How to get a Claude API key: secure setup and rotation
Updated 2026-07-15
Get a Claude API key at console.anthropic.com under Settings and API Keys, then treat it like any other bearer credential the moment it appears: store it in an environment variable or secrets manager, scope one key per app and environment, and put it on a rotation calendar even though Anthropic keys never expire on their own. The sign-up steps take five minutes; the habits below determine whether a leaked key costs you nothing or costs you a real invoice.
Quick answer: get the key, then lock it down
Anthropic issues Claude API keys through the Console, a separate product from the claude.ai chat app. Create an account at console.anthropic.com, add a payment method and buy a small block of prepaid credits under billing, then open Settings, go to API Keys, and click Create Key. The value is shown exactly once, starts with sk-ant-, and needs to land somewhere safe before you close that dialog: an environment variable, a secrets manager, or a password manager. Never a chat message, a support ticket, or a line of committed code. The part people skip is everything after creation. Anthropic keys carry no built-in expiry, so a key generated for a weekend side project keeps authenticating requests years later unless a person deliberately revokes it in the Console. Nothing in the signup flow forces you to scope the key to one app, cap its spend, or put it on a rotation schedule, which means every habit below is entirely on you to build. The rest of this guide treats key creation as the easy five minutes and spends the remaining time on what actually decides the outcome of a leak: scoping, storage, monitoring, and a rotation routine you follow without being told to.
Where Claude API key risk actually lives
None of this is exotic. It is the same shape as any other bearer-token API: whoever holds the string can spend the balance behind it, and Anthropic has no way to tell a legitimate integration from a scraper that found the same string in a public repository. The difference with Claude specifically is that the balance behind a key is prepaid, so a leak becomes a race between whoever is draining the credit and whoever notices the spend first.
- No forced expiry. A key stays valid until a human opens the Console and revokes it; there is no default countdown working in your favor.
- One-time display. The full key value appears once at creation. Reopening the Settings page later shows only a truncated version, which is exactly why people paste the value somewhere "just in case," usually somewhere far less safe than an environment variable.
- A shared balance behind every key. All keys inside one Anthropic organization draw against the same prepaid credit pool, so one leaked key can spend down the balance funding every other project on the account.
- A header format that trips up copy-paste code. Anthropic authenticates with an x-api-key header plus a required anthropic-version header, not the Authorization: Bearer pattern most OpenAI-compatible tools expect, so integration code adapted from another provider fails in a way that looks like a bad key but is actually the wrong header.
- Per-project scoping exists but is opt-in. Console organizations support multiple projects with separate keys; teams that create one org-wide key instead lose the ability to tell which app a usage spike came from.
What an unnoticed leak actually costs
Put a number on the risk instead of treating "rotate your keys" as a slogan. The table below prices three exposure windows: a leak caught the same day, one that sits for a few days before anyone checks usage, and one on a forgotten key that keeps running for weeks. Each column applies Anthropic's published official output rate for that model, since output tokens are what an abuse script actually generates and gets billed against.
| Exposure window | Output tokens burned | claude-haiku-4-5 ($5/1M out) | claude-sonnet-4-6 ($15/1M out) | claude-opus-4-7 ($25/1M out) |
|---|---|---|---|---|
| Caught the same day | ~0.5M | $2.50 | $7.50 | $12.50 |
| A few days unnoticed | ~5M | $25.00 | $75.00 | $125.00 |
| Forgotten key, weeks | ~50M | $250.00 | $750.00 | $1,250.00 |
Why key security surprises people
Every one of these is avoidable with a five-minute habit, not a platform feature you have to wait for Anthropic to ship.
- A chat subscription does not cover this. Claude Pro or Max pays for the claude.ai apps; the Console runs on a fully separate prepaid balance, so a key can authenticate correctly while every request still fails against a zero balance, and the reverse also happens: a well-funded key with no spend alert can run a long time before anyone checks the invoice.
- Browser and mobile code cannot hide a key. Anything shipped to a client is public by construction no matter how it is obfuscated, so a key embedded in a web app or an app bundle should be treated as already leaked.
- Revoking before the replacement is live causes its own outage. Deleting a key in the Console takes effect instantly. Teams that revoke first and generate the replacement second turn a routine security fix into unplanned downtime.
- Org-wide keys hide the source of a spike. If every service shares one key, usage logs show a spend increase with no way to tell whether it is a traffic surge, a retry-loop bug, or an actual leak, until someone pulls the logs apart by hand.
- Copying the key "somewhere safe" is often the actual leak. Pasting a one-time secret into a chat thread, a ticket, or a shared document to preserve it usually creates a more permanent, more widely readable copy than the Console itself ever showed.
Key management approaches, side by side
Most teams end up on one of four patterns by accident rather than on purpose. Compare them on what actually matters: how much damage a single leaked key can do, and how much work rotating it takes.
| Approach | Blast radius if leaked | Rotation effort | Best fit |
|---|---|---|---|
| One shared org key | Entire prepaid balance, every project | High: touches every integration at once | Never recommended past a first test |
| Per-app, per-environment keys | One app or environment | Low: swap one key, one deploy | Most production teams |
| Secrets manager plus calendar rotation | One app; window bounded by schedule | Automated once configured | Teams already running Vault or a cloud secrets manager |
| Prepaid, pay-as-you-go gateway key | Capped at whatever balance is loaded | Same as any API key; the balance itself limits the worst case | Cost-sensitive or multi-provider setups |
Practical fixes: a rotation routine that survives contact with production
None of this requires new tooling. A password manager, one calendar reminder, and a documented rotation order cover most of the risk that "just rotate your keys" glosses over.
- Scope one key per app and per environment, dev, staging, and prod, from day one, before there is more than one integration to untangle later.
- Store the value in an environment variable or a secrets manager only. If a key ever touches a git diff, treat it as leaked immediately, even in a private repository, and add a pre-commit secret scanner so the next one never gets that far.
- Turn on spend notifications so a leak or a runaway retry loop shows up as an alert instead of a surprise invoice at the end of the month.
- Put rotation on a calendar even though nothing forces you to. A quarterly rotation for production keys plus an immediate rotation on any suspected exposure covers most real-world timelines.
- Rotate in the right order: create the new key, deploy it, verify it with a live request, then revoke the old one. Revoking first turns a routine rotation into an incident.
- Log usage per key ID, not just per account, so an anomalous spike points at one app instead of the whole organization.
- If the goal is capping the dollar exposure itself rather than just detecting it faster, routing lower-stakes or high-volume traffic through a prepaid, pay-as-you-go OpenAI-compatible endpoint keeps the worst case equal to whatever balance is loaded instead of an open-ended invoice. APIsRouter is one option built this way: no subscription sitting in the background, and global models priced 20% below official list.
Rotate a key without downtime: the actual sequence
Treat rotation as a four-step sequence, not a single click. Create the replacement key in the Console first, leave the old one live, and confirm the new one authenticates before you touch anything else. The same rotation order applies if part of your traffic runs through a prepaid, OpenAI-compatible gateway instead of a direct Anthropic key: verify the new key with a live request before revoking the old one, and the request shape barely changes from the direct API example above.
curl https://api.anthropic.com/v1/messages \
-H "x-api-key: $NEW_ANTHROPIC_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "content-type: application/json" \
-d '{
"model": "claude-sonnet-4-6",
"max_tokens": 16,
"messages": [{"role": "user", "content": "Reply with one word: ready"}]
}'FAQ
How do I get a Claude API key?
Sign up at console.anthropic.com, add billing and buy a small block of prepaid credits, then open Settings, API Keys, and Create Key. The full value shows once, starts with sk-ant-, and belongs in an environment variable or secrets manager the moment you see it.
Do Claude API keys expire automatically?
No. A key stays valid indefinitely until someone revokes it in the Console. That is exactly why a manual rotation calendar matters: nothing on Anthropic's side retires an old key for you.
What should I do the moment a Claude API key leaks?
Create a replacement key first, verify it with a live request, redeploy, then revoke the leaked key in the Console. Revoking before the replacement is live turns a security fix into an outage. Check usage logs for the leaked key ID afterward to see what it actually spent.
Can one leaked key drain an entire team budget?
Yes, if every service shares a single organization-wide key. All keys in an Anthropic organization draw from the same prepaid balance, so a leak on any one of them can spend down credits that fund unrelated projects. Per-app, per-environment keys contain the damage to whichever key actually leaked.
What is the cheapest way to cap the cost of a compromised Claude API key?
Keep the balance behind the key small and prepaid rather than relying on a large standing credit line. A pay-as-you-go, no-subscription gateway like APIsRouter bounds the worst case at whatever you have topped up, since global models are priced 20% below official list and there is no ongoing subscription running between top-ups.