A few weeks ago we covered Anthropic’s power move: as of April 4th, OAuth subscription tokens were blocked for all third-party tools — with less than 24 hours notice. OpenClaw, the most affected agent, felt it immediately.
Now Anthropic has clarified its position — and the community is celebrating it as a reversal. Let’s be precise about what changed exactly, because the details matter for your workflow.
What changed: CLI usage with API key is explicitly allowed
Anthropic confirmed that using Claude through command-line tools, scripts, and third-party harnesses is allowed — as long as you authenticate with a pay-as-you-go API key, not subscription OAuth tokens.
That’s the clarification. Not “we lifted the block.” Rather: “we clarified that what we blocked wasn’t everything.”
The rule was always: subscription tokens are for Claude Code, claude.ai, and the Claude Desktop app. What was in a gray zone — and created enormous confusion — was whether the pattern of CLI automation was acceptable in itself, or if they had only closed the OAuth loophole.
Anthropic answered that question: the pattern is fine. The loophole stays closed.
The practical breakdown: green, yellow, red
Fully allowed:
- Using OpenClaw, OpenCode, NanoClaw or any third-party harness with your own Anthropic API key
- Building CLI tools, automation scripts, and agent pipelines with direct API key authentication
- Claude Code itself — nothing changed here
Pay attention:
- Pay-as-you-go API billing is real — autonomous agent workflows that felt “free” with a Max subscription can cost $500 to $1,000+/month at API rates. Audit your consumption before committing
- Prepaid usage bundles are available with up to 30% discount — worth evaluating
Still blocked:
- Subscription OAuth tokens in any third-party tool — no exceptions
- The authentication pathway that OpenClaw originally used to piggyback on subscription quotas remains patched
What this means for the tools we covered
If you’ve been using OpenClaw since our previous article: the latest OpenClaw version includes prompt cache optimizations contributed by Boris Cherny — Head of Claude Code at Anthropic — that significantly reduce API costs. Switching to API key authentication plus cache optimization is the way forward.
OpenCode, NanoClaw, and other harnesses in the same ecosystem are in the same situation: you switch to API key and keep building.
Peter Steinberger, OpenClaw’s creator and current OpenAI employee, called the April 4th enforcement “a betrayal.” The clarification doesn’t repair that trust deficit — but it does confirm that the entire category of tools has a future.
The real lesson
A developer named Juan Torchia summed it up well this week: his workflow didn’t change a single line of code between when CLI usage was in a gray zone and when Anthropic put it in green. What changed was the official text. The uncomfortable part: when you build production pipelines on third-party infrastructure, policy changes can touch your architecture even if they favor you.
It’s not a reason to stop building. It’s a reason to design with that in mind: use API keys instead of OAuth, measure your real token consumption, and treat windows of “flat-rate arbitrage” for what they always were — temporary.
Quick summary
- CLI-style with your own API key:
explicitly allowed - Subscription OAuth in third-party tools:
still blocked - Way forward: OpenClaw/OpenCode + your API key + usage audit