Environment Setup

This guide helps you prepare your development environment to work with AnkaSecure's post-quantum cryptography platform.

Platform Access

SaaS Platform

AnkaSecure is available as a fully managed SaaS platform. To get started:

Request Access: Contact sales@ankatech.co or your account representative
Receive Credentials: You'll receive:
- Tenant ID: Your organization's unique identifier
- API Endpoint: https://api.ankasecure.com
- Initial Admin User: Credentials to access the platform
Access Admin Console: Log in to configure your organization
- URL: https://console.ankasecure.com
- Create additional users and applications
- Generate API keys for service-to-service authentication

Enterprise On-Premise: For on-premise deployment, contact AnkaTech professional services. Installation and configuration are handled by our team.

Prerequisites by Integration Method

For SDK Integration

Java Development Kit (JDK): - Version: Java 17+ - Download: OpenJDK or Oracle JDK

Build Tool (one of): - Maven 3.6+ - Download - Gradle 7.0+ - Download

IDE (optional but recommended): - IntelliJ IDEA, Eclipse, or VS Code with Java extensions

Verify Installation:

java -version
# java version "17.0.9" or higher

mvn -version
# Apache Maven 3.9.0 or higher

For CLI Integration

Operating System:

Windows: Windows 10/11 (64-bit)
macOS: macOS 11 (Big Sur) or later
Linux: Ubuntu 20.04+, CentOS 8+, or equivalent

Runtime:

CLI is a standalone executable (no additional runtime required)
Java runtime is bundled with the installer

Package Manager (optional, for easier installation):

macOS: Homebrew
Linux: apt, yum, or snap

Verify Installation:

ankasecure-cli version
# AnkaSecure CLI v3.0.0

For REST API Integration

HTTP Client:

curl (command-line) - Pre-installed on macOS/Linux, Windows download
Postman (GUI) - Download
Programming Language: Any language with HTTP library support

Network Requirements:

Outbound HTTPS access to api.ankasecure.com (port 443)
TLS 1.2 or higher support

Verify Connectivity:

curl -I https://api.ankasecure.com/api/v1/public/health
# HTTP/2 200
# content-type: application/json

Authentication Setup

Option 1: API Key Authentication (Recommended for Services)

1. Generate API Key (via Admin Console):

Log in to https://console.ankasecure.com
Navigate to Applications → Create Application
Copy the generated API key (shown once)

2. Configure API Key:

SDK (Java):

ClientConfig config = ClientConfig.builder()
    .baseUrl("https://api.ankasecure.com")
    .apiKey("ask_1234567890abcdef...")  // Your API key
    .tenant("your-tenant-id")
    .build();

CLI:

ankasecure-cli config set api-key "ask_1234567890abcdef..."
ankasecure-cli config set tenant-id "your-tenant-id"

REST API (HTTP Header):

curl https://api.ankasecure.com/api/v1/crypto/encrypt \
  -H "Authorization: Bearer ask_1234567890abcdef..." \
  -H "X-Tenant-ID: your-tenant-id"

Option 2: User Authentication (JWT)

1. Obtain JWT Token:

curl -X POST https://api.ankasecure.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "your-username",
    "password": "your-password",
    "tenantId": "your-tenant-id"
  }'

Response:

{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600,
  "refreshToken": "..."
}

2. Use Token (valid for 1 hour):

export TOKEN="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."

curl https://api.ankasecure.com/api/v1/crypto/encrypt \
  -H "Authorization: Bearer $TOKEN" \
  -H "X-Tenant-ID: your-tenant-id"

Network Configuration

Firewall Requirements

Outbound HTTPS (from your application/server):

Destination: api.ankasecure.com
Port: 443 (HTTPS)
Protocol: TCP
TLS: 1.2 or higher

Allow List:

*.ankasecure.com    # API and Console endpoints

Proxy Configuration

If your network uses an HTTP proxy:

SDK (Java) - Set JVM properties:

java -Dhttps.proxyHost=proxy.example.com \
     -Dhttps.proxyPort=8080 \
     -jar your-application.jar

CLI - Set environment variables:

export HTTPS_PROXY=http://proxy.example.com:8080
ankasecure-cli key list

REST API - curl proxy:

curl -x http://proxy.example.com:8080 \
  https://api.ankasecure.com/api/v1/public/health

Security Best Practices

API Key Management

✅ DO:

Store API keys in environment variables or secret managers
Use separate keys for development, staging, and production
Rotate keys periodically (every 90 days recommended)
Restrict key permissions to minimum required

❌ DON'T:

Hardcode API keys in source code
Commit API keys to version control (Git, SVN)
Share API keys via email or chat
Use production keys in development environments

Example (Environment Variables):

# .env file (add to .gitignore)
ANKASECURE_API_KEY=ask_1234567890abcdef...
ANKASECURE_TENANT_ID=your-tenant-id
ANKASECURE_BASE_URL=https://api.ankasecure.com

Load in Application:

String apiKey = System.getenv("ANKASECURE_API_KEY");
String tenantId = System.getenv("ANKASECURE_TENANT_ID");

Certificate Validation

Always validate TLS certificates:

SDK: Certificate validation is enabled by default (do not disable).

CLI: Runs with certificate validation enabled.

REST API:

# ✅ CORRECT (validates certificates)
curl https://api.ankasecure.com/...

# ❌ INCORRECT (skips validation - INSECURE)
curl -k https://api.ankasecure.com/...  # Never use -k in production

Testing Your Setup

1. Verify Connectivity

curl -I https://api.ankasecure.com/api/v1/public/health

# Expected: HTTP/2 200

2. Authenticate

API Key:

curl https://api.ankasecure.com/api/v1/key-management/keys \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

# Expected: JSON list of keys (or empty array if no keys yet)

JWT:

curl -X POST https://api.ankasecure.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username":"YOUR_USER","password":"YOUR_PASS","tenantId":"YOUR_TENANT"}'

# Expected: { "token": "...", "expiresIn": 3600 }

3. Generate a Test Key

curl -X POST https://api.ankasecure.com/api/v1/key-management/keys \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{"algorithm":"ML-KEM-768","keyId":"test-setup-key"}'

# Expected: { "keyId": "test-setup-key", "status": "ACTIVE", ... }

✅ Success: If you receive a 200 OK response, your environment is ready!

Troubleshooting

Connection Refused

Symptom: curl: (7) Failed to connect to api.ankasecure.com port 443

Solutions:

Check firewall allows outbound HTTPS (port 443)
Verify DNS resolves api.ankasecure.com:
```
nslookup api.ankasecure.com
```
Test with proxy if behind corporate firewall

Authentication Failed (401 Unauthorized)

Symptom: {"error":"AUTH_001","message":"Token validation failed"}

Solutions:

Verify API key is correct (copy from Admin Console)
Check X-Tenant-ID header matches your tenant
Ensure API key is active (not revoked or expired)
For JWT: Check token hasn't expired (1-hour lifetime)

Certificate Verification Failed

Symptom: SSL certificate problem: unable to get local issuer certificate

Solutions: - Update CA certificates:

# Ubuntu/Debian
sudo apt-get update && sudo apt-get install ca-certificates

# CentOS/RHEL
sudo yum update ca-certificates

- For Java: Update JRE/JDK to latest version - Check system time is correct (certificate validation is time-sensitive)

Rate Limit Exceeded (429 Too Many Requests)

Symptom: {"error":"RATE_001","message":"Rate limit exceeded"}

Solutions:

Review X-RateLimit-Remaining header in responses
Implement exponential backoff in your application
Contact support to increase rate limit for your tenant

For more help, see: - Common Errors - API Error Reference

Next Steps

Environment ready? Continue with:

Quick Start Guide - Your first encryption in <10 minutes
SDK Integration - Deep dive into Java SDK
CLI Commands - Complete CLI reference
API Endpoints - Full REST API documentation

Documentation Version: 3.0.0

Last Updated: 2025-12-26