Anthropic API Key
Your team uses an ANTHROPIC_API_KEY (a sk-ant-... token) to call the Claude API directly. Glitch forwards the key unchanged to api.anthropic.com.
Claude Code Gateway
Glitch serves as the LLM gateway for Claude Code, Anthropic’s official CLI for software engineering tasks. Pointing Claude Code at your Glitch sensor gives every prompt your team sends through the CLI:
- Security detection — prompt injection, jailbreaks, PII leakage, data exfiltration attempts
- Audit logging — every request and response captured per Claude Code session
- Centralized policy — block, log, or alert based on your team’s detection thresholds
- Per-team usage tracking — token counts, latency, and detection findings per Glitch API key
Glitch transparently proxies the Anthropic Messages API at /v1/messages and forwards your existing Anthropic credentials byte-for-byte to api.anthropic.com. No code changes to Claude Code; no proxy your team has to operate beyond the Glitch sensor.
Choose your authentication path
Section titled “Choose your authentication path”Glitch supports both ways Claude Code authenticates with Anthropic. Pick the page that matches how your team uses Claude Code today:
Claude Pro/Max Subscription
Your team uses Claude Code with personal Pro or Max subscriptions (the “Claude account with subscription” sign-in flow). Glitch forwards the OAuth bearer Claude Code obtains during sign-in, so subscription billing stays with Anthropic while Glitch handles security and audit.
The mechanics are nearly identical between the two — both modes use the same Glitch sensor, the same ANTHROPIC_BASE_URL redirect, and the same detection pipeline. The only difference is whether you set ANTHROPIC_API_KEY (API key path) or let Claude Code’s OAuth flow populate the Authorization header for you (subscription path).
At a glance
Section titled “At a glance”The shape of every Claude Code → Glitch → Anthropic request:
flowchart TD A["<b>Claude Code (claude CLI)</b><br/><br/>Authorization: Bearer <api_key OR oauth_token><br/>X-Glitch-Key: glitch_sk_...<br/>X-Claude-Code-Session-Id: <session_uuid><br/>anthropic-version: 2023-06-01"] B["<b>Glitch sensor</b><br/><br/>• Authenticates tenant via X-Glitch-Key<br/>• Runs detection pipeline (signatures + LLM-based)<br/>• Logs SecurityEvent with session id, model, tokens, blocks<br/>• Blocks at 403 with Anthropic-shaped error if policy denies"] C["<b>api.anthropic.com</b><br/><br/>Authorization header forwarded byte-for-byte"]
A --> B B --> C
style A fill:#1a1a2e,stroke:#00d4ff,color:#fff style B fill:#0d3d4d,stroke:#00d4ff,color:#fff style C fill:#1a1a2e,stroke:#00d4ff,color:#fffEndpoints supported
Section titled “Endpoints supported”| Endpoint | Behavior |
|---|---|
POST /v1/messages | Full proxy with detection, rate limiting, and audit logging |
POST /v1/messages/count_tokens | Authenticated passthrough (no detection) |
Both streaming ("stream": true) and non-streaming responses are supported.
Headers Glitch forwards
Section titled “Headers Glitch forwards”| Header | Behavior |
|---|---|
Authorization | Forwarded verbatim to api.anthropic.com. May contain an Anthropic API key (Bearer sk-ant-...) or an OAuth bearer from Claude Code’s subscription flow — Glitch does not inspect or rewrite it. |
x-api-key | Forwarded verbatim if present (alternate Anthropic auth header). |
anthropic-version | Forwarded if set; Glitch defaults to 2023-06-01 if absent. |
anthropic-beta | Forwarded verbatim. |
X-Claude-Code-Session-Id | Forwarded and captured into your audit log so you can group all events from the same Claude Code session. |
X-Glitch-Key is consumed by the Glitch sensor for tenant authentication and is never leaked to upstream. Secret headers (Authorization, x-api-key, Cookie, etc.) are redacted to [REDACTED] in the audit log; only the request bodies, detector findings, and session metadata are persisted.
Tuned for Claude Code traffic
Section titled “Tuned for Claude Code traffic”Glitch’s default detection policy is calibrated against real Claude Code traffic — including the system prompt and tool descriptions Claude Code sends on every request. Common false-positive patterns (path-traversal-like substrings in tool documentation, multi-turn dev conversations with file operations) are explicitly handled by the default policy so your team can use Claude Code without tuning detector thresholds first.
Next steps
Section titled “Next steps”- Set up with an API key — three env vars, one verification curl, and you’re routing
- Set up with a Max subscription — same setup minus the API key; Claude Code’s OAuth flow handles auth
- API Reference — request/response shapes, error codes, rate-limit headers