Authentication

Codecosts uses Clerk for authentication. Sign in with email, Google, or GitHub — Clerk handles sessions automatically.

Browser

Sign in via the Clerk widget on the landing page. Clerk sets a session cookie and the server verifies it on every request. No tokens or API keys needed for browser access.

SDK & CLI

For programmatic access, create a Codecosts API key from the web UI and pass it as a Bearer token:

import { createClient } from '@codecosts/sdk';

const client = createClient({
  baseUrl: 'https://codecosts.com',
  apiKey: 'sk_your_api_key',
});

See API Keys for key management endpoints.

Note

API keys are for authenticating to the Codecosts dashboard and API — they are unrelated to your Anthropic API key, which is sent by your Claude client and forwarded to Anthropic by the proxy.

Rate limiting

Scope	Limit
Global (all endpoints)	600 requests / minute per IP
Proxy /v1/messages	300 requests / minute per proxy endpoint
Proxy /v1/messages/count_tokens	600 requests / minute per proxy endpoint

When rate limited, the response includes a retryAfter field (seconds until the limit resets):

{
  "error": "Too many requests",
  "code": "RATE_LIMITED",
  "retryAfter": 12
}