Quickstart API Reference Blog

Authentication

All API requests require authentication via the Authorization: Bearer header. Learn how to get and use your API key.

Getting Your API Key

To use the Anchora VaaS API, you need an API key. You can get one by:

  1. Signing up at console.anchora.co.in
  2. Accessing your dashboard after account activation
  3. Navigating to Settings > API Keys
  4. Creating a new API key
Keep your API key secret! Never expose it in client-side code, public repositories, or share it publicly.

API Key Format

Anchora API keys follow this format:

Key Type Format Usage
Live Key dcp_live_xxxxxxxxxxxx Production environment
Test Key dcp_test_xxxxxxxxxxxx Development/testing

Authentication Method

All API requests require the Authorization: Bearer header. Pass your API key as a Bearer token on every request.

Bearer Token

Recommended

Pass your API key as a Bearer token in the Authorization header on all requests.

Bearer Token Authentication 
curl -X POST https://api.anchora.co.in/v1/anchor \
  -H "Authorization: Bearer dcp_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"data": {"name": "Alice"}}'

Authentication Errors

If authentication fails, you'll receive one of these errors:

Status Error Description
401 Missing API Key No API key was provided in the request
401 Invalid API Key The API key format is incorrect or doesn't exist
401 Expired API Key The API key has been revoked or expired
429 Rate Limit Exceeded Too many requests; slow down
Error Response Example 
{
  "success": false,
  "error": "Invalid or missing API key",
  "errorCode": "INVALID_ENCRYPTION_KEY"
}

Rate Limiting

API requests are rate limited based on your plan:

Plan Requests/Month Requests/Second
Free 1,000 10
Startup 50,000 50
Scale 500,000 100
Enterprise Unlimited Custom

Rate limit headers are included in every response:

Rate Limit Headers 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 985
X-RateLimit-Reset: 1706745600

Best Practices

  • Use environment variables - Never hardcode API keys in your source code
  • Rotate keys regularly - Create new keys periodically and revoke old ones
  • Use test keys for development - Keep live keys for production only
  • Monitor usage - Check your dashboard for unusual activity
  • Handle errors gracefully - Implement proper error handling for auth failures
If your API key is compromised: Immediately revoke it from your dashboard and create a new one. Contact support if you notice unauthorized usage.