Quickstart API Reference Blog

Authentication

All API requests require authentication. Learn how to authenticate using Bearer tokens or API keys.

Getting Your API Key

To use the Anchora VaaS API, you need an API key. You can get one by:

  1. Signing up at anchora.co.in/waitlist
  2. Accessing your dashboard after account activation
  3. Navigating to Settings > API Keys
  4. Creating a new API key
Keep your API key secret! Never expose it in client-side code, public repositories, or share it publicly.

API Key Format

Anchora API keys follow this format:

Key Type Format Usage
Live Key dcp_live_xxxxxxxxxxxx Production environment
Test Key dcp_test_xxxxxxxxxxxx Development/testing

Authentication Methods

Anchora supports two authentication methods. We recommend using Bearer token authentication.

Bearer Token

Recommended

Pass your API key in the Authorization header with the Bearer scheme. This is the standard OAuth 2.0 approach.

Bearer Token Authentication 
curl -X POST https://api.anchora.io/v1/anchor/encrypted \
  -H "Authorization: Bearer dcp_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"data": {"name": "Alice"}}'

X-API-Key Header

Alternatively, pass your API key in a custom X-API-Key header. Useful for systems that don't support Bearer tokens.

X-API-Key Header Authentication 
curl -X POST https://api.anchora.io/v1/anchor/encrypted \
  -H "X-API-Key: dcp_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"data": {"name": "Alice"}}'

Authentication Errors

If authentication fails, you'll receive one of these errors:

Status Error Description
401 Missing API Key No API key was provided in the request
401 Invalid API Key The API key format is incorrect or doesn't exist
401 Expired API Key The API key has been revoked or expired
429 Rate Limit Exceeded Too many requests; slow down
Error Response Example 
{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key",
    "status": 401
  }
}

Rate Limiting

API requests are rate limited based on your plan:

Plan Requests/Month Requests/Second
Free 1,000 10
Startup 50,000 50
Scale 500,000 100
Enterprise Unlimited Custom

Rate limit headers are included in every response:

Rate Limit Headers 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 985
X-RateLimit-Reset: 1706745600

Best Practices

  • Use environment variables - Never hardcode API keys in your source code
  • Rotate keys regularly - Create new keys periodically and revoke old ones
  • Use test keys for development - Keep live keys for production only
  • Monitor usage - Check your dashboard for unusual activity
  • Handle errors gracefully - Implement proper error handling for auth failures
If your API key is compromised: Immediately revoke it from your dashboard and create a new one. Contact support if you notice unauthorized usage.