Authentication

All ParseSphere API requests require authentication using an API key.

API Keys

Include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer sk_your_api_key

API keys start with sk_ and are tied to your account (or organization, if you're part of one).

Keep Your Keys Safe

API keys grant access to your account's resources. Store them in environment variables — never commit them to source control.

Getting Your First Key

The easiest way to create an API key is through the dashboard. Log in, go to API Keys, and click "Create Key."

You can also manage keys programmatically using the endpoints below.

Managing API Keys

Create an API Key

POST/v1/api-keys

Create a new API key

bash

curl -X POST https://api.parsesphere.com/v1/api-keys \
-H "Authorization: Bearer sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
  "name": "Production API Key"
}'

Save Your Key Immediately

The full key (in the secret field) is only shown once. Store it somewhere safe — you won't be able to retrieve it again.

List API Keys

GET/v1/api-keys

List all your API keys

bash

curl https://api.parsesphere.com/v1/api-keys \
-H "Authorization: Bearer sk_your_api_key"

Information

For security, only the key prefix is shown. Full keys are never returned after creation.

Revoke an API Key

DELETE/v1/api-keys/{api_key_id}

Revoke an API key

bash

curl -X DELETE https://api.parsesphere.com/v1/api-keys/550e8400-e29b-41d4-a716-446655440000 \
-H "Authorization: Bearer sk_your_api_key"

Warning

Revoking a key is immediate. Any applications using it will lose access right away.

Key Lifecycle

API keys do not expire automatically. A key remains valid until it is explicitly revoked or its owning account is deactivated.

An API key can be in one of these states:

Active (is_active: true): Key can authenticate requests normally
Revoked: Key has been deleted via the DELETE endpoint. Requests return 401 Unauthorized
Account deactivated: The account owning the key has been deactivated. Requests return 403 Forbidden with error_code: "account_deactivated"

Information

If your previously working key starts returning 403, check that your account is in good standing and your subscription is active.

Organization Keys

If you're part of an organization, API keys can be scoped to that organization. This means:

Keys created while in an org context are tied to that organization
They can access workspaces shared within the organization
All org members with appropriate permissions can see and manage org keys

Best Practices

Use Environment Variables

Never hardcode API keys. Store them in environment variables:

bash

export PARSESPHERE_API_KEY="sk_your_api_key"

# Use in requests
curl -H "Authorization: Bearer $PARSESPHERE_API_KEY" \
https://api.parsesphere.com/v1/parses

SDKs Coming Soon

We're working on official Python and TypeScript SDKs to make integration even easier. For now, use any HTTP client.

Rotate Keys Regularly

For production systems, rotate API keys periodically:

Create a new key
Update your application to use the new key
Verify everything works
Revoke the old key

Monitor Usage

Keep an eye on your API keys through the dashboard:

See when each key was last used
Track request counts
Spot unusual activity
Revoke compromised keys immediately

What's Next?

Quick Start — Make your first API call
Document Parsing — Learn about parsing options
Rate Limits — Understand API quotas
Error Handling — Handle authentication errors