Authentication

This section covers how to authenticate requests to the ParseSphere API and manage your API keys.

API Key Authentication

All API requests must include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer sk_your_api_key

Keep Your Keys Safe

API keys grant full access to your account. Store them in environment variables and never commit them to source control.

API keys work well for server-to-server communication. Generate and revoke keys through the API endpoints below or the dashboard.

Managing API Keys

Create an API Key

Generate a new API key for your account:

POST/v1/api-keys

Create a new API key with an optional name

bash

curl -X POST https://api.parsesphere.com/v1/api-keys \
-H "Authorization: Bearer sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
  "name": "Production API Key"
}'

Save Your Key Immediately

The full API key is only shown once during creation. Store it securely - you won't be able to retrieve it again.

List API Keys

View all API keys associated with your account:

GET/v1/api-keys

List all API keys (redacted for security)

bash

curl -X GET https://api.parsesphere.com/v1/api-keys \
-H "Authorization: Bearer sk_your_api_key"

Information

For security, full API keys are never returned by the API. Only the key prefix is shown for identification.

Revoke an API Key

Delete an API key to prevent further use:

DELETE/v1/api-keys/{api_key_id}

Revoke an API key by its ID

bash

curl -X DELETE https://api.parsesphere.com/v1/api-keys/550e8400-e29b-41d4-a716-446655440000 \
-H "Authorization: Bearer sk_your_api_key"

Warning

Revoking an API key is immediate and irreversible. Any applications using that key will lose access.

Best Practices

Environment Variables

Store API keys in environment variables:

bash

export PARSESPHERE_API_KEY="sk_your_api_key"

# Use in requests
curl -H "Authorization: Bearer $PARSESPHERE_API_KEY" \
https://api.parsesphere.com/v1/parses

Key Rotation

Regularly rotate API keys for enhanced security:

Create a new API key
Update your application to use the new key
Monitor for any requests still using the old key
Revoke the old key after confirming the migration

Monitoring Usage

Track API key usage through the dashboard:

View last used timestamp for each key
Monitor request counts and rate limits
Detect unusual activity patterns
Revoke compromised keys immediately

What's Next?

Now that you understand authentication, explore these topics:

Quick Start - Make your first API call
Document Parsing - Learn about parsing options
Rate Limits - Understand API quotas
Error Handling - Handle authentication errors