> ## Documentation Index > Fetch the complete documentation index at: https://casparser.in/docs/llms.txt > Use this file to discover all available pages before exploring further. # List Files Received > Retrieve CAS files forwarded to this inbound email. Available for every inbound email, regardless of whether a `callback_url` was set — use it to avoid building a webhook consumer, to poll alongside a webhook, or to replay missed webhook deliveries. Pass the `cursor` from the previous response as `since` to receive only new files. ## OpenAPI ````yaml /api-reference/openapi.yaml get /v4/inbound-email/{inbound_email_id}/files openapi: 3.1.0 info: title: CAS Parser - Track Portfolios from CDSL, NSDL, CAMS, KFintech description: >- API for parsing and analyzing CAS (Consolidated Account Statement) PDF files from NSDL, CDSL, and CAMS/KFintech, with a unified response format version: 4.0.0 contact: name: Sameer Kumar email: sameer@casparser.in servers: - url: https://api.casparser.in description: Production server - url: https://portfolio-parser.api.casparser.in description: Legacy production server (still supported) - url: http://localhost:5000 description: Local development server security: [] tags: - name: CAS Parser description: Endpoints for parsing CAS PDF files from different sources. - name: CAS Generator description: Endpoints for generating new CAS documents via email mailback (KFintech). - name: CAS Fetch description: | Endpoints for fetching CAS documents with instant download. Currently supports CDSL via OTP authentication. - name: Email Import description: > Endpoints for importing CAS files directly from user email inboxes. **Supported Providers:** Gmail (more coming soon) **How it works:** 1. Call `POST /v4/inbox/connect` to get an OAuth URL 2. Redirect user to the OAuth URL for consent 3. User is redirected back to your `redirect_uri` with an encrypted `inbox_token` 4. Use the token to list/fetch CAS files from their inbox (`/v4/inbox/cas`) 5. Files are uploaded to temporary cloud storage (URLs expire in 24 hours) **Security:** - Read-only access (we cannot send emails) - Tokens are encrypted with server-side secret - User can revoke access anytime via `/v4/inbox/disconnect` - name: Inbound Email description: > Create dedicated inbound email addresses for investors to forward their CAS statements. **Use Case:** Your app wants to collect CAS statements from users without requiring OAuth or file upload. **How it works:** 1. Call `POST /v4/inbound-email` to create a unique inbound email address 2. Display this email to your user: "Forward your CAS statement to ie_xxx@import.casparser.in" 3. When user forwards a CAS email, we verify sender authenticity (SPF/DKIM) and call your webhook 4. Your webhook receives email metadata + attachment download URLs **Sender Validation:** - Only emails from verified CAS authorities are processed: - CDSL: `eCAS@cdslstatement.com` - NSDL: `NSDL-CAS@nsdl.co.in` - CAMS: `donotreply@camsonline.com` - KFintech: `samfS@kfintech.com` - Emails failing SPF/DKIM/DMARC are rejected - Forwarded emails must contain the original sender in headers **Billing:** 0.2 credits per successfully processed valid email - name: Contract Note Parser description: >- Endpoints for parsing Contract Note PDF files from various SEBI brokers like Zerodha, Groww, Upstox, ICICI etc. - name: Authorization description: | Endpoints for checking API quota and credits usage. These endpoints help you monitor your API usage and remaining quota. - name: Portfolio Connect description: > Endpoints for managing access tokens for the Portfolio Connect SDK. Use these to generate short-lived `at_` prefixed tokens that can be safely passed to frontend applications. Access tokens can be used in place of API keys on all v4 endpoints. - name: Agent Auth description: > Endpoints for coding agents to obtain API keys via a browser-based approval flow. **How it works:** 1. Agent generates a random token locally (e.g. `openssl rand -hex 32`). No API call needed. 2. Agent asks the user to open `https://app.casparser.in/agent-auth?token=&client_name=` 3. User signs in via the browser and clicks Approve. 4. Agent polls `GET /v1/agent-auth/token/{token}` every 5 seconds until the key is delivered. **Security:** - Token must be 16-128 characters (recommended: 64 hex chars / 256 bits) - Approved keys are delivered once (one-shot) and then deleted - Tokens expire after 10 minutes if not approved - name: KYC description: > Endpoints for verifying KYC (Know Your Customer) status of Indian investors. **Data source:** CVL KRA public inquiry portal (cvlkra.com), which aggregates records from all five SEBI-registered KRAs: CVL, NDML, CAMS, Karvy, and KFin. **Status normalization:** Raw CVL portal strings are normalized into clean enums. See the `kyc_status` property on `KycPanStatusResponse` for the full list. **Credits:** 0.5 per successful lookup. Failed lookups are not billed. paths: /v4/inbound-email/{inbound_email_id}/files: get: tags: - Inbound Email summary: List Files Received description: | Retrieve CAS files forwarded to this inbound email. Available for every inbound email, regardless of whether a `callback_url` was set — use it to avoid building a webhook consumer, to poll alongside a webhook, or to replay missed webhook deliveries. Pass the `cursor` from the previous response as `since` to receive only new files. operationId: listInboundEmailFiles parameters: - name: inbound_email_id in: path required: true schema: type: string description: Inbound Email ID (e.g., ie_a1b2c3d4e5f6) example: ie_a1b2c3d4e5f6 - name: since in: query required: false schema: type: string format: date-time description: | ISO 8601 timestamp. Only files with `received_at` strictly greater than this value are returned. Use the `cursor` value from the previous response. - name: limit in: query required: false schema: type: integer minimum: 1 maximum: 50 default: 20 description: Maximum files to return. responses: '200': description: Files received at this inbound email since the cursor content: application/json: schema: type: object properties: status: type: string example: success files: type: array description: Files received (sorted oldest-first) items: $ref: '#/components/schemas/ReceivedEmailCASFile' count: type: integer example: 1 cursor: type: - string - 'null' format: date-time description: >- Pass as `since` on the next poll. `null` if no files and no prior cursor. example: '2025-02-21T10:45:12.000123+00:00' '400': description: Malformed query parameters content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': $ref: '#/components/responses/Unauthorized' '404': description: Inbound email not found or expired content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' security: - ApiKeyAuth: [] components: schemas: ReceivedEmailCASFile: description: | A CAS file that has arrived at an inbound email address. Matches `EmailCASFile` plus a `received_at` timestamp used as a monotonic cursor for polling. allOf: - $ref: '#/components/schemas/EmailCASFile' - type: object properties: received_at: type: string format: date-time description: | ISO 8601 timestamp (microsecond precision) when the file was persisted. Use as the `since` cursor on subsequent polls. example: '2025-02-21T10:45:12.000123+00:00' ErrorResponse: type: object required: - status - msg properties: status: type: string description: The status of the error. enum: - failed example: failed msg: type: string description: A descriptive message explaining the error. example: Invalid PDF file or password. EmailCASFile: type: object description: A CAS file found in the user's email inbox properties: message_id: type: string description: >- Unique identifier for the email message (use for subsequent API calls) example: 18d4a2b3c4d5e6f7 filename: type: string description: Standardized filename (provider_YYYYMMDD_uniqueid.pdf) example: cdsl_20250115_a1b2c3d4.pdf original_filename: type: string description: Original attachment filename from the email example: CDSL_CAS_Statement.pdf message_date: type: string format: date description: Date the email was received example: '2025-01-15' cas_type: type: string enum: - cdsl - nsdl - cams - kfintech description: Detected CAS provider based on sender email example: cdsl sender_email: type: string format: email description: >- Email address of the CAS authority (CDSL, NSDL, CAMS, or KFintech) who originally sent this statement example: eCAS@cdslstatement.com size: type: integer description: File size in bytes example: 245000 url: type: string format: uri description: Direct download URL (presigned, expires based on expires_in) example: >- https://cdn.casparser.in/email-cas/user123/cdsl_20250115_a1b2c3d4.pdf expires_in: type: integer description: > URL expiration time in seconds. Defaults vary by source: - Gmail Inbox Import: 86400 (24h) - Inbound Email with `callback_url` set: 172800 (48h) - Inbound Email without `callback_url`: aligned with the session TTL (~30 min) example: 86400 AuthErrorResponse: type: object required: - status - msg properties: status: type: string description: The status of the error. example: error msg: type: string description: A descriptive message explaining the error. example: 'Authentication failed: API key is missing.' responses: Unauthorized: description: Unauthorized. This can happen if the `x-api-key` header is missing. content: application/json: schema: $ref: '#/components/schemas/AuthErrorResponse' example: status: error msg: >- Authentication failed: API key is missing. Please provide a valid API key in the x-api-key header. securitySchemes: ApiKeyAuth: type: apiKey in: header name: x-api-key description: | Your API key for authentication. Use `sandbox-with-json-responses` as Sandbox key. ````