Microsoft Foundry supports two documented ways to authenticate requests to a Claude deployment: Azure-issued API keys and Microsoft Entra ID tokens. Both hit the same Azure-hosted endpoint. This article covers the API-key path — where keys come from, how to pass them, and how to manage them responsibly. If your workload already runs inside Azure, read this alongside the Entra ID article, because for production the token-based path is usually the better default.
Where keys come from
API keys are issued by Azure and belong to your Foundry resource — the container that holds security and billing configuration for your Claude deployments. To retrieve a key, open the Foundry portal and go to Build > Models, select your deployment, and open the Details tab. It shows two things you need: the Target URI (your endpoint, shaped like https://<resource-name>.services.ai.azure.com/anthropic) and the Key.
Because the key is scoped to the resource rather than to an individual user, treat it like any shared infrastructure secret: anyone holding it can call the Claude deployments in that resource and generate spend on your Azure Marketplace bill.
Using a key in requests
Over raw REST, pass the key in the api-key or x-api-key header. With the Anthropic SDKs you normally never touch headers — the Foundry client accepts the key directly, and the SDKs also auto-read three environment variables: ANTHROPIC_FOUNDRY_API_KEY, ANTHROPIC_FOUNDRY_RESOURCE, and ANTHROPIC_FOUNDRY_BASE_URL.
import os
from anthropic import AnthropicFoundry
client = AnthropicFoundry(
api_key=os.environ["ANTHROPIC_FOUNDRY_API_KEY"],
resource="example-resource",
)
message = client.messages.create(
model="claude-sonnet-5", # your deployment name
max_tokens=512,
messages=[{"role": "user", "content": "Hello from Foundry"}],
)
print(message.content)
Note the model value is your deployment name, which defaults to the bare model ID — see deploying Claude models in Foundry.
Handling keys well
Keep keys out of code. Load them from environment variables or, better, a managed secret store — Azure Key Vault integration covers the pattern. Never commit a key to a repository, paste it into a ticket, or bake it into a container image.
Rotate on a schedule and on suspicion. Plan for key rotation the way you would for any Azure resource credential: regenerate periodically, and immediately if you suspect exposure. The official Claude-on-Foundry documentation is brief on rotation mechanics, so check the current Foundry portal and Microsoft's documentation for the exact regeneration steps for your resource — and design your applications to reload the key from configuration rather than hard-coding it, so a rotation doesn't require a redeploy.
Scope by resource. Since keys are resource-level, isolation comes from resource layout. If two teams or two environments (say, dev and prod) shouldn't share credentials, give them separate Foundry resources. That also keeps cost attribution and revocation clean: revoking one team's access can't take down another's.
When something goes wrong
If a key leaks, regenerate it at the resource and update your secret store; every client using the old value will start failing authentication, which is exactly what you want. For debugging failed calls, Foundry responses include request-id and apim-request-id headers — capture both in your logs and provide them to support so requests can be traced across Anthropic and Azure systems.
Where to go next
Move production workloads to Entra ID authentication, wire secrets through Key Vault, and see the quickstart if you haven't made a first call yet.