Skip to main content

API Keys

All requests to the /v1/extract endpoint require authentication using an API key.

Getting an API Key

  1. Join the waitlist
  2. Once approved, you’ll receive your API key via email
API keys follow the format: pk_ followed by a unique identifier. 
pk_live_xxxxxxxxxxxxxxxxxxxx
Keep your API keys secure. Never expose them in client-side code, public repositories, or logs.

Using Your API Key

Include your API key in the Authorization header as a Bearer token: 
curl -X POST "https://api.parsefy.io/v1/extract" \
  -H "Authorization: Bearer pk_your_api_key" \
  -F "file=@document.pdf" \
  -F 'output_schema={...}'

SDK Configuration

Option 1: Environment Variable (Recommended)
export PARSEFY_API_KEY=pk_your_api_key

from parsefy import Parsefy

# Automatically reads PARSEFY_API_KEY
client = Parsefy()
Option 2: Direct Configuration
from parsefy import Parsefy

client = Parsefy(api_key="pk_your_api_key")

Authentication Errors

401 Unauthorized

Returned when authentication fails: 
{
  "detail": "Invalid or missing API key"
}
Common causes:
  • Missing Authorization header
  • Invalid API key format
  • Revoked or expired API key
  • Typo in the API key

403 Forbidden

Returned for the playground endpoint when the request origin is not allowed: 
{
  "detail": "Origin not allowed"
}

Playground (No Auth)

The /v1/playground endpoint allows testing without an API key, but with restrictions:
  • Rate Limited: 10 credits per day per IP
  • Origin Restricted: Only allowed from authorized domains
The playground is accessible through parsefy.io.
The playground is designed for testing and demos. For production use, always use an API key with the /v1/extract endpoint.

Security Best Practices

Use Environment Variables

Never hardcode API keys. Use environment variables or secrets managers.

Server-Side Only

Make API calls from your backend. Never expose keys in frontend code.

Rotate Regularly

Periodically rotate your API keys, especially if you suspect a leak.

Principle of Least Privilege

Use separate keys for development and production environments.

Example: Secure Backend Setup

# Bad: Hardcoded key
client = Parsefy(api_key="pk_live_xxxxx")

# Good: Environment variable
import os
client = Parsefy(api_key=os.environ["PARSEFY_API_KEY"])

# Better: Auto-load from environment
client = Parsefy()  # Reads PARSEFY_API_KEY automatically

Frontend Architecture

Never call the Parsefy API directly from browser JavaScript. Always proxy through your own backend to keep your API key secure.