Claude Code reads ANTHROPIC_AUTH_TOKEN and ANTHROPIC_BASE_URL from the environment. Point those at Wardin and every Claude Code session is automatically tracked, budgeted, and policy-enforced — no changes to how your team uses Claude Code.
Setup
export ANTHROPIC_AUTH_TOKEN=wardin_sk_YOUR_KEY
export ANTHROPIC_BASE_URL=https://gw.wardin.ai
ANTHROPIC_API_KEY works too — the gateway accepts both the Authorization: Bearer
and x-api-key auth headers. ANTHROPIC_AUTH_TOKEN is preferred for gateways
because Claude Code treats it as a proxy credential and won’t prompt about a
custom API key.
Add these to your shell profile (~/.zshrc, ~/.bashrc) or your team’s shared environment setup.
You can also set them per-project using a .env file (never commit it) or your shell’s direnv setup.
What gets tracked
Once routed through Wardin, every Claude Code request appears in the dashboard with:
- Token usage — input, output, cache creation, cache read (split correctly for Claude Code’s prompt-caching-heavy workload)
- Cost — broken down by token type
- Session grouping — Claude Code requests are grouped into sessions automatically using idle-timeout bucketing (30-minute sliding window). One coding task = one session.
- Model — which Claude model was used for each request
Issuing team keys
Create one virtual key per developer:
# Create a key for each developer
curl -X POST https://api.wardin.ai/v1/keys \
-H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "alice-claude-code",
"monthlyBudgetUsd": 100,
"ownerId": "user_alice_id"
}'
Send each developer their wardin_sk_ key. They set ANTHROPIC_AUTH_TOKEN=wardin_sk_... and nothing else changes. (Keys can also be created in the dashboard: Console → Keys & Limits.)
CI / headless usage
For CI pipelines, create a separate key with its own budget pool:
curl -X POST https://api.wardin.ai/v1/keys \
-H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "ci-claude-code",
"monthlyBudgetUsd": 200,
"rpmLimit": 20
}'
CI keys return structured JSON errors on 429/403 — no HTML, no human-readable pages.
Model allowlist for Claude Code
If you want to restrict Claude Code to specific models (e.g., block Opus for cost control):
curl -X POST https://api.wardin.ai/v1/policies \
-H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "claude-code-models",
"type": "model_allowlist",
"config": {
"models": ["claude-sonnet-4-6", "claude-haiku-4-5"]
}
}'
Claude Code will receive a 403 with a clear error message if it attempts to use a blocked model.
Session attribution in the dashboard
Claude Code doesn’t send a session ID by default. Wardin groups consecutive requests (< 30 minutes apart) into sessions automatically. You can also set a session ID explicitly via Claude Code’s custom-headers variable:
export ANTHROPIC_CUSTOM_HEADERS="X-Wardin-Session-Id: my-task-$(date +%s)"
ANTHROPIC_CUSTOM_HEADERS is a Claude Code convention that attaches extra headers
to every API request. Wardin trusts an explicit X-Wardin-Session-Id as-is;
without it, the idle-timeout bucketing applies.