Skip to main content
Point Claude Code at the Toolken gateway and every request is tracked: cost, tokens, latency, and attribution. Your prompts and workflow stay exactly the same.

Pick your auth

Claude Code can reach Anthropic through Toolken two ways: The API key path is the durable default. The subscription path lets a developer route their own Claude plan with nothing to distribute. Both carry the same X-Toolken-Key, so usage lands in your workspace either way.

How to connect

Set it up just for yourself, or roll it out to your whole team. On a Claude subscription? Just run /login and skip the API key. Using an API key? Add it as shown below.

Just for you

The quickest setup: add the config once and every session uses it.
1

Open ~/.claude/settings.json

Create the file if it does not exist.
2

Add the gateway config

On a Claude Pro or Max subscription? Remove the ANTHROPIC_API_KEY line and run /login instead.
ANTHROPIC_BASE_URL has no trailing /v1. Claude Code appends /v1/messages itself.
3

Run Claude Code

Your first request shows up in the dashboard within seconds.

Shell variables (quick test)

The fastest way to try it in one terminal:
Add the lines to ~/.zshrc or ~/.bashrc to keep them across sessions.

Per project

Put the env block in a repo’s .claude/settings.json to route or tag a single project. Use .claude/settings.local.json to keep it out of git.
X-Toolken-Metadata-* headers become attribution dimensions in the dashboard, so you can break cost down per project or environment.
ANTHROPIC_CUSTOM_HEADERS is a single variable. A project value replaces the one from your base settings entirely. The levels do not merge, and ${ANTHROPIC_CUSTOM_HEADERS} does not carry the base value in. Always repeat X-Toolken-Key alongside any per-project headers.

For your whole team

Without a centralized config, every developer has to set ANTHROPIC_BASE_URL, ANTHROPIC_CUSTOM_HEADERS, and their Toolken key by hand, and any one of them can accidentally bypass the gateway by reverting their env. Managed settings solve this: the config is deployed at the OS level and Claude Code loads it at startup before any user config can override it.
1

Create your managed settings file

The file must be placed at a system path that requires admin or MDM access to write. Claude Code reads it automatically at startup.
2

Add the gateway config

The env block inside the file sets environment variables that Claude Code picks up as if the user had exported them. Use your workspace’s Toolken key in X-Toolken-Key.
If your team uses a shared Anthropic API key instead of personal subscriptions, add ANTHROPIC_API_KEY as the last key in the env block. It is shared across the team, sent as x-api-key, and forwarded untouched.ANTHROPIC_BASE_URL must be https://gateway.toolken.ai with no trailing /v1. Claude Code appends /v1/messages itself.
3

Deploy via your MDM or config management tool

Push the file to every developer machine through your usual tooling:
  • macOS (Jamf): add a Files and Processes policy to write the file to /Library/Application Support/ClaudeCode/managed-settings.json with root ownership and 644 permissions.
  • Windows (Intune): use a PowerShell remediation script or a Win32 app to deploy the file to C:\Program Files\ClaudeCode\.
  • Linux: include the file in your Ansible playbook, Chef cookbook, or Puppet manifest targeting /etc/claude-code/.
Once deployed, Claude Code picks up the config on next launch. No terminal commands or shell profile edits are needed from developers.

How the auth model works

The shared X-Toolken-Key in the managed settings file identifies your company’s Toolken workspace. It does not give anyone access to another person’s Anthropic account. Each developer still logs into Claude Code with their own Claude Pro or Max subscription by running /login in Claude Code. When a request goes out, Claude Code sends the developer’s own subscription auth to the gateway, which forwards it untouched to Anthropic. Toolken reads X-Toolken-Key separately for workspace attribution and strips it before forwarding. If the team uses a shared Anthropic API key, add ANTHROPIC_API_KEY to the managed settings env block. The key is shared across all developers, sent as x-api-key, and forwarded to Anthropic untouched. Nobody on the subscription path shares an API key. Each person’s subscription is used independently. The workspace key gives you a single place in the Toolken dashboard to see aggregate usage across the whole team.
Anthropic’s server-managed settings (configured through the Claude.ai admin console) are not applied when Claude Code routes through a custom ANTHROPIC_BASE_URL. Use the file-based managed settings paths above instead. These two mechanisms are independent: file-based managed settings work for any gateway endpoint; Claude.ai admin settings only apply when Claude Code connects directly to Anthropic.

What each credential does

Toolken never stores your Anthropic credentials.

Attribution comes for free

Claude Code natively sends attribution headers that Toolken captures with no extra config: So you can break usage down by session and by subagent out of the box. See Anthropic’s LLM gateway reference. These are ephemeral session and agent IDs, not a developer identity, so they do not attribute cost to a specific person. Anything you set yourself (for example X-Toolken-Metadata-Session-Id) takes precedence over the Claude Code value.
Subscription routing depends on your Claude plan and Anthropic’s gateway support. Anthropic can change or disable it at any time. For production and teams, the API key path is the durable default.

Next

Headers Reference

Every Toolken request header and what it does.

Providers & Routing

One gateway URL, 13 providers, your own keys.

Custom Properties

How attribution headers become groupable dimensions in the dashboard.

Codex

Route OpenAI Codex CLI traffic through Toolken with a custom provider entry.