ak_) belong to a single organization and carry it implicitly. Personal access tokens (pat_) belong to a user, work across every organization that user is a member of, and require you to name the target organization on each request.
Both are shown in full exactly once, at creation. Copy the secret then — it cannot be recovered afterward.
Which credential to use
Use an org API key (ak_) when | Use a personal access token (pat_) when |
|---|---|
| The credential acts for one fixed organization (a server, a CI job, a service integration). | You work across multiple organizations and want one credential for all of them. |
| You want the organization baked in, with no extra header. | The credential is tied to you as a user and follows your access. |
Organization API keys
Org API keys are created and managed on the API Keys page in your organization. Each key prints once asak_<id>.<secret>; after that the table shows only the truncated key id and the key cannot be revealed again.
Open the API Keys page
Go to API Keys in the organization you want the key scoped to. The key inherits that organization permanently.
Create a key
Click Create API Key, enter a Name, and choose an Expiration. Presets range from 1 day to 365 days, plus Never and Custom Date.
POST /admin/organization-pats with a name and an optional expires_at:
| Field | Type | Default | Description |
|---|---|---|---|
name | string | required | Label for the key. Must not be empty. |
expires_at | integer | null | Expiry as an epoch timestamp. Omit or set null for a key that never expires. |
pat_key exactly once. Subsequent list calls return only key_id (a truncated prefix), name, expires_at, and created_at.
An org API key carries its organization, so you never send the X-Anyreach-Org header with it:
Personal access tokens
Personal access tokens belong to you as a user and work across every organization you can access. Create and manage them under Account → Tokens. A personal access token does not carry an organization. You must name the target organization on each request with theX-Anyreach-Org header:
| Operation | Org API key | Personal access token |
|---|---|---|
| Rename after creation | No | Yes |
| Works across all your organizations | No (single org) | Yes |
Requires X-Anyreach-Org per request | No | Yes |
The PAT secret (the
pat_... value) is returned only when the token is created. Renaming a token does not reveal the secret again.Next steps
Authentication
The full token flow, the
Authorization header, and the X-Anyreach-Org header for personal access tokens.Connecting an MCP client
Use either credential to connect a Model Context Protocol client to Anyreach.

