Part ofWhat Is Claude Code? The Complete Guide
Authenticate Claude Code in the terminal: the /login browser handshake, the API-key route, headless CI tokens and fixes for auth failures.
In This Article
7 sectionsTo authenticate Claude Code in the terminal, run claude and type /login: a browser tab opens, you sign in with your Claude.ai account, and the CLI stores the OAuth token. No browser? Set ANTHROPIC_API_KEY or run claude setup-token for a long-lived credential. Subscription login bills your plan; the key bills per token.
We sign in to Claude Code several times a week — new laptops, CI runners, a VPS, the occasional stubborn WSL2 setup — so this guide is the checklist we actually use, not a paraphrase of the docs. If you're still deciding whether the tool is for you at all, start with our pillar guide, What Is Claude Code? — everything below assumes the CLI is installed (if it isn't, our guide to the Node.js version Claude Code needs covers the prerequisites first) and you just need to authenticate Claude Code in the terminal.
How to authenticate Claude Code in the terminal with OAuth
The default Claude Code login is an OAuth handshake between your terminal and your browser. Anthropic's authentication documentation lists every supported method, but the browser flow is the one nine out of ten people need. The whole sequence:
- Run
claudein any project directory. The terminal prompts you to authenticate Claude Code on first run and asks which login method you want. - Pick your account type. "Claude account with subscription" bills your existing Pro or Max plan. "Claude Console account" authenticates against Anthropic's developer console and bills API credits instead.
- Approve in the browser. A tab opens, you sign in, you click Authorize, and the token lands back in the terminal on its own. Done.
- No browser opened? Press
cto copy the login URL, then paste it into any browser yourself. Same result. - Browser showed a code instead of redirecting? Copy it and paste it at the terminal's "Paste code here if prompted" prompt. That's the designed fallback in WSL2, SSH sessions, and containers — not a bug.
Already inside a session? Type /login to re-run the flow without restarting; that's also the account-switching command we'll come back to. The credential persists — macOS stores it in the Keychain, Linux and Windows keep it under ~/.claude — so you authenticate Claude Code in the terminal once per machine, not once per day. For everything /login sits alongside, our Claude Code CLI documentation guide maps the full slash-command set.
Here are all four supported methods at a glance:
| Method | How it works | Bills against | Best for |
|---|---|---|---|
| Claude.ai account (OAuth) | /login → browser → authorize | Pro or Max subscription | Daily interactive coding |
| Claude Console account (OAuth) | Same flow, Console credentials | API credits, per token | Teams billing through Console |
ANTHROPIC_API_KEY | Environment variable, no browser | API credits, per token | Scripts, servers, CI |
claude setup-token | One browser login → year-long token | Pro or Max subscription | Headless machines, pipelines |
Claude Code API key setup: the ANTHROPIC_API_KEY route
You can also authenticate Claude Code in the terminal without any browser involvement: generate a key at Anthropic's developer console (platform.claude.com), export it, and the CLI picks it up silently.
export ANTHROPIC_API_KEY=sk-ant-... # macOS / Linux
$env:ANTHROPIC_API_KEY = "sk-ant-..." # Windows PowerShell
Three things to know before committing to this Claude Code API key setup:
- The key wins every conflict. If
ANTHROPIC_API_KEYis set, Claude Code uses it — even while you're logged in with a subscription, and even after/logout. This is the single most common billing surprise we see. - Billing is metered per token, at standard Anthropic API rates, with no monthly ceiling. A heavy refactoring day can cost more than a month of the Pro plan.
- Keys belong in secret managers, not in dotfiles committed to git. Treat one like a password, because functionally it is one.
Subscription or API key: which should you choose?
This is really a billing decision wearing an authentication costume — how you authenticate Claude Code in the terminal decides which meter runs. We use both: subscription login on our laptops, an API key inside automation.
| Subscription login (OAuth) | API key (ANTHROPIC_API_KEY) | |
|---|---|---|
| Cost model | Flat monthly: Pro $20, Max 5x $100, Max 20x $200 | Per million tokens: Claude Sonnet 4.6 $3/$15, Claude Opus 4.8 $5/$25, Claude Haiku 4.5 $1/$5 |
| Predictability | Fixed bill; usage limits reset in 5-hour windows | Bill scales with usage; no session caps |
| Setup effort | /login, browser, thirty seconds | Console account, key creation, env var |
| Best for | Individuals coding daily | CI pipelines, scripts, bursty team workloads |
The crossover math is short: if you'd burn more than $20 a month at per-token rates — most daily users clear that in a week — a subscription wins. Our Claude Max breakdown covers when the 5x and 20x tiers pay off, and the full per-model rate card lives in our Anthropic Claude API pricing guide. Lighter users are often fine on the Claude Pro plan; heavy Claude Opus 4.8 users should run the numbers twice.
Switching accounts and logging out
Switching between a work and personal Claude Code login takes two commands inside any session. /logout clears the stored token; /login lets you authenticate Claude Code in the terminal again, restarting the browser handshake where you pick the other account. Then run /status and read what it reports — active account, auth method, and whether anything is overriding them.
That last check matters because of a trap that catches nearly everyone once: /logout clears your OAuth token but leaves ANTHROPIC_API_KEY untouched. If the variable is exported, Claude Code keeps working after logout and quietly bills the API instead of asking you to sign in. Run unset ANTHROPIC_API_KEY, remove the line from your shell profile, and you can authenticate Claude Code in the terminal with the account you actually meant to use.
Headless, SSH, and CI: terminal-only authentication
Servers, containers, and pipelines can't pop a browser tab, and in our experience this is where most Claude Code authentication questions actually come from. You can still authenticate Claude Code in a terminal-only environment three ways — each is a different answer to how you sign in to Claude Code from the terminal:
claude setup-tokenfor subscription billing. Run it once on a machine that has a browser, complete the OAuth login, and it prints a long-lived token — valid for about a year — tied to your subscription. Export it asCLAUDE_CODE_OAUTH_TOKENon the headless box or in CI secrets, and every non-interactive run authenticates without prompting.ANTHROPIC_API_KEYas a CI secret. The right call when the pipeline should bill a shared team account rather than one engineer's plan. Store it in GitHub Actions secrets or your CI's equivalent, never in the repository.- The paste-code fallback over SSH. Run
/loginin the SSH session, presscto copy the URL, open it in your local browser, and paste the resulting code back into the remote terminal. One macOS-remote gotcha: the Keychain must be unlocked in that SSH session (security unlock-keychain), or the token can't be saved and the CLI re-prompts forever.
Common authentication failures and the quick fixes
Failed attempts to authenticate Claude Code in the terminal cluster into a handful of repeating patterns. Anthropic's installation and authentication troubleshooting guide has the official steps; this is the field version, ordered by how often each one has bitten us:
| Symptom | Likely cause | Quick fix |
|---|---|---|
OAuth error: Request failed with status code 500 | Server-side fault mid-handshake | Check status.claude.com, retry, clear the ~/.claude cache — full walkthrough in our OAuth 500 guide |
| "Authorization failed" / internal server error | Auth server incident or stale local state | Update the CLI, re-run /login — steps in our authorization failed fix |
| Asked to log in every single day | Keychain access denied, or corrupted cache | Grant your terminal Keychain access; delete stale state under ~/.claude |
| Can't paste the auth code | Terminal intercepting the paste shortcut | Use right-click paste or the terminal's Edit menu, then retry /login |
| Logged out, still billed API rates | ANTHROPIC_API_KEY still exported | unset ANTHROPIC_API_KEY, restart the session |
| Browser shows a code, terminal keeps waiting | No callback path (WSL2, SSH, container) | Paste the code at the prompt — that's the intended flow |
One habit saves more time than any table: when login misbehaves, run /status before touching configuration. It tells you which credential Claude Code is actually using, and nine times out of ten the "mystery" is an environment variable somebody exported months ago. Get that reflex down and you can authenticate Claude Code in the terminal — or un-stick it — in under a minute.
Claude pricing at a glance
| Plan | Price |
|---|---|
| Free | $0 |
| Pro | $20 / month |
| Max | from $100 / month |
| API | Pay per token |
For the full breakdown of every plan, see our how much Claude costs guide.
Frequently Asked Questions

Written by
InnovateTechie
Writing about Claude and the Anthropic toolkit — models, Claude Code, pricing, features, and fixes, in clear, practical, hands-on guides tested by daily use.
View all posts →




