API Keys All CAS Parser API requests require authentication via the x-api-key header.
Getting Your API Key
Sign up at app.casparser.in
Navigate to Developers → API Keys
Click Generate API Key
Copy and store securely
Never expose your API key in client-side code. Use access tokens for frontend applications.
Using API Keys import requests response = requests.post( "https://api.casparser.in/v4/smart/parse" , headers = { "x-api-key" : "YOUR_API_KEY" }, files = { "file" : open ( "cas.pdf" , "rb" )}, data = { "password" : "ABCDE1234F" } )
Access Tokens For frontend/SDK applications, use short-lived access tokens instead of exposing your API key.
Token Flow Generate Access Token Backend (server-side): import requests response = requests.post( "https://api.casparser.in/v1/token" , headers = { "x-api-key" : "YOUR_API_KEY" }, json = { "expiry_minutes" : 30 } ) access_token = response.json()[ "access_token" ] # Returns: at_xxxxxxxxxxxxxxxxxx
Frontend (client-side): // Get token from your backend const { access_token } = await fetch ( '/api/casparser/token' ). then ( r => r . json ()); // Use token in place of API key const response = await fetch ( 'https://api.casparser.in/v4/smart/parse' , { method: 'POST' , headers: { 'x-api-key' : access_token }, // Use token here body: formData });
Token Properties Property Value Prefix at_Max TTL 60 minutes Scope All /v4/* endpoints Restrictions Cannot generate other tokens, cannot access billing
Verify Token response = requests.post( "https://api.casparser.in/v1/token/verify" , headers = { "x-api-key" : "YOUR_API_KEY" }, json = { "access_token" : "at_xxx" } ) data = response.json() # {"valid": true, "expires_at": "2024-01-15T11:30:00Z"}
Security Best Practices 1. Environment Variables Never hardcode API keys: # ❌ Bad API_KEY = "sk_live_abc123" # ✅ Good import os API_KEY = os.environ.get( "CASPARSER_API_KEY" )
2. Backend Token Generation Create a backend endpoint: # Flask example from flask import Flask, jsonify import requests import os app = Flask( __name__ ) @app.route ( '/api/casparser/token' ) def get_token (): response = requests.post( 'https://api.casparser.in/v1/token' , headers = { 'x-api-key' : os.environ[ 'CASPARSER_API_KEY' ]}, json = { 'expiry_minutes' : 30 } ) return jsonify(response.json())
3. Rate Limiting Implement rate limiting on your backend:
from flask_limiter import Limiter limiter = Limiter(app, default_limits = [ "60 per minute" ]) @app.route ( '/api/parse' ) @limiter.limit ( "10 per minute" ) def parse_cas (): # Your parsing logic pass
4. HTTPS Only Always use HTTPS for API requests. The API will reject HTTP requests.
5. Key Rotation Rotate API keys periodically:
Generate new API key in dashboard
Update environment variables
Deploy updated code
Delete old API key
Sandbox Key For testing and development:
sandbox-with-json-responses
Returns sample data
No credit consumption
Rate limited to 10 requests/minute
Troubleshooting Error Cause Solution 401 UnauthorizedInvalid API key Check key in dashboard 401 UnauthorizedMissing header Add x-api-key header 403 ForbiddenExpired token Generate new access token 403 ForbiddenQuota exceeded Check credits with /v1/credits
Next Steps
Quickstart Make your first API call
Error Handling Handle authentication errors
