Claude Code with a Max Subscription

This guide walks you through routing Claude Code traffic through Glitch when your team uses personal Pro or Max subscriptions to authenticate (the “Claude account with subscription” sign-in flow). Glitch passes the OAuth bearer Claude Code obtains during sign-in straight through to api.anthropic.com, so subscription billing stays with Anthropic while Glitch handles security detection and audit logging.

For teams using a shared Anthropic API key instead, see Claude Code with an API Key.

Why route Max subscription traffic through Glitch

Routing Pro/Max-authenticated Claude Code traffic through Glitch gives your organization:

• Centralized security detection — every prompt passes through your team’s prompt-injection, PII, and jailbreak detectors before reaching Anthropic
• Per-user audit logging — every Claude Code session is captured with model, token counts, detection findings, and the session id Claude Code generates
• Policy enforcement across users — even though each engineer is signed in with their own Anthropic credentials, your team’s detection policy applies uniformly
• Visibility without credential storage — Glitch never sees, stores, or has access to your engineers’ OAuth tokens; they’re forwarded byte-for-byte

The OAuth bearer Claude Code obtains during sign-in is opaque to Glitch. Glitch authenticates your team (not individual engineers) via a separate X-Glitch-Key header — so the gateway can identify the team and apply policy without ever holding Anthropic credentials.

Prerequisites

• Claude Code installed. Latest version recommended; install instructions at code.claude.com.
• Anthropic Pro, Max, Team, or Enterprise subscription. This is what enables the OAuth sign-in flow inside Claude Code.
• Glitch account. Sign up at app.golabrat.ai if you don’t have one.
• Glitch sensor reachable from your machine. Either the SaaS sensor at your assigned subdomain, or a self-hosted sensor on your network.

Step 1: Create a Glitch API key

The Glitch API key authenticates your team to the gateway and ties every Claude Code session to a specific Glitch project, policy, and audit trail. Note: This is your team’s Glitch tenant identity — separate from each engineer’s Anthropic OAuth credentials.

1. Sign in to app.golabrat.ai.
2. Navigate to Settings → API Keys (or your project’s Keys tab).
3. Click Create API Key, name it something like claude-code-{team}, and pick the project whose detection policy should apply.
4. Copy the generated key. It looks like glitch_sk_... and is shown only once.

This single key is shared across every engineer on the team — it identifies the team, not the individual user. Individual identity comes from each engineer’s OAuth bearer (which Anthropic uses for subscription accounting) plus the X-Claude-Code-Session-Id Claude Code generates per session.

Step 2: Configure Claude Code

Set two environment variables in your shell profile (.zshrc / .bashrc) or in Claude Code’s settings.json:

# Where Claude Code sends requests (was: api.anthropic.com)
export ANTHROPIC_BASE_URL="https://your-glitch-sensor.example.com"

# Glitch tenant authentication. Goes in a custom header that Claude Code
# attaches to every outbound request. NOT a secret per-user — this is
# your team's shared Glitch tenant identity.
export ANTHROPIC_CUSTOM_HEADERS="X-Glitch-Key: glitch_sk_..."

Don't set ANTHROPIC_API_KEY

For the Max subscription flow, do not set ANTHROPIC_API_KEY. If both that and the OAuth sign-in are configured, Claude Code will prefer the API key and bill against your Anthropic Console account rather than your Max subscription. Leaving it unset lets Claude Code’s OAuth flow handle authentication on first use.

Environment variables explained

Variable	Purpose
ANTHROPIC_BASE_URL	Redirects Claude Code’s requests from api.anthropic.com to your Glitch sensor. The sensor then forwards to Anthropic upstream after running detection.
ANTHROPIC_CUSTOM_HEADERS	Custom HTTP headers Claude Code attaches to every request. Used here to send X-Glitch-Key so the Glitch sensor can authenticate your team. The value is a single header line (Header-Name: value); for multiple headers use commas.

You don’t need to set ANTHROPIC_AUTH_TOKEN either — Claude Code’s OAuth flow populates the Authorization header automatically once you sign in.

Step 3: Sign in with your subscription

Run claude in your terminal:

claude

The first run will prompt you to sign in. Choose:

> Claude account with subscription (Pro, Max, Team, Enterprise)

A browser window opens. Authorize Claude Code with your Anthropic account. Once you confirm, Claude Code stores the OAuth credentials locally (in your OS keychain on macOS, similar on Linux/Windows) and is ready to use.

Press Enter past any introductory screens and you’re at the Claude Code prompt. Every request from this point on will go through Glitch.

Step 4: Verify the setup

Run a non-interactive prompt to confirm the round-trip works:

claude -p "Print exactly the word: routed"

You should see Claude print routed. The full handshake — first sign-in, steady-state requests, and token refresh — looks like this:

sequenceDiagram
    autonumber
    participant U as User
    participant CC as claude CLI
    participant B as Browser
    participant OA as Anthropic OAuth
    participant GS as Glitch sensor
    participant AA as api.anthropic.com

    rect rgba(0, 212, 255, 0.06)
    Note over U,AA: First sign-in (one-time)
    U->>CC: runs `claude`
    CC->>U: prompts auth choice
    U->>CC: picks "Claude account with subscription"
    CC->>B: opens authorize URL
    B->>OA: user authorizes
    OA-->>CC: redirects with access_token + refresh_token
    CC->>CC: stores tokens in OS keychain
    end

    rect rgba(0, 212, 255, 0.12)
    Note over U,AA: Steady-state request
    U->>CC: types prompt
    CC->>GS: POST /v1/messages<br/>Authorization: Bearer <oauth_token><br/>X-Glitch-Key: glitch_sk_...<br/>X-Claude-Code-Session-Id: <uuid>
    GS->>GS: authenticate X-Glitch-Key,<br/>run detection pipeline
    GS->>AA: forward request<br/>(Authorization verbatim,<br/>X-Glitch-Key stripped)
    AA-->>GS: 200 + response
    GS-->>CC: 200 + response<br/>+ X-Risk-* headers
    CC-->>U: renders output
    end

    rect rgba(0, 212, 255, 0.06)
    Note over U,AA: When the access token expires
    CC->>GS: POST /v1/messages (stale bearer)
    GS->>AA: forward
    AA-->>GS: 401
    GS-->>CC: 401 (forwarded verbatim)
    CC->>OA: refresh_token (direct — bypasses Glitch)
    OA-->>CC: new access_token
    CC->>GS: retry POST /v1/messages with fresh bearer
    GS->>AA: forward
    AA-->>GS: 200
    GS-->>CC: 200
    end

Glitch is stateless with respect to OAuth: it forwards the Authorization header it receives and never participates in the refresh roundtrip — that happens directly between Claude Code and Anthropic’s OAuth endpoint.

Step 5: Inspect the audit log

After running a few prompts:

1. Open app.golabrat.ai and navigate to Logs for the project.
2. Filter by request path /v1/messages. Each row corresponds to one Claude Code request from someone on your team.
3. Click into a log to see the rendered Anthropic conversation — system prompt, tools, user/assistant turns — alongside detection findings, model, token counts, and latency.
4. Group events by session_id (in the request metadata) to reconstruct multi-turn conversations.

You won’t see individual engineer identities directly — Glitch only sees the team-level Glitch API key plus the per-session UUID Claude Code attaches. This is intentional: Glitch never holds OAuth tokens or user identities, so it can’t attribute traffic to specific Anthropic accounts. If you need per-engineer attribution, mint one Glitch API key per engineer and configure Claude Code’s ANTHROPIC_CUSTOM_HEADERS per-engineer in their personal settings.

How it works

Claude Code with a Pro/Max subscription sends requests like:

POST /v1/messages HTTP/1.1
Host: your-glitch-sensor.example.com
Authorization: Bearer <opaque_oauth_token>
X-Glitch-Key: glitch_sk_...
X-Claude-Code-Session-Id: 902dca16-accd-42aa-8a2a-1dd562e45c20
anthropic-version: 2023-06-01
Content-Type: application/json

{
  "model": "claude-3-5-sonnet-20241022",
  "max_tokens": 4096,
  "system": "You are Claude Code...",
  "messages": [{"role": "user", "content": "..."}]
}

The Glitch sensor:

1. Authenticates your team via X-Glitch-Key against the Glitch platform.
2. Looks up your project’s detection policy (the rules and thresholds you’ve configured).
3. Runs the detection pipeline against the request body — signature detectors (regex-based) and LLM-based classifiers run in parallel. The OAuth bearer is opaque to detection; only the prompt content is inspected.
4. Either forwards or blocks:
   • If the policy allows the request, Glitch makes a POST to https://api.anthropic.com/v1/messages with Authorization, x-api-key, anthropic-version, and anthropic-beta headers forwarded verbatim. The response (or stream) is piped back to Claude Code with X-Risk-* response headers added.
   • If the policy denies the request, Glitch returns a 403 with an Anthropic-shaped error envelope ({"type":"error","error":{"type":"permission_error",...}}). Claude Code surfaces this to the user.
5. Emits a SecurityEvent to your audit log with: session id, model, input tokens, detector findings, response status, and latency. The Authorization header (containing the OAuth bearer) is never logged — it’s redacted to [REDACTED] before persistence.

Two credentials, two purposes

Header	Purpose	Who uses it
Authorization: Bearer <oauth_token>	Subscription authentication; identifies the engineer’s Anthropic account	Anthropic (downstream)
X-Glitch-Key: glitch_sk_...	Tenant authentication; identifies your team’s Glitch project	Glitch sensor (consumed and stripped)

The two are completely independent. Glitch never has access to the OAuth bearer beyond passing it through; Anthropic never sees the Glitch key (it’s stripped before forwarding).

Token refresh

Claude Code handles OAuth token refresh entirely on its own — when an OAuth bearer expires, Anthropic returns a 401, Claude Code re-authenticates against its OAuth provider, and retries with a fresh token. Glitch is stateless with respect to OAuth: it forwards whatever Authorization header arrives and forwards the upstream response back unchanged. No special handling needed in the sensor.

Troubleshooting

Claude Code asks me to sign in repeatedly

This usually means the Authorization header isn’t reaching api.anthropic.com. Check:

# Confirm BASE_URL points at Glitch
echo $ANTHROPIC_BASE_URL

# Confirm CUSTOM_HEADERS includes X-Glitch-Key (and ONLY that)
echo $ANTHROPIC_CUSTOM_HEADERS

If ANTHROPIC_API_KEY is set, unset it — having both an API key and OAuth credentials configured can confuse Claude Code’s auth selection.

Claude Code returns “API Error: 401”

Two possible causes:

1. Glitch tenant auth failed. Your X-Glitch-Key is missing, malformed, or revoked. Check echo $ANTHROPIC_CUSTOM_HEADERS and confirm the key is active in the Glitch dashboard.
2. OAuth bearer expired and Anthropic rejected it. Claude Code should auto-refresh, but if your subscription was canceled or the cached token is corrupt, you’ll see a hard 401 from upstream. Sign out and back in: claude /logout then claude to re-authenticate.

To distinguish, the Glitch logs page will show a failed-tenant-auth event for case 1; for case 2, you’ll see a successful Glitch authentication followed by a 401 forwarded from Anthropic.

Claude Code returns “API Error: 403 — Request blocked by Glitch security policy”

Detection fired and your project’s policy blocked the request. Open the corresponding event in the Glitch dashboard’s Logs view to see exactly which detector triggered. Common scenarios:

• A user prompt that resembles a prompt-injection attempt.
• PII content that triggered a signature detector.
• A jailbreak signature.

If the block is a false positive, you can adjust your project’s policy threshold for that detector (raise from L2 to L1, change the action from block to log/alert, or move to a less aggressive policy template).

Claude Code can’t connect at all

# Verify the sensor is reachable
curl -sf https://your-glitch-sensor.example.com/health

Expected response: {"status":"healthy", ...}.

If that fails, your ANTHROPIC_BASE_URL is wrong, your network can’t reach the sensor, or the sensor is down. Check the URL spelling, your VPN/firewall, and the Glitch status page if you’re on the SaaS sensor.

Latency is higher than calling Anthropic directly

Glitch adds two things to the request path: tenant verification (one round-trip to the Glitch platform) and detection (signature regex is sub-millisecond; LLM detection adds ~200-800ms depending on model). For latency-sensitive applications, you can scope the detection policy to fewer detectors or move LLM-based detection from block to alert mode.

My team uses both API keys and Max subscriptions

That’s fine. The Glitch sensor handles both auth modes uniformly — it doesn’t care whether the inbound Authorization header contains a sk-ant-... API key or an opaque OAuth bearer. You can have some engineers configured per the API key guide and others per this guide; both will route through the same Glitch project and show up in the same audit log.

Related

• Claude Code with an API key — the API-key path
• API Reference — full request/response shapes and error codes
• Detectors → Threshold Levels — tune detection sensitivity per project