[FEATURE] Support for Strict Enterprise APIM Gateways (Custom Paths, Payload Injection, SSE Fallbacks)
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Working workaround (proxy) https://github.com/SamuelMarks/claude-apim-proxy ; can CC0 license it for you just ask.
We are currently deploying Claude Code in an enterprise environment (Stanford University) that routes Anthropic Bedrock traffic through a strict API Management (APIM) gateway.
While the recent addition of CLAUDE_CODE_USE_BEDROCK=1 and ANTHROPIC_CUSTOM_HEADERS is a massive step forward, Claude Code still cannot natively connect to our APIM gateway. We are currently forced to run a local proxy middleware to rewrite Claude Code's outgoing requests.
Specific issues with strict enterprise gateways include:
- Advanced Gateway Routing / Exact Endpoints:
ANTHROPIC_BASE_URLunconditionally appends/v1/messages. Many enterprise gateways route to specific base paths (e.g.,/awssig4claude37/aswsig4claude37) and will return a404if/v1/messagesis appended. - Custom JSON Payload Injection: Our gateway requires custom top-level keys to be present in the JSON body (e.g.,
prompt_text: "proxy bypass") for auditing and routing purposes. - Graceful Non-Streaming Fallback: Some enterprise security gateways aggressively block chunked streaming responses (
stream: true). When this happens, Claude Code crashes or hangs. - Strict Bedrock Payload Sanitization: Bedrock via strict APIM gateways will violently reject payloads with a
400 Bad Requestif they do not perfectly adhere to Bedrock's strict, undocumented schema limits.
Proposed Solution
We propose a set of features that would allow Claude Code to natively support strict enterprise API gateways:
- Exact Endpoints Variable: Provide an environment variable like
ANTHROPIC_EXACT_ENDPOINT="https://apim.corp.com/specific/path". If set, the HTTP client uses this exact URL without appending any standard paths. (Alternatively,ANTHROPIC_OMIT_PATH=1). - Payload Injection Variable: Introduce a new environment variable:
ANTHROPIC_CUSTOM_PAYLOAD_INJECT='{"prompt_text": "proxy bypass"}'. The network client would deeply merge this object into the root of the outgoing Anthropic API payload before it is sent. - Internal SSE Faking / Disable Streaming: If a streaming request fails (e.g., due to specific HTTP error codes or timeouts related to chunked encoding), Claude Code should gracefully fall back to a blocking (non-streaming) request. Once the full response is received, the internal client can simulate the SSE events so the UI stream processor doesn't need to be rewritten. Add a toggle like
CLAUDE_CODE_DISABLE_STREAMING=1to force this behavior immediately. - Built-in Bedrock Sanitization: When
CLAUDE_CODE_USE_BEDROCK=1is set, apply a pre-flight payload sanitizer:
- Ensure a maximum of 4
cache_controlblocks per request (stripping older ones). - Enforce that
tool_useblocks are strictly at the end of the assistant's content array. - Enforce that
tool_resultblocks are strictly at the beginning of the user's content array. - Strip empty
thinkingblocks from assistant messages, as these cause immediate gateway rejections.
Alternative Solutions
- Local Proxy Middleware: We are currently forced to run a local proxy middleware to rewrite Claude Code's outgoing requests. This adds complexity and friction to enterprise onboarding, as users have to install and run background services.
- Network/Gateway Adjustments: Modifying the strict APIM gateways to accept standard requests is generally not possible in strict enterprise environments like Stanford without extensive architectural exceptions.
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
An enterprise user wants to connect to Bedrock through their strict APIM gateway. They can set the following environment variables:
export CLAUDE_CODE_USE_BEDROCK=1
export ANTHROPIC_EXACT_ENDPOINT="https://apim.corp.com/awssig4claude37/aswsig4claude37"
export ANTHROPIC_CUSTOM_PAYLOAD_INJECT='{"prompt_text": "proxy bypass"}'
export CLAUDE_CODE_DISABLE_STREAMING=1
claude
With these set, Claude Code can natively bypass proxy restrictions, successfully route without /v1/messages being appended, inject required audit keys, and fallback to non-streaming requests, providing a seamless user experience.
Additional Context
Enterprise adoption of Claude Code is heavily bottlenecked by complex corporate networking setups (Zscaler, custom APIMs, VPN routing conflicts). Allowing Claude Code to dynamically adjust its network footprint without requiring users to build and run local Python proxies would significantly ease enterprise onboarding.
Reference Implementation: For context, the code in https://github.com/SamuelMarks/claude-apim-proxy serves as our current local proxy middleware. It implements the exact workarounds described above (payload sanitization, SSE faking, custom payload injection, and path overriding) and can be used as a reference implementation to learn from when natively integrating these features into Claude Code.
Thank you for considering these additions!
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗