Comment by ndriscoll
4 hours ago
To the extent that that's true, it would be in the opposite direction? Auth tokens are meant to be used by the User Agent to effect the wishes of user, often encode permissions the user has, and are used with public APIs like those intended for web browsers. API keys are usually for private communication like server to server.
The usual expectation is you don't care what agent the user is running. You just care about what they're doing with it (permissions, rate limits, etc.).
Honestly that’s a detail far removed from the discussion. Folks are surprised they cannot use something that would obviously be against the T&Cs.
Everyone knows no one reads terms and that it isn't feasible for a normal person to do so, so I don't know why it would "obviously" be against them to anyone. If you're paying for a subscription with known limits, you'd expect you can use up to those limits. It's no more obvious to me than if you used the API token and got banned for using another client, or if a website decided to ban Firefox users.
I just fail to see your argument. You are paying for Claude code or Antigravity. Not for the raw underlying compute. It’s not about reading T&Cs but the expectation is just because you are paying for a service does not give you the right to freely use the API however you want. Hence why I said it really reminds me of a private vs public API. Don’t be surprised if you get shutout of the private API. All subscriptions are bound by acceptable use.
Maybe I am out of touch but I struggle why folks are surprised by this. I would argue that banning accounts is probably too harsh but we will see if that is a short term remedy.
There is a reason that in general the cost of a token via API is more expensive than when using the consumer tool.
1 reply →