PSA: If your project has an ANTHROPIC_API_KEY in any .env file, Claude Code will silently bill your API account instead of your Max plan — Anthropic calls it "intentional functionality"
r/ClaudeAI • also crosspost to r/LocalLLaMA and r/artificial
I lost $187 to this and want to save others the same headache.
What happened
I run Claude Code headlessly via Windows Task Scheduler. My project repo has a .env file with ANTHROPIC_API_KEY set — legitimately, for a separate Express server doing AI-based transaction classification. Nothing to do with Claude Code itself.
Claude Code reads environment variables from the .env in its working directory on launch. When it finds ANTHROPIC_API_KEY there, it silently uses that key for billing instead of your OAuth subscription credentials — even though my .credentials.json showed subscriptionType: "max" the entire time. No warning. No notification. No dashboard alert that billing had switched.
Nine auto-recharge charges later, $187 gone.
Anthropic's response
I contacted support. After four denials across two channels, here is their exact explanation:
"Claude Code is designed to prioritize API keys set as environment variables over subscription credentials — this is intentional functionality that gives users flexibility in authentication methods."
Intentional. Undisclosed at the point of use. No opt-out. No warning when CC launches and detects an API key in the environment.
Their final position: "API credits consumed are non-refundable regardless of underlying cause." When I mentioned disputing with my card issuer: "Please be aware that chargebacks may affect your account access."
The fix
One line in your launch script before claude -p runs:
$env:ANTHROPIC_API_KEY = $null # PowerShell
unset ANTHROPIC_API_KEY # bash/zsh
This clears the key from CC's environment so it falls back to OAuth. Your .env is untouched — other tools in the same project still have the key.
Who is most at risk
— Anyone running CC headlessly (Task Scheduler, cron, CI)
— Any project where a .env has ANTHROPIC_API_KEY for a different service (LangChain, Express AI features, etc.)
— Anyone who set up an API key early in a project and forgot it was there
Check your API console for unexpected auto-recharge charges. The line items will show as "Auto-recharge credits" in your billing history.
This came up right after the HERMES.md billing issue — same root pattern, different trigger. Worth knowing.