> ## Documentation Index > Fetch the complete documentation index at: https://casparser.in/docs/llms.txt > Use this file to discover all available pages before exploring further. # Approve Agent Authorization > Called by the frontend after the user signs in. Verifies the identity token, creates or looks up the user's API key, and stores it against the token for the agent to poll via `GET /v1/agent-auth/token/{token}`. **This endpoint is called by the browser, not by agents directly.** ## OpenAPI ````yaml /api-reference/openapi.yaml post /v1/agent-auth/token/{token}/approve openapi: 3.1.0 info: title: CAS Parser - Track Portfolios from CDSL, NSDL, CAMS, KFintech description: >- API for parsing and analyzing CAS (Consolidated Account Statement) PDF files from NSDL, CDSL, and CAMS/KFintech, with a unified response format version: 4.0.0 contact: name: Sameer Kumar email: sameer@casparser.in servers: - url: https://api.casparser.in description: Production server - url: https://portfolio-parser.api.casparser.in description: Legacy production server (still supported) - url: http://localhost:5000 description: Local development server security: [] tags: - name: CAS Parser description: Endpoints for parsing CAS PDF files from different sources. - name: CAS Generator description: Endpoints for generating new CAS documents via email mailback (KFintech). - name: CAS Fetch description: | Endpoints for fetching CAS documents with instant download. Currently supports CDSL via OTP authentication. - name: Email Import description: > Endpoints for importing CAS files directly from user email inboxes. **Supported Providers:** Gmail (more coming soon) **How it works:** 1. Call `POST /v4/inbox/connect` to get an OAuth URL 2. Redirect user to the OAuth URL for consent 3. User is redirected back to your `redirect_uri` with an encrypted `inbox_token` 4. Use the token to list/fetch CAS files from their inbox (`/v4/inbox/cas`) 5. Files are uploaded to temporary cloud storage (URLs expire in 24 hours) **Security:** - Read-only access (we cannot send emails) - Tokens are encrypted with server-side secret - User can revoke access anytime via `/v4/inbox/disconnect` - name: Inbound Email description: > Create dedicated inbound email addresses for investors to forward their CAS statements. **Use Case:** Your app wants to collect CAS statements from users without requiring OAuth or file upload. **How it works:** 1. Call `POST /v4/inbound-email` to create a unique inbound email address 2. Display this email to your user: "Forward your CAS statement to ie_xxx@import.casparser.in" 3. When user forwards a CAS email, we verify sender authenticity (SPF/DKIM) and call your webhook 4. Your webhook receives email metadata + attachment download URLs **Sender Validation:** - Only emails from verified CAS authorities are processed: - CDSL: `eCAS@cdslstatement.com` - NSDL: `NSDL-CAS@nsdl.co.in` - CAMS: `donotreply@camsonline.com` - KFintech: `samfS@kfintech.com` - Emails failing SPF/DKIM/DMARC are rejected - Forwarded emails must contain the original sender in headers **Billing:** 0.2 credits per successfully processed valid email - name: Contract Note Parser description: >- Endpoints for parsing Contract Note PDF files from various SEBI brokers like Zerodha, Groww, Upstox, ICICI etc. - name: Authorization description: | Endpoints for checking API quota and credits usage. These endpoints help you monitor your API usage and remaining quota. - name: Portfolio Connect description: > Endpoints for managing access tokens for the Portfolio Connect SDK. Use these to generate short-lived `at_` prefixed tokens that can be safely passed to frontend applications. Access tokens can be used in place of API keys on all v4 endpoints. - name: Agent Auth description: > Endpoints for coding agents to obtain API keys via a browser-based approval flow. **How it works:** 1. Agent generates a random token locally (e.g. `openssl rand -hex 32`). No API call needed. 2. Agent asks the user to open `https://app.casparser.in/agent-auth?token=&client_name=` 3. User signs in via the browser and clicks Approve. 4. Agent polls `GET /v1/agent-auth/token/{token}` every 5 seconds until the key is delivered. **Security:** - Token must be 16-128 characters (recommended: 64 hex chars / 256 bits) - Approved keys are delivered once (one-shot) and then deleted - Tokens expire after 10 minutes if not approved - name: KYC description: > Endpoints for verifying KYC (Know Your Customer) status of Indian investors. **Data source:** CVL KRA public inquiry portal (cvlkra.com), which aggregates records from all five SEBI-registered KRAs: CVL, NDML, CAMS, Karvy, and KFin. **Status normalization:** Raw CVL portal strings are normalized into clean enums. See the `kyc_status` property on `KycPanStatusResponse` for the full list. **Credits:** 0.5 per successful lookup. Failed lookups are not billed. paths: /v1/agent-auth/token/{token}/approve: post: tags: - Agent Auth summary: Approve Agent Authorization description: > Called by the frontend after the user signs in. Verifies the identity token, creates or looks up the user's API key, and stores it against the token for the agent to poll via `GET /v1/agent-auth/token/{token}`. **This endpoint is called by the browser, not by agents directly.** operationId: agentAuthApprove parameters: - name: token in: path required: true description: >- The token the agent generated and included in the approval URL. Must be 16-128 characters. schema: type: string minLength: 16 maxLength: 128 example: a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6a7b8c9d0e1f2a3b4c5d6a7b8c9d0e1f2 requestBody: required: true content: application/json: schema: type: object required: - id_token properties: id_token: type: string description: >- Identity token obtained after the user signs in on the approval page client_name: type: string description: >- Name of the agent/application (stored in customer metadata for audit) example: Claude Code responses: '200': description: >- Authorization approved. The API key is now available for the agent to poll. content: application/json: schema: type: object properties: status: type: string example: approved email: type: string example: user@example.com '400': description: Invalid token length or invalid request content: application/json: schema: type: object properties: detail: type: string example: Token must be 16-128 characters '401': description: Invalid or expired identity token content: application/json: schema: type: object properties: detail: type: string example: Invalid identity token '403': description: Unsupported sign-in method content: application/json: schema: type: object properties: detail: type: string example: Unsupported sign-in method '409': description: Token was already approved (only the first approval is accepted) content: application/json: schema: type: object properties: detail: type: string example: Token already approved or storage unavailable ````