Skip to main content

Base URL

The Anchor API is accessible at your self-hosted instance: 
http://localhost:3001
For production deployments, replace with your configured APP_URL.

API Prefix

All API endpoints are prefixed with /api: 
http://localhost:3001/api/notes
http://localhost:3001/api/tags
http://localhost:3001/api/auth

Content Type

All requests must use application/json content type for request bodies: 
Content-Type: application/json

Request Validation

The API uses strict validation:
  • Required fields must be present
  • Extra fields not defined in the schema are rejected
  • Field types are enforced (strings, booleans, arrays, etc.)
  • Whitespace is automatically trimmed where appropriate

Rate Limiting

Anchor does not currently implement rate limiting. Consider implementing rate limiting at the reverse proxy level for production deployments.

Error Responses

All errors follow a consistent format: 
{
  "statusCode": 400,
  "message": "Validation failed",
  "error": "Bad Request"
}

Common Error Codes

400
Bad Request
Invalid request body or parameters
401
Unauthorized
Missing or invalid authentication token
403
Forbidden
Insufficient permissions or feature disabled
404
Not Found
Resource does not exist or user lacks access
409
Conflict
Resource already exists (e.g., duplicate email)
500
Internal Server Error
Unexpected server error

Response Formats

Success Response

Successful requests return appropriate status codes:
  • 200 OK - Successful GET, PATCH, DELETE
  • 201 Created - Successful POST (resource creation)

Empty Responses

Some endpoints return no content:
  • 204 No Content - Successful deletion with no body
  • Empty object {} for operations with no return value

Data Types

Timestamps

All timestamps use ISO 8601 format: 
"2026-03-02T10:30:00.000Z"

UUIDs

All resource IDs are UUIDs v4: 
"550e8400-e29b-41d4-a716-446655440000"

Enums

The API uses specific enum values for state management: NoteState
  • active - Normal note state
  • trashed - Soft-deleted, in trash
  • deleted - Permanently deleted
NoteSharePermission
  • viewer - Read-only access
  • editor - Read and write access
UserStatus
  • active - Active user account
  • pending - Awaiting admin approval
RegistrationMode
  • disabled - No new registrations
  • enabled - Open registration
  • review - Registration requires admin approval

Next Steps

Authentication

Learn how to authenticate API requests

Notes

Manage notes with full CRUD operations

Tags

Organize notes with tags

Sharing

Share notes with other users

Health Check

Check API Health

GET /api/health
endpoint
Health check endpoint to verify the API is running and responsive.
Authentication: None (public endpoint) 
curl -X GET http://localhost:3001/api/health

{
  "status": "ok"
}
This endpoint is used by monitoring tools and health checks in Docker/Kubernetes deployments. It does not check database connectivity - it only confirms the API server is running.

Build docs developers (and LLMs) love

Get started for freeTalk to us