> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anchorage.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate Anchorage Digital API requests with API keys and signatures.

All API requests require the `Api-Access-Key` header.

```http theme={null}
Api-Access-Key: YOUR_API_KEY
```

Some endpoints also require:

```http theme={null}
Api-Timestamp: 1577880000
Api-Signature: 4bf42054bf7db1f8...
```

For how permission groups, keys, and signatures work together, see [API setup](/knowledge-base/platform/developers/setting-up) and [Request signing](/knowledge-base/platform/developers/request-signing).

## How authentication works

API authentication has three layers. Every request needs all the layers that apply to the endpoint you're calling.

<CardGroup cols={3}>
  <Card title="Permissions" icon="badge-check" href="/knowledge-base/platform/developers/permission-groups">
    A permission group defines which vaults a key can access and what operations it can perform.
  </Card>

  <Card title="API key" icon="key" href="/knowledge-base/platform/developers/api-keys">
    An access key identifies the caller and is required on every request.
  </Card>

  <Card title="Signature" icon="signature" href="/knowledge-base/platform/developers/request-signing">
    An Ed25519 signature authorizes sensitive endpoints, such as withdrawals.
  </Card>
</CardGroup>
