> ## Documentation Index
> Fetch the complete documentation index at: https://onecli.sh/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Anthropic Integration: Claude API Key Injection

> Inject your Anthropic API key into agent requests so they can call Claude models without ever seeing or handling the key.

## Overview

OneCLI injects your Anthropic API key into requests to `api.anthropic.com` automatically. Agents make standard HTTP requests to the Anthropic API; the gateway adds the credentials before forwarding.

This lets agents use Claude models (Claude Opus, Sonnet, Haiku) without ever seeing or handling your API key directly. For routing to Claude via Google Cloud instead, see [Vertex AI](/integrations/vertex-ai). For a comparison of supported LLM providers, see [LLM Providers](/integrations/llms).

## Auth methods

| Format                        | Header          | How it works                 |
| ----------------------------- | --------------- | ---------------------------- |
| API key (`sk-ant-api...`)     | `x-api-key`     | Key injected as raw value    |
| OAuth token (`sk-ant-oat...`) | `Authorization` | Injected as `Bearer {token}` |

OneCLI detects the key format automatically and uses the correct injection method.

## Setup

<Steps>
  <Step title="Go to Connections">
    Open the OneCLI dashboard and navigate to **Connections** > **LLMs**.
  </Step>

  <Step title="Add your key">
    Click **Add secret** and select **Anthropic API Key**. Paste your API key (starts with `sk-ant-api` or `sk-ant-oat`).
  </Step>

  <Step title="Verify">
    OneCLI validates the key against the Anthropic `/v1/models` endpoint to confirm it works before saving.
  </Step>
</Steps>

## How it works

1. Your API key is encrypted and stored by OneCLI (AES-256-GCM at rest)
2. When an agent sends a request to `api.anthropic.com`, the gateway intercepts it
3. The gateway injects the API key into the appropriate header
4. The request is forwarded to Anthropic

Agents never see the raw key. If the key is rotated, update it in the dashboard and all agents pick up the new key automatically.

## Controlling access with rules

Use OneCLI's [rules engine](/guides/rules) to control how agents use your Anthropic key. For example, you can rate-limit requests, restrict agents to specific models by blocking certain paths, or flag high-cost operations for manual approval. Rules are evaluated before credential injection, so a blocked request never reaches Anthropic.