Skip to content
ANCHOR

Authentication

Anchor API clients authenticate before performing privileged operations. Authentication identifies the actor; authorization still depends on permissions, scopes, policy, target context, and requested operation.

Token Handling

Section titled “Token Handling”

Keep tokens short-lived where practical, avoid logging credentials or tokens, and restrict token use to the intended automation context.

Identity Authenticate

Every API workflow starts with a known actor or automation identity.

Target Target

Requests name scoped objects such as resources, accounts, policies, sessions, and logs.

Control Authorize

Permissions, scope access, effective policy, and requested operation stay connected.

Evidence Record

Job results, logs, audit records, and posture signals close the loop.

Authorization

Section titled “Authorization”

Authentication proves identity. Authorization decides whether the authenticated actor can perform a specific operation against a specific object under the current policy model.

Use dedicated service identities for automation instead of sharing personal administrator credentials.

PracticeWhy it matters
Use short-lived tokens where practical.Reduces exposure if a token is copied or leaked.
Keep automation identities narrow.Makes API activity easier to explain and revoke.
Never log tokens or credentials.Evidence should prove activity without exposing secret material.