API Keys
All CAS Parser API requests require authentication via the x-api-key header.
Getting Your API Key
- Sign up at app.casparser.in
- Navigate to Developers → API Keys
- Click Generate API Key
- Copy and store securely
Never expose your API key in client-side code. Use access tokens for frontend applications.
Using API Keys
import requests
response = requests.post(
"https://api.casparser.in/v4/smart/parse",
headers={"x-api-key": "YOUR_API_KEY"},
files={"file": open("cas.pdf", "rb")},
data={"password": "ABCDE1234F"}
)
Access Tokens
For frontend/SDK applications, use short-lived access tokens instead of exposing your API key.
Token Flow
Generate Access Token
Backend (server-side):
import requests
response = requests.post(
"https://api.casparser.in/v1/token",
headers={"x-api-key": "YOUR_API_KEY"},
json={"expiry_minutes": 30}
)
access_token = response.json()["access_token"]
# Returns: at_xxxxxxxxxxxxxxxxxx
// Get token from your backend
const { access_token } = await fetch('/api/casparser/token').then(r => r.json());
// Use token in place of API key
const response = await fetch('https://api.casparser.in/v4/smart/parse', {
method: 'POST',
headers: { 'x-api-key': access_token }, // Use token here
body: formData
});
Token Properties
| Property | Value |
|---|
| Prefix | at_ |
| Max TTL | 60 minutes |
| Scope | All /v4/* endpoints |
| Restrictions | Cannot generate other tokens, cannot access billing |
Verify Token
response = requests.post(
"https://api.casparser.in/v1/token/verify",
headers={"x-api-key": "YOUR_API_KEY"},
json={"access_token": "at_xxx"}
)
data = response.json()
# {"valid": true, "expires_at": "2024-01-15T11:30:00Z"}
Security Best Practices
1. Environment Variables
Never hardcode API keys:
# ❌ Bad
API_KEY = "sk_live_abc123"
# ✅ Good
import os
API_KEY = os.environ.get("CASPARSER_API_KEY")
2. Backend Token Generation
Create a backend endpoint:
# Flask example
from flask import Flask, jsonify
import requests
import os
app = Flask(__name__)
@app.route('/api/casparser/token')
def get_token():
response = requests.post(
'https://api.casparser.in/v1/token',
headers={'x-api-key': os.environ['CASPARSER_API_KEY']},
json={'expiry_minutes': 30}
)
return jsonify(response.json())
3. Rate Limiting
Implement rate limiting on your backend:
from flask_limiter import Limiter
limiter = Limiter(app, default_limits=["60 per minute"])
@app.route('/api/parse')
@limiter.limit("10 per minute")
def parse_cas():
# Your parsing logic
pass
4. HTTPS Only
Always use HTTPS for API requests. The API will reject HTTP requests.
5. Key Rotation
Rotate API keys periodically:
- Generate new API key in dashboard
- Update environment variables
- Deploy updated code
- Delete old API key
Sandbox Key
For testing and development:
sandbox-with-json-responses
- Returns sample data
- No credit consumption
- Rate limited to 10 requests/minute
Troubleshooting
| Error | Cause | Solution |
|---|
401 Unauthorized | Invalid API key | Check key in dashboard |
401 Unauthorized | Missing header | Add x-api-key header |
403 Forbidden | Expired token | Generate new access token |
403 Forbidden | Quota exceeded | Check credits with /v1/credits |
Next Steps
