals, Expected Features & Anthropic’s Timeline
Same room
AI in Restoration
What to Build First: The Restoration AI Sequencing Question Most Owners Get Wrong
Same room
The Machine Room
387 Cowork Sessions and Counting: What Happens When AI Becomes Your Daily Operating Partner
You may also explore
Deep dive
ESG & Sustainability
RCP JSON Schema v1.0 — The Machine-Readable Data Standard
Deep dive

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts

HomeAI Strategy