Claude API Key Guide: Setup and Safety
ClaudeAIHub. All setup steps refer to the official Anthropic Console.
What Is a Claude API Key?
A Claude API key is a secret token that authenticates your requests to the Anthropic API. Every API call you make must include your key. Without it, requests are rejected. Because the key is tied to your billing, anyone who has it can make API calls charged to your account — so protecting it is critical.
Where to Create Your Claude API Key
- Go to platform.claude.com and sign in or create an account.
- Add a payment method if you haven’t already (required for API access).
- Click your account name → Settings → API Keys.
- Click Create Key, give it a name (e.g., “my-project”), and copy the key immediately.
Important: The key is shown only once after creation. If you close the window without saving it, you will need to generate a new key. There is no way to retrieve a key after you leave the creation screen.
How to Store Your API Key Safely
The most common safe storage method is an environment variable. Your code reads the key at runtime without it ever appearing in your source files.
macOS / Linux / WSL
# Add to ~/.zshrc or ~/.bashrc
export ANTHROPIC_API_KEY="your-key-here"
# Then reload:
source ~/.zshrcWindows PowerShell (Current Session)
$env:ANTHROPIC_API_KEY = "your-key-here"Windows — Permanent (System)
[System.Environment]::SetEnvironmentVariable("ANTHROPIC_API_KEY", "your-key-here", "User")Using a .env File (Python / Node.js Projects)
Create a .env file in your project root:
ANTHROPIC_API_KEY=your-key-hereLoad it in Python with python-dotenv:
from dotenv import load_dotenv
import os
load_dotenv()
api_key = os.environ.get("ANTHROPIC_API_KEY")Or in Node.js with the dotenv package:
require('dotenv').config();
const apiKey = process.env.ANTHROPIC_API_KEY;Critical: Add .env to your .gitignore immediately:
# .gitignore
.env
.env.local
.env.*Security Rules for Claude API Keys
- Never paste your key into Claude, ChatGPT, or any AI chat. AI conversations may be logged or reviewed.
- Never commit a .env file to GitHub or any public or private repo.
- Never share your key via Slack, email, or chat — use short-lived tokens or per-team keys instead.
- Use one key per project. This way you can rotate a single key without disrupting everything.
- Set spend limits in the Console so a leaked key has a capped blast radius.
- Monitor your Console usage dashboard. Unexpected activity is an early sign of key exposure.
- Rotate keys on a schedule or after any team change.
Using Your Key with the Official SDK
The Anthropic Python SDK reads the key from the environment automatically if you named it ANTHROPIC_API_KEY:
import anthropic
# SDK picks up ANTHROPIC_API_KEY from environment automatically
client = anthropic.Anthropic()
message = client.messages.create(
model="claude-sonnet-4-6",
max_tokens=256,
messages=[{"role": "user", "content": "Hello, Claude!"}]
)
print(message.content[0].text)Troubleshooting Common API Key Errors
| Error | Likely Cause | Fix |
|---|---|---|
| 401 Unauthorized | Wrong or missing API key | Check the key is correct and the env variable is loaded |
| 403 Forbidden | Key lacks permissions or is revoked | Generate a new key in the Console |
| 429 Too Many Requests | Rate limit exceeded | Slow down requests; check Console limits |
| 402 Payment Required | No payment method or balance exhausted | Add/update billing in Console |
| Key visible in code | Hardcoded key | Move to environment variable immediately |
| Env var not loading | .env not loaded or wrong name | Verify variable name is ANTHROPIC_API_KEY and dotenv is called |
What to Do if Your Key Is Leaked
- Go to Console → API Keys and delete the exposed key immediately.
- Generate a replacement key.
- Update all services and environment files with the new key.
- Review your Console usage for any unexpected API calls.
- If charges were incurred, contact Anthropic support through the Console.
Related Guides
- Claude API Guide for Developers
- Claude for Coding: Developer Workflows
- Claude Models: Opus, Sonnet, Haiku
- Claude Not Working? Status Checks and Fixes