How do I fix 'API key not configured' in Claude Code?

'API key not configured' in Claude Code means either the ANTHROPIC_API_KEY environment variable is not set in the shell session where you're running claude, or the key stored from a previous claude login has expired or been revoked. The fix depends on how you authenticated: if you used claude login (OAuth via claude.ai), the fix is to run claude login again. If you're using an API key directly, set ANTHROPIC_API_KEY in your shell: export ANTHROPIC_API_KEY=sk-ant-your-key-here

Does Claude Code use OAuth login or an API key?

Claude Code supports both. You can authenticate via claude login, which initiates an OAuth flow through claude.ai and stores a token locally — this is the recommended approach for individual developers without an Anthropic API account. Alternatively, you can set the ANTHROPIC_API_KEY environment variable directly, which is required for CI/CD pipelines, server environments, and team setups using the API. If both are set, ANTHROPIC_API_KEY takes precedence.

Where does Claude Code store its authentication state?

Claude Code stores OAuth tokens and configuration in ~/.claude/ on macOS and Linux. The file ~/.claude/credentials.json holds the OAuth token from claude login. If this file is missing, corrupt, or contains an expired token, you'll see authentication errors. Deleting this file and running claude login again is a clean way to reset authentication state.

How do I configure Claude Code for a CI/CD pipeline?

For CI/CD, set ANTHROPIC_API_KEY as a secret in your pipeline configuration (GitHub Actions Secrets, CircleCI environment variables, etc.) and reference it in your workflow file. Do not use claude login in CI/CD — it requires interactive browser auth. The ANTHROPIC_API_KEY environment variable is the only supported auth method for non-interactive environments.

Claude Code "API key not configured" and authentication errors: 5 causes in diagnostic order

Claude Code CLI authentication fails in several distinct ways — the error messages are similar but the fixes are different. This page covers all five causes in the order you should check them, from most common to least common.

The 30-second fix

If you used claude login: run claude login again — your OAuth token may have expired.
If you're setting ANTHROPIC_API_KEY directly: confirm it's exported in the same shell session (echo $ANTHROPIC_API_KEY), not just set in another terminal tab.
Clean reset: rm -rf ~/.claude/credentials.json then claude login or re-export the key.

What the error looks like

Claude Code produces several different authentication error messages depending on the failure mode:

# Missing key
Error: API key not configured. Run 'claude login' or set ANTHROPIC_API_KEY.

# Invalid or revoked key
Error: invalid_api_key - API key is invalid or has been revoked.

# Expired OAuth token
Error: authentication_error - OAuth token has expired. Run 'claude login' to re-authenticate.

# Enterprise / proxy auth failure
Error: authentication_error - Could not authenticate with the configured API endpoint.

All of these are authentication failures, but they have different causes and different fixes.

Cause 1: ANTHROPIC_API_KEY not exported in the current shell

This is the most common cause when running Claude Code without having used claude login. Environment variables set in one terminal tab are not automatically available in another. If you set the variable in ~/.bashrc or ~/.zshrc but haven't sourced the file in the current session, the variable won't be present.

How to check:

echo $ANTHROPIC_API_KEY

If this prints nothing, the variable is not set in your current shell session.

Fix options:

# Option 1: export for the current session only
export ANTHROPIC_API_KEY=sk-ant-api03-...

# Option 2: add to shell profile so it persists across sessions
echo 'export ANTHROPIC_API_KEY=sk-ant-api03-...' >> ~/.zshrc
source ~/.zshrc

# Option 3: pass it inline for a single command
ANTHROPIC_API_KEY=sk-ant-api03-... claude "your prompt here"

Cause 2: OAuth token from `claude login` has expired or been revoked

If you authenticated via claude login (the browser-based OAuth flow), Claude Code stores a token at ~/.claude/credentials.json. This token can expire, be revoked if you changed your claude.ai password, or become invalid if your subscription status changed.

How to check:

# View the credentials file (don't share this content)
cat ~/.claude/credentials.json

# Check if the token appears corrupt or truncated
# A valid credentials file is valid JSON

Fix: re-run the login flow to get a fresh token:

claude login

This opens a browser window to claude.ai to re-authorize. If the browser flow completes successfully, Claude Code will write a new valid token to the credentials file.

If the login flow itself fails, try deleting the credentials file first to clear any corrupt state:

rm ~/.claude/credentials.json
claude login

Cause 3: API key has been revoked or regenerated in the Anthropic console

If you're using an API key directly (not OAuth), the key may have been revoked through the Anthropic console — either by you, another team member, or automatically if the account was flagged. A revoked key returns an invalid_api_key error even though it was valid when you set it.

How to check: log in to console.anthropic.com/settings/keys. If the key you're using is not listed or shows as "Revoked", that's the issue.

Fix: generate a new key from the console and update your environment variable or secrets manager. If you're using the key in multiple places (CI/CD, local dev, team shared config), update all locations.

Cause 4: Key set in wrong config scope (project vs. global)

Claude Code supports configuration at multiple scopes: global (~/.claude/settings.json or env vars), project-level (.claude/settings.json in the project directory), and inline. If a project-level configuration specifies an API endpoint or auth settings that override your global config, your global key may be ignored.

How to check:

# Check for a project-level claude config
cat .claude/settings.json 2>/dev/null || echo "No project-level config"

# Check the global config
cat ~/.claude/settings.json 2>/dev/null

Look for any apiKey, apiBaseUrl, or auth-related settings that might be overriding the default.

Fix: if a project-level config is setting a different API endpoint or key, either update it to use the correct key, remove the override, or explicitly set ANTHROPIC_API_KEY in the environment — environment variables take precedence over config file values in most cases.

Cause 5: Enterprise/proxy configuration — custom API endpoint

Some organizations route Anthropic API traffic through an internal proxy or use a cloud provider's managed Anthropic endpoint (AWS Bedrock, Google Cloud Vertex AI). Claude Code supports custom endpoints via the ANTHROPIC_BASE_URL environment variable or the apiBaseUrl config setting.

If your organization uses one of these setups, authentication works differently:

AWS Bedrock: uses AWS IAM credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION), not an Anthropic API key. The ANTHROPIC_API_KEY variable is not used.
Google Vertex AI: uses Google Cloud Application Default Credentials, not an Anthropic API key.
Internal proxy: uses whatever auth the proxy requires — often a different key format or a service account token.

How to check: ask your IT or platform team what endpoint Claude Code should be using. If ANTHROPIC_BASE_URL is set to something other than https://api.anthropic.com, you're in this case.

Fix: configure the credentials for the specific endpoint you're using. For Bedrock and Vertex, follow Anthropic's documentation on using Claude Code with cloud provider endpoints — the auth setup is entirely different from the standard API key flow.

Quick diagnostic checklist

Run echo $ANTHROPIC_API_KEY — does it print your key? If not → Cause 1.
Run claude --version — does it respond? If it hangs or errors → try re-login.
Run claude login — does the browser auth complete successfully? If not → check your claude.ai subscription status.
Log in to console.anthropic.com/settings/keys — is the key you're using listed and active? If not → Cause 3.
Check for .claude/settings.json in your project directory → Cause 4.
Check echo $ANTHROPIC_BASE_URL — is it set to a non-default URL? → Cause 5.

Setting up Claude Code from scratch (clean install)

# Install Claude Code
npm install -g @anthropic-ai/claude-code

# Method A: Browser login (requires claude.ai account, easiest for individuals)
claude login
# Follow browser prompt, authorize in claude.ai

# Method B: Direct API key (required for CI/CD and team setups)
export ANTHROPIC_API_KEY=sk-ant-api03-...
# Optionally add to shell profile for persistence

# Verify authentication
claude --version  # should print version
echo "test" | claude  # basic sanity check

Last updated June 8, 2026. Claude Code authentication configuration may change with new releases — verify against the current Claude Code documentation at docs.anthropic.com/claude-code.

Claude Code "API key not configured" and authentication errors: 5 causes in diagnostic order

The 30-second fix

What the error looks like

Cause 1: ANTHROPIC_API_KEY not exported in the current shell

Cause 2: OAuth token from claude login has expired or been revoked

Cause 3: API key has been revoked or regenerated in the Anthropic console

Cause 4: Key set in wrong config scope (project vs. global)

Cause 5: Enterprise/proxy configuration — custom API endpoint

Quick diagnostic checklist

Setting up Claude Code from scratch (clean install)

Related

Cause 2: OAuth token from `claude login` has expired or been revoked