I totally understand that I should not reuse my own account to provide services to others, as direct API usage is the obvious choice here, but this is a different case.
I am currently developing something that would be the perfect fit for this OAuth based flow and I find it quite frustrating that in most cases I cannot find a clear answer to this question. I don't even know who I would be supposed to contact to get an answer or discuss this as an independent dev.
EDIT: Some answers to my comment have pointed out that the ToS of Anthropic were clear, I'm not saying they aren't if taken in a vacuum, yet in practice even after this being published some confusion remained online, in particular regarding wether OAuth token usage was still ok with the Agent SDK for personal usage. If it happens to be, that would lead to other questions I personally cannot find a clear answer to, hence my original statement. Also, I am very interested about the stance of other companies on this subject.
Maybe I am being overly cautious here but I want to be clear that this is just my personal opinion and me trying to understand what exactly is allowed or not. This is not some business or legal advice.
Subscriptions are for first-party products (claude.com, mobile and desktop apps, Claude Code, editor extensions, Cowork).
Everything else must use API billing.
These kinds of business decisions show how these $200.00 subscriptions for their slot/infinite jest machines basically light that $200.00 on fire, and how in general how unsustainable these business models are.
Can't wait for it all to fail, they'll eventually try to get as many people to pay per token as possible, while somehow getting people to use their verbose antigentic tools that are able to inflate revenue through inefficient context/ouput shenanigans.
On the other hand OpenAI and GitHub Copilot have, as far as I know, explicitly allowed their users to connect to at least some third party tools and use their quotas from there, notably to OpenCode.
What is unclear to me is whether they are considering also allowing commercial apps to do that. For instance if I publish a subscription based app and my users pay for the app itself rather than for LLM inference, would that be allowed?
https://github.com/rivet-dev/sandbox-agent/tree/main/gigacod... [I saw this inShow HN: Gigacode – Use OpenCode's UI with Claude Code/Codex/Amp] (https://news.ycombinator.com/item?id=46912682)
This can make Opencode work with Claude code and the added benefit of this is that Opencode has a Typescript SDK to automate and the back of this is still running claude code so technically should work even with the new TOS?
So in the case of the OP. Maybe Opencode TS SDK <-> claude code (using this tool or any other like this) <-> It uses the oauth sign in option of Claude code users?
Also, zed can use the ACP protocol itself as well to make claude code work iirc. So is using zed with CC still allowed?
> I don't see how they can get more clear about this, considering they have repeatedly answered it the exact same way.
This is confusing quite frankly, there's also the claude agent sdk thing which firloop and others talked about too. Some say its allowed or not. Its all confusing quite frankly.
You can’t use Claude OAuth tokens for anything. Any solution that exists worked because it pretended/spoofed to be Claude Code. Same for Gemini (Gemini CLI, Antigravity)
Codex is the only one that got official blessing to be used in OpenClaw and OpenCode, and even that was against the ToS before they changed their stance on it.
A third-party tool may be less efficient in saving costs (I have heard many of them don't hit Anthropic LLMs' caches as well).
Would you be willing to pay more for your plan, to subsidize the use of third-party tools by others?
---
Note, afaik, Anthropic hasn't come out and said this is the reason, but it fits.
Or, it could also just be that the LLM companies view their agent tools as the real moat, since the models themselves aren't.
> OAuth authentication (used with Free, Pro, and Max plans) is intended exclusively for Claude Code and Claude.ai. Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.
None of this is legal advice, I'm just trying to understand what exactly is allowed or not.
I think this is pretty clear - No.
" Usage policy
Acceptable use Claude Code usage is subject to the Anthropic Usage Policy. Advertised usage limits for Pro and Max plans assume ordinary, individual usage of Claude Code and the Agent SDK"
That tool clearly falls under ordinary individual use of Claude code. https://yepanywhere.com/ is another such tool. Perfectly ordinary individual usage.
The tos are confusing because just below that section it talks about authentication/credential use.
I can't find anything official from OpenAI, but they have worked with the OpenCode people to support using your ChatGPT subscription in OpenCode.
Banning third-party tools has nothing to do with rate limits. They’re trying to position themselves as the Apple of AI companies -a walled garden. They may soon discover that screwing developers is not a good strategy.
They are not 10× better than Codex; on the contrary, in my opinion Codex produces much better code. Even Kimi K2.5 is a very capable model I find on par with Sonnet at least, very close to Opus. Forcing people to use ONLY a broken Claude Code UX with a subscription only ensures they loose advantage they had.
Google AI Pro is like $15/month for practically unlimited Pro requests, each of which take million tokens of context (and then also perform thinking, free Google search for grounding, inline image generation if needed). This includes Gemini CLI, Gemini Code Assist (VS Code), the main chatbot, and a bunch of other vibe-coding projects which have their own rate limits or no rate limits at all.
It's crazy to think this is sustainable. It'll be like Xbox Game Pass - start at £5/month to hook people in and before you know it it's £20/month and has nowhere near as many games.
You've described every R&D company ever.
"Synthesizing drugs is cheap - just a few dollars per million pills. They're trying to bundle pharmaceutical research costs... etc."
There's plenty of legit criticisms of this business model and Anthropic, but pointing out that R&D companies sink money into research and then charge more than the marginal cost for the final product, isn't one of them.
Enterprise products with sufficient market share and "stickiness", will not.
For historical precedent, see the commercial practices of Oracle, Microsoft, Vmware, Salesforce, at the height of their power.
The software is free (citation: Cuda, nvcc, llvm, olama/llama cpp, linux, etc)
The hardware is *not* getting cheaper (unless we're talking a 5+ year time) as most manufacturers are signaling the current shortages will continue ~24 months.
Despite the high price, the Bentley factory is running 24/7 and still behind schedule due to orders placed by the rental-car company, who has nearly-infinite money.
I also think we're, as ICs, being given Bentleys meanwhile they're trying to invent Waymos to put us all out of work.
Humans are the cost center in their world model.
Finance 101 tldr explanation: The contribution margin (= price per token -variable cost per token ) this is positive
Profit (= contribution margin x cuantity- fix cost)
The sounds like a confession that claude code is somewhat wasteful at token use.
I find that competitive edge unlikely to last meaningfully in the long term, but this is still a contrarian view.
More recently, people have started to wise up to the view that the value is in the application layer
https://www.iconiqcapital.com/growth/reports/2026-state-of-a...
What a PR nightmare, on top of an already bad week. I’ve seen 20+ people on X complaining about this and the related confusion.
It's merely the hardware that should be charged for - which ought to drop in price if/when the demand for it rises. However, this is a bottleneck at the moment, and hard to see how it gets resolved amidst the current US environment on sanctioning anyone who would try.
And i would also argue that the researchers doing this are built on shoulders of other public knowledge - things funded by public institutions with taxpayer money.
Have to do everything through Azure, which is a mess to even understand.
They are all desperately trying to stay in power, and this policy change (or clarification) is a fart in the wind in the grand scheme of what's going on in this industry.
What is interesting is that OpenAI and GitHub seem to be taking the opposite approach with Copilot/OpenCode, essentially treating third-party tool access as a feature that increases subscription stickiness. Different bets on whether the LTV of a retained subscriber outweighs the marginal inference cost.
Would not be surprised if this converges eventually. Either Anthropic opens up once their margins improve, or OpenAI tightens once they realize the arbitrage is too expensive at scale.
I don't entirely mind, and am just considering it an even better work:life balance, but if this is $200 worth of queries, then all I can say is LOL.
Their bet is that most people will not fill up 100% of their weekly usage for 4 consecutive weeks of their monthly plan, because they are humans and the limits impede long running tasks during working hours.
I dont like it either, but its not an unreasonable restriction.
https://x.com/i/status/2024212378402095389
---
On a different note, it's surprising that a company that size has to clarify something as important as ToS via X
Countries clarify nation policy on X. Seriously it feels like half of the EU parliament live on twitter.
Plus it's not a real clarification in anyway. It's just PR. Even if it's posted on Mastodon or Github or anywhere, I highly doubt you can use it to defend yourself if you get banned from violating their ToS.
I presume zero.. but nonetheless seems like people will take it as valid anyway.
That can be dangerous I think.
> Authentication and credential use
> Claude Code authenticates with Anthropic’s servers using OAuth tokens or API keys. These authentication methods serve different purposes:
> OAuth authentication (used with Free, Pro, and Max plans) is intended exclusively for Claude Code and Claude.ai. Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.
> Developers building products or services that interact with Claude’s capabilities, including those using the Agent SDK, should use API key authentication through Claude Console or a supported cloud provider. Anthropic does not permit third-party developers to offer Claude.ai login or to route requests through Free, Pro, or Max plan credentials on behalf of their users.
> Anthropic reserves the right to take measures to enforce these restrictions and may do so without prior notice.
But the big guys don’t seem interested in this, maybe some lesser known model will carve out this space
I shudder to think what the industry will look like if software development and delivery becomes like Youtubing, where the whole stack and monetization is funneled through a single company (or a couple) get to decide who gets how much money.
As an independent dev I also unfortunately don't have investors backing me to subsidize inference for my subscription plan.
It's seriously one of the best models. very comparable to sonnet/opus although kimi isn't the best in coding. I think its a really great solid model overall and might just be worth it in your use case?
Is the use case extremely coding intensive related (where even some minor improvement can matter for 10-100x cost) or just in general. Because if not, then I can recommend Kimi.
Maybe they are not worth building at all then. Like MoviePass wasn’t.
And historically, embedded/OEM use cases always have different pricing models for a variety of reasons why.
How is this any different than this long established practice?
> Advertised usage limits for Pro and Max plans assume ordinary, individual usage of Claude Code and the Agent SDK.
This is literally the last sentence of the paragraph before the "Authentication and credential use"
The markets value recurring subscription revenue at something like 10x “one-off” revenue, Anthropic is leaving a lot of enterprise value on the table with this approach.
In practice this approach forces AI apps to pay Anthropic for tokens, and then bill their customers a subscription. Customers could bring their own API key but it’s sketchy to put that into every app you want to try, and consumers aren’t going to use developer tools. And many categories of free app are simply excluded, which could in aggregate drive a lot more demand for subscriptions.
If Anthropic is worried about quota, seems they could set lower caps for third-party subscription usage? Still better than forcing API keys.
(Maybe this is purely about displacing other IDE products, rather than a broader market play.)
Allows them to optimize their clients and use private APIs for exclusive features etc. and there’s really no reason to bootstrap other wannabe AI companies who just stick a facade experience in front of Anthropic’s paying customer.
Look at your token usage of the last 30 days in one of the JSON files generated by Claude Code. Compare that against API costs for Opus. Tell me if they are eating losses or not. I'm not making a point, actually do it and let me know. I was at 1 million. I'm paying 90 EUR/m. That means I'm subsidizing them (paying 3-4 times what it would cost with the API)! And I feel like I'm a pretty heavy user. Although people running it in a loop or using Gas Town will be using much more.
Especially as they are subsidized.
I don’t think Anthropic has any desire to be some B2C platform, they want high paying reliable customers (B2B, Enterprise).
I'm more surprised by people using subscription auth for OpenClaw when its officially not allowed.
Doesn’t both count towards my usage limits the same?
Anthropic subs are not 'bulk tokens'.
It's not an unreasonable policy and it's entirely inevitable that they have to restrict.
I’m using their own SDK in my own CLI tool.
At its core it’s a tragedy of commons situation. Using a third party tool like OpenClaw is augmenting your usage far beyond what was anticipated when the subscription plan was made.
Same deal for unlimited storage on drive until people started abusing it.
I didn’t set the limits on the plan; change those if it’s a problem, not irritate your customer base.
It's more buying a season pass for Disneyland, then getting told you can't park for free if you're entering the park even though free parking is included with the pass. Still not unreasonable, but brings to light the intention of the tool is to force the user into an ecosystem rather.
But 'you can't park even though the ticket includes parking' is not an appropriate analogy because 3rd party use is definitely not intended. They did not 'state one thing' and the 'disallow it'.
This is a pretty straight forward case of people using their subscription for 'adjacent' use, and Anthropic being more explicit about it.
There's nothing fancy going on here.
Sonnet 4.6 in CC doesn’t behave the same way as Sonnet 4.6 in Antigravity.
a 200 dollar a month customer isn't trying to get around paying for tokens, theyre trying to use the tooling they prefer. opencode is better in a lot of ways.
tokens get counted and put against usage limits anyway, unless theyre trying to eat analytics that are CC exclusive they should allow paying customers to consume to the usage limits in however way they want to use the models.
I think I agree, but it's their business to run however they like. They have competition if we don't like it.
If openclaw chews my 200/month up in 15 days... I don't get more requests for free
in any case Codex is a better SOTA anyways and they let you do this. and if you aren't interested in the best models, Mistral lets you use both Vibe and their API through your vibe subscription api key which is incredible.
Many ways, and they’re under no obligation to play fair and tell you which way they’re using at any given time. They’ve said what the rules are, they’ve said they’ll ban you if they catch you.
So let’s say they enforce it by adding an extra nonstandard challenge-response handshake at the beginning of the exchange, which generates a token which they’ll expect on all requests going forward. You decompile the minified JS code, figure out the protocol, try it from your own code but accidentally mess up a small detail (you didn’t realize the nonce has a special suffix). Detected. Banned.
You’ll need a new credit card to open a new account and try again. Better get the protocol right on the first try this time, because debugging is going to get expensive.
Let’s say you get frustrated and post on Twitter about what you know so far. If you share info, they’ll probably see it eventually and change their method. They’ll probably change it once a month anyway and see who they catch that way (and presumably add a minimum Claude Code version needed to reach their servers).
They’ve got hundreds of super smart coders and one of the most powerful AI models, they can do this all day.
you just need to inspect the network traffic with Claude code and mimic that
There are lots of ways they could be doing this. And remember again, if they get you, they don’t have to tell you how they got you (so you might not be able to even glean information in return for the $200 you’d be losing).
Sure the internet has hundreds of thousands of super smart coders, but the subset who are willing to throw money and credit cards down the drain in order to maintain a circumvention strategy for something like this is pretty low. I’m sure a few people will figure it out, but they won’t want to tell anyone lest Anthropic nerf their workaround, so I doubt that exploits of this will become widespread.
And if you’re Anthropic, that’s probably good enough.
I would think that different tools would probably have different templates for their prompts?
OpenAI will adjust, their investors will not allow money to be lost on ”being nice” forever, not until they’re handsomely paid back at least.
And OpenAI just told Microsoft why they shouldn't be seeing Anthropic anymore; Gpt-5.3-codex.
RIP Anthropic.
Can’t this restriction for the time being be bypassed via -p command line flag?
So, I guess it's time to look into OpenAI Codex. Any other viable options? I have a 128GB iGPU, so maybe a local model would work for some tasks?
So it makes sense to offer simple flat pricing for first party apps, and usage priced apis for other usage. It’s like the difference between Google Drive and S3.
For me, flat rates are simply unfair either ways - if I'm not using the product much, I'm overpaying (and they're ok with that), otherwise it magically turns out that it's no longer ok when I actually want to utilize what I paid for :)
Unfortunately neither political party can get all of the above.
That is...not how it works. People self-hosting don't look at their electricity bill.
So, which two parties could they be referring to? The Republicans and the Freedom Caucus?
For instance, the other day, the Siri button in maps told me it couldn't start navigation because it didn't know where it was. It was animating a blue dot with my real time position at the same time.
Don't get me started about the new iOS 26 notification and messaging filters. Those are causing real harm multiple times a day.