A very common failure mode when teams first automate Claude usage reporting: an engineer takes the API key that powers their production application, points it at GET /v1/organizations/usage_report/messages, and gets an authentication error. Nothing is broken — they have the wrong kind of key. Anthropic separates keys by what they are allowed to see, and the split is worth understanding before you design any reporting or governance automation.
The three key types
| Key type | Prefix / origin | What it unlocks |
|---|---|---|
| Standard API key | sk-ant-..., created in the Claude Console | The workload surface: Messages API and related inference endpoints. Cannot call the Admin API. |
| Admin API key | sk-ant-admin01-..., a separate key type for organization admins | The management surface, including the Usage & Cost Admin API: GET /v1/organizations/usage_report/messages and GET /v1/organizations/cost_report. |
| Analytics API key | Issued for Claude Enterprise (claude.ai) organizations | The Claude Enterprise Analytics API — usage analytics for the claude.ai enterprise product, a separate system from the developer-platform Admin API. |
The design principle is least privilege. A standard key lives in application servers, CI pipelines, and developer laptops — places with a large attack surface. Keeping org-wide usage and cost visibility off that key means a leaked workload credential does not also expose your organization's consumption patterns, workspace structure, or spend. Admin keys, by contrast, should exist in far fewer places: your reporting jobs, your FinOps tooling, and little else.
Organizations only — no individual accounts
The Admin API — and with it the usage and cost endpoints — is unavailable for individual accounts. It is an organization-level facility: the endpoints live under /v1/organizations/, and the reports they produce are organization-scoped, sliceable by workspace, API key, model, and more (see the group-by dimensions guide). If you are on an individual account and need programmatic usage data, the practical answer is to move to an organization; until then, the Console's Usage and Cost pages — with CSV export, available to Developer, Billing, and Admin roles — are the reporting surface.
Claude Enterprise gets a different door entirely
Confusion peaks in companies that use both products: the Claude developer platform (API access for building applications) and Claude Enterprise (the claude.ai assistant for employees). These have separate analytics systems. The Admin API's usage and cost endpoints report on API workloads. Claude Enterprise organizations instead use the Claude Enterprise Analytics API, authenticated with an Analytics API key. An Admin key will not report on your employees' claude.ai usage, and an Analytics key will not report on your API spend. If your CFO wants "total Claude spend," you are joining two data sources, not querying one.
The platform dimension: where these keys work
Key types are a first-party Claude API concept, and the Usage & Cost Admin API does not follow Claude everywhere it runs. Most notably, on Claude Platform on AWS the programmatic usage and cost endpoints are not currently available — Anthropic's documentation says to use the Usage and Cost pages in the Claude Console instead (covered in depth in the Platform-on-AWS exclusion). On Bedrock, Vertex AI, and Foundry, usage observability is the cloud provider's job entirely — CloudWatch, Cloud Monitoring, and Azure Monitor respectively — and Anthropic key types play no role there. A multi-platform usage picture therefore always means multiple collection pipelines.
One more planning note for whoever owns the Admin key: usage and cost data typically appears within about five minutes of a request completing, and Anthropic supports polling at up to once per minute — comfortable headroom for dashboards, no basis for real-time billing gates. Anthropic also lists partner integrations built on this API (CloudZero, Datadog, Grafana Cloud, Honeycomb, Vantage) if you would rather not roll your own collector.
Where to go next
Once you hold the right key, the usage endpoint's dimensions and filters and the cost endpoint's mechanics cover what to do with it. For attribution blind spots — null workspace IDs and Workbench traffic — see Usage API attribution gaps.