Documentation
Sign In
Back to Docs

Authentication

Secure your API requests with API keys

The Anchor CRM API uses API keys for authentication. Every request to the API must include a valid API key. API keys are tied to your organization and can be scoped with different permission levels.

Creating API Keys

  1. Navigate to Settings → API Keys
  2. Click "Create API Key"
  3. Enter a descriptive name (e.g., "FluxCascade Integration", "Development Testing")
  4. Select the appropriate scopes for your use case
  5. Optionally set an expiration date
  6. Copy your API key immediately - it won't be shown again!

Keep your API keys secure

Never commit API keys to version control, share them in public channels, or expose them in client-side code. Treat them like passwords.

Using API Keys

Include your API key in every request as a Bearer token:

Authorization Header

Use the standard Bearer token format in the Authorization header. Keys start with anch_.

curl -X GET "https://your-domain.com/api/companies" \
  -H "Authorization: Bearer YOUR_API_KEY"

API Scopes

API keys are assigned scopes that determine what actions they can perform. Follow the principle of least privilege - only grant the minimum scopes needed.

ScopeDescriptionUse Case
companies:readView companies and detailsReporting, dashboards
companies:writeCreate, update, delete companiesData sync, imports
contacts:readView contactsContact sync
contacts:writeCreate, update, delete contactsCRM sync
deals:readView deals and pipelinePipeline reports
deals:writeManage dealsWorkflow automation
analytics:readView analytics and metricsDashboards, BI tools
*Full access to all resourcesAdmin tools only

See the full list of 22 available scopes on the Scopes reference page.

Rate Limiting

Design your integration for a fair-use budget of 100 requests per minute per API key. Requests over budget may be throttled with a 429 response.

100

Requests per minute

Per Key

Each key has its own budget

429

Status when throttled

Rate Limit Headers

Throttled responses include a Retry-After header plus usage headers:

Retry-After: 45
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1705747200

Authentication Errors

When authentication fails, you'll receive one of these error responses:

401Unauthorized

Missing or invalid API key

{
  "error": "Unauthorized"
}
403Forbidden

API key doesn't have required scope

{
  "error": "Missing required scope: companies:write"
}
429Too Many Requests

Rate limit exceeded

{
  "error": "Too many requests",
  "message": "Rate limit exceeded. Please try again later.",
  "retryAfter": 45
}