Skip to main content

Authorizing API Requests

All requests to the Anon API require authentication using an API key. This page serves as a centralized reference for all authentication-related information.

API Key Management

Creating an API Key

API keys can only be created by Anon admins.
  1. Navigate directly to Anon Dashboard: API Keys. Ensure you are logged in using your work email.
  2. Click the Create New Key button
  3. Enter a description for your key (e.g., “Production Server”, “Development Environment”)
  4. Click Generate Key
  5. Copy and securely store your API key
API keys are only displayed once when created. If you lose your key, you’ll need to generate a new one.

Using Your API Key

Include your API key in the Authorization HTTP header for all API requests: 
Authorization: Bearer ANON_API_KEY

API Key Best Practices

  • Never share your API key: In publicly accessible areas such as GitHub or client-side code. Make requests to Anon server-side.
  • Separate Development from Production: Create different keys for different environments (development, production).
  • Use secrets or environment variables: To store API keys in your applications.
We recommend rotating your API keys at least every 90 days as a security best practice.

Revoking API Keys

If an API key is no longer needed:
  1. Log in to your Anon Dashboard
  2. Navigate to Settings > API Keys
  3. Find the key you want to revoke
  4. Click Revoke Key
  5. Confirm the action
Once revoked, a key cannot be restored. You’ll need to create a new key if needed.

Environments and Base URLs

Anon provides a single environment for production, with an API endpoint and dashboard:
EnvironmentDetails
Production• Dashboard: dashboard.anon.com
• API Base URL: https://worker.anon.com
• Use for live applications
• API keys start with anon_ and are required for production endpoints
You can use a separate organization for development and production environments.

API Error Handling

The API returns standard HTTP status codes to indicate success or failure:
  • 2xx - Success
  • 4xx - Client error (e.g., invalid parameters, authentication error)
  • 5xx - Server error
Error responses include a JSON body with details: 
{
  "error": {
    "code": "invalid_parameter",
    "message": "The provided migration ID is invalid"
  }
}

cURL Example

curl -X GET https://worker.anon.com/healthz \
  -H "Authorization: Bearer ANON_API_KEY" \
  -H "Content-Type: application/json"