Frequently Asked Questions
Quick answers to common questions. Can't find yours? See Support.
How do I get an API key?
An organization admin can create keys at Settings → API Keys (/settings/api-keys). The full key is shown once at creation — copy it then. See the Quick Start.
Which header do I use for authentication?
Send your key as a Bearer token: Authorization: Bearer anch_.... This is the only supported API-key header.
Is there an OpenAPI spec or interactive explorer?
Yes — the OpenAPI JSON is served at /api/openapi and a Swagger UI is available at /api-docs. The per-resource pages under API Reference are the most accurate description of request and response shapes.
How does pagination work?
List endpoints accept limit (default 50) and offset, and return { data, meta: { total, limit, offset } }. Walk pages by increasing offset until you reach total. (The invoices list returns { data } without meta.)
What format are IDs and timestamps?
IDs are opaque nanoid strings. Timestamps are Unix epoch milliseconds. Monetary values are integers in cents with a separate currency field.
Are deletes permanent?
Most resources (companies, contacts, deals, tasks, time entries) are soft-deleted: they vanish from lists immediately and are purged later. Notes and invoices are hard-deleted — those are permanent right away.
Why am I getting 403 errors?
Your key is valid but missing a scope. The error body names it, e.g. { "error": "Missing required scope: deals:write" }. An admin can edit the key's scopes — see Scopes.
Why am I getting 404 for a record that exists?
All data is scoped to your organization. A 404 usually means the record belongs to a different organization than the API key, or it was deleted.
Can my team have different permission levels?
Yes. Anchor CRM has role-based access control with intern, contributor, manager, and admin roles. Some API operations (e.g. approving time entries, deleting invoices) require manager or admin roles when using session auth.
Can clients see their invoices without an account?
Yes — generate a client link for an invoice (POST /api/invoices/{id}/client-link) and share the tokenized URL. Stripe payment links are also supported.