If you're building tools on top of Claude — or just using third-party extensions that leverage your Claude subscription — you need to read this.
What Changed
Anthropic quietly updated the Claude Code Docs legal page with a very explicit restriction:
OAuth authentication (used with Free, Pro, and Max plans) is intended exclusively for Claude Code and Claude.ai. Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.
This isn't buried in fine print. It's front and center, with a clear warning: Anthropic reserves the right to take measures to enforce these restrictions and may do so without prior notice.
Who's Affected
Every developer and every tool that routes requests through Claude plan OAuth tokens:
- OpenClaw (my own project — yes, this hits close to home)
- Cline
- Roo Code
- Custom Agent SDK implementations
- Any third-party service that authenticates via Claude.ai OAuth
If your tool lets users sign in with their Claude account and sends requests on their behalf, you're now in violation of Anthropic's terms.
What Developers Must Do
The docs spell it out clearly:
Developers building products or services that interact with Claude's capabilities, including those using the Agent SDK, should use API key authentication through Claude Console or a supported cloud provider.
In short: get your own API keys. No more piggybacking on consumer plan OAuth tokens.
The Cost Reality Check
Here's where it stings. The Max plan at $100/month gives heavy users essentially unlimited Claude access. Switching to API keys means per-token pricing through the Anthropic API, AWS Bedrock, or Google Vertex AI.
For heavy users — the ones running coding agents, automated pipelines, or multi-agent workflows — the cost difference can be 10-100x more expensive. A developer burning through millions of tokens daily on a Max plan will feel this immediately.
This is a business model protection move, plain and simple.
Enforcement: No Warning Required
The scariest part? Anthropic explicitly states they can enforce this without prior notice. That means account bans, token revocations, or service disruptions could happen at any time. If your production workflow depends on OAuth tokens from consumer plans, you're sitting on a ticking time bomb.
What This Means for the Ecosystem
This policy draws a hard line between consumer products (Claude.ai, Claude Code) and developer infrastructure (API). Anthropic wants developers to pay developer prices.
Whether you agree with the policy or not, the writing is on the wall. If you're maintaining a tool that uses Claude OAuth — start migrating to API keys today. Don't wait for the ban hammer.
What's your take? Are you affected by this change? Drop a comment below.
Top comments (1)
Important heads-up. Policy shifts like this are exactly why teams need provider-agnostic usage visibility and fallback routes already in place before disruption hits.