All API requests authenticate with a workspace API key sent as a Bearer token:
curl https://anysola.com/api/agents \
-H "Authorization: Bearer YOUR_API_KEY"
Managing keys
Create and revoke keys under Dashboard → Settings → API keys. The plaintext key is shown once at creation — store it in your secret manager immediately. Keys are stored server-side only as salted hashes and cannot be recovered; if a key is lost, revoke it and create a new one.
Scope
A key is scoped to the workspace that created it. It can act on that workspace's agents and operations and nothing else. There are no cross-workspace keys.
Failure modes
| Response | Meaning |
|---|---|
401 Unauthorized |
Missing, malformed, or revoked key |
402 Payment Required |
Key is valid but the plan blocks the action (agent or quota limit) |
429 Too Many Requests |
Rate limit hit — respect Retry-After |
Rotate keys on a schedule and immediately after personnel changes — revocation is instant.