Skip to main content
An API key authenticates your requests to the Anchorage Digital API. Each key is scoped to a permission group that defines what it can do, so create the group you need before you generate the key.

How to generate an API key

1

Navigate to API key creation

In the Developers, then API 2.0 section of the web dashboard, select Create API key.
2

Generate an Ed25519 key pair

The web dashboard supports in-app key generation, or you can bring your own keys. Use the widget below to generate a key pair in this browser session, or run the Python script manually.
3

Create the API key

Select the permission group you created, and use the public key from the previous step to create your API key. Selecting certain permission groups requires additional quorum approval before the key can be used.
Copy the API key immediately — it isn’t displayed again, and keys aren’t recoverable. If you lose a key, revoke it and generate a new one.
When you create a key, you’ll work with three values:
  1. API access key — sent on every request as Api-Access-Key.
  2. Ed25519 public key — registered during key generation. Use the Anchorage Digital-generated one or bring your own.
  3. Ed25519 private signing key — kept locally to produce signatures before a call.

Using an API key

Every request is made over HTTPS and includes your access key in the Api-Access-Key header.
Sensitive endpoints also require a request signature, passed as Api-Timestamp and Api-Signature.
See Signing requests for the full signature recipe before making sensitive calls.

Revoking an API key

To revoke a single key, select the three-dot menu next to the key and select Revoke. To revoke every key in a group at once, delete the permission group the keys belong to.

Rotating API keys

There’s no dedicated rotation endpoint. You rotate a key yourself by revoking the active key and creating a new one tied to the permission group you want.
1

Create the replacement key

Generate a new API key and assign it to the desired permission group, following the steps above. Update your integration to use the new key.
2

Revoke the old key

Once the new key is in place and confirmed working, revoke the previous key.
Rotate keys on a regular schedule, and immediately if a key may have been exposed. Creating the replacement before revoking the old key avoids any gap in access.