Anchor API uses API keys to authenticate requests. All requests must be made over HTTPS and authenticated over standard HTTP basic authentication. So will API requests sent without a valid API key.
API keys can be created, viewed and managed in the Anchor dashboard on the Settings > Developers > API keys screen.
You can create an API key by specifying a name, environment, expiration and permission (read-only, modify, or write)
All API requests are authenticated with an API key with the following request header format:
curl --location --request GET '<base_url>/v1/api/v1/customer' \ --header 'x-anchor-key;'
An invalid, missing or expired api key will result in HTTP 401 Unauthorized responses.
They should not be in your client-side code or checked into your application's code or commit your API keys to git.