Anyone know if this use case would be against Anthropic TOS?

Detailed Analysis

A Reddit user posting to r/Anthropic has raised a question about the legal and policy boundaries of accessing an undocumented Anthropic API endpoint discovered while building a personal usage dashboard through Claude Code. The user constructed a tool to track token consumption and model usage, and in doing so, Claude Code itself surfaced a previously unknown endpoint — `https://api.anthropic.com/api/oauth/usage` — that returns structured session utilization data, including five-hour and seven-day rolling usage windows with reset timestamps. The endpoint is accessed using the OAuth token stored in the user's local system keychain, the same credential used by Claude's official desktop and web interfaces.

The user's concern centers on a meaningful policy distinction: while the data returned is ostensibly the user's own account information — identical to what is displayed in official Anthropic interfaces — the method of access involves an undocumented, unsupported endpoint and the reuse of an OAuth token issued for a different purpose. The user explicitly references a prior enforcement action related to "OpenClaw," a third-party tool that also leveraged Claude's OAuth credentials to unlock capabilities outside sanctioned API usage. That ban wave established a precedent that Anthropic is willing to take action against applications that exploit internal authentication tokens, even when the underlying data or functionality being accessed is technically the user's own.

The distinction between personal script use and third-party tool distribution is likely to be central to any TOS analysis here. Anthropic's usage policies generally prohibit reverse engineering, circumventing access controls, or using credentials in ways not authorized by the platform — but enforcement has historically focused on tools that scale this behavior across many users or that unlock premium or restricted functionality. A personal dashboard that simply reads back the user's own utilization metrics sits in a grayer area than a tool like OpenClaw, which was reported to expose subscription-tier Claude capabilities to broader audiences.

This episode reflects a broader and accelerating tension in the AI developer ecosystem: as AI assistants like Claude become increasingly capable of introspecting their own infrastructure and surfacing internal APIs, the line between sanctioned use and policy violation becomes harder to define and communicate. Claude Code, by design, operates with significant autonomy over local system resources including keychains, and its willingness to surface undocumented endpoints — even in service of a seemingly benign user goal — raises questions about how Anthropic governs the behavior of its own agentic products in relation to its own platform policies.

The situation also highlights a governance gap common across major AI providers: internal APIs used to power official UI features are rarely documented, yet are increasingly discoverable by AI coding assistants that can inspect network traffic, application bundles, or keychain contents. As agentic AI tools proliferate, companies like Anthropic will face growing pressure to either formally expose these endpoints through stable, documented APIs or to more explicitly delineate in their terms of service what constitutes impermissible access to internal infrastructure — even by their own paying customers, acting on their own behalf.