Getting Your API Key
- Log in to your anyformat account
- Navigate to the API Key page to generate a new API key and copy it. For security reasons, the API key will only be displayed once.
Authentication Method
Use your API key in theAuthorization header with Bearer format:
Using Your API Key
Include your API key in the request headers for all API requests:The API accepts the
Authorization header in any casing (for example, authorization, Authorization, or AUTHORIZATION). HTTP headers are case-insensitive per the HTTP specification.API Key Scoping
Each API key is tied to a single organization. All API requests made with that key operate within that organization’s data — you can only access workflows, files, and webhooks belonging to that organization.- A user who belongs to multiple organizations needs a separate API key for each one
- Generating a new API key automatically revokes the previous key for the same organization
- API keys grant the same access level as the user who created them (there are no granular scopes or permission restrictions on keys)
API keys are managed in the anyformat platform. The API does not expose key management endpoints.
Public Endpoints
The following endpoints do not require API key authentication:/- API root/health/- Health check/schema/- OpenAPI schema/docs/- Swagger UI documentation
Revoking a Key
Generate a new key to automatically revoke the old one.
Security Best Practices
- Never share your API key - Treat it like a password
- Rotate keys periodically - Generate new keys on a regular schedule
- Use environment variables - Store keys in environment variables in production
- Monitor key usage - Watch for suspicious activity in your account
- Never expose in client-side code - API keys should only be used server-side
If you need to generate a new API key or suspect your key has been compromised, visit the API Key page in your anyformat app immediately.