What does the Anthropic API Key regex match?

Matches an Anthropic Claude API key: sk-ant- prefix + alphanumeric.

Is the Anthropic API Key regex ReDoS-safe?

Yes. Verified through static analysis: no ambiguous alternations or nested quantifiers that could trigger exponential backtracking.

How do I use this regex in javascript?

// No imports required — RegExp is built into JavaScript const regex = /^sk-ant-[A-Za-z0-9_\-]{32,128}$/; const isValid = regex.test(input);

Security/API Keys & Tokens

Verified Safe

Anthropic API Key Regex for JavaScript

/^sk-ant-[A-Za-z0-9_\-]{32,128}$/

What this pattern does

This page provides a well-structured, multi-part regular expression for matching anthropic api key, ported and verified for JavaScript. In security-sensitive code, using an unverified regex can open the door to both false positives and denial-of-service attacks. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// Anthropic API Key
// ReDoS-safe | RegexVault — Security > API Keys & Tokens

const anthropicApiKeyRegex = /^sk-ant-[A-Za-z0-9_\-]{32,128}$/;

function validateAnthropicApiKey(input: string): boolean {
  return anthropicApiKeyRegex.test(input);
}

// Example
console.log(validateAnthropicApiKey("sk-ant-api03-aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789aBcDe")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`sk-ant-api03-aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789aBcDe`	`sk-ant-short`
`sk-ant-aBcDeFgHiJkLmNoPqRsTuVwXyZ012345`	`ant-api03-aBcDeFgHiJkLmNoPqRsTuVwXyZ`
—	`sk_ant_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789`

When to use this pattern

This pattern is drawn from the Security > API Keys & Tokens category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

API keys in public repos lead to unauthorized API usage charged to your account. Store in environment variables, not code. Monitor usage in the Anthropic Console for anomalies.

Technical Notes

Anthropic API keys use the sk-ant- prefix. Scoped to the organization. If leaked, immediately rotate at console.anthropic.com. Fine-grained API key scopes are available in the Anthropic Console.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern