ak_, created on the API Keys page) and personal access tokens (pat_, created under Account → Tokens). See the Authentication guide for the full walkthrough and the differences between them.
Pass the credential in the Authorization header on every request:
Copy your credential when you create it — it’s shown only once. Store it in a secret manager, never in source control.
Working across organizations
An organization API key (ak_) carries its organization implicitly. A personal access token (pat_) does not — set the target organization with the X-Anyreach-Org header:
Access and permissions
A credential can do whatever the issuing user or organization role can do, governed by roles and scopes. Some endpoints return a reduced set of fields to lower-privileged credentials — for example, conversation transcripts and recordings requireconversations:read_sensitive (see Permissions and data access).
Failed authentication
| Status | Meaning |
|---|---|
401 | The credential is missing or invalid, or a pat_ token was sent without the X-Anyreach-Org header. |
403 | The credential is valid but its scopes don’t grant access to the action. |

