Skip to main content

Documentation Index

Fetch the complete documentation index at: https://casparser.in/docs/llms.txt

Use this file to discover all available pages before exploring further.

Data Handling

AspectPolicy
Data RetentionPDFs deleted immediately after parsing
Password StorageNever stored — used only for decryption
Response StorageNot stored — returned directly to you
LogsRequest metadata only (no PII)
CAS Parser is a stateless parsing service. We process your PDFs and return structured data — we don’t store portfolios.

Infrastructure

FeatureDetails
HostingIndia-based infrastructure (DigitalOcean Bangalore)
EncryptionTLS 1.3 in transit, AES-256 at rest
NetworkPrivate VPC, no public database access
Monitoring24/7 uptime monitoring

Fraud Prevention

CAS Parser includes built-in tamper detection:
  • Rejects scanned PDFs — Only original digital documents accepted
  • Detects modifications — Tampered PDFs are rejected
  • Validates signatures — Checks PDF digital signatures when present
This makes CAS Parser suitable for credit underwriting and KYC workflows where document authenticity matters.

API Security

Authentication

All API requests require an x-api-key header: 
curl -H "x-api-key: YOUR_API_KEY" https://api.casparser.in/v1/credits

Access Tokens

For frontend/SDK use, generate short-lived access tokens: 
# Backend
response = requests.post(
    "https://api.casparser.in/v1/token",
    headers={"x-api-key": "YOUR_API_KEY"},
    json={"expiry_minutes": 30}
)
access_token = response.json()["access_token"]  # at_xxx

# Frontend can use this token safely
Access tokens:
  • Cannot generate other tokens
  • Cannot access billing/usage endpoints
  • Expire automatically
  • Can be revoked

IP Whitelisting

Enterprise plans support IP whitelisting. Contact support to configure.

Compliance

StandardStatus
DPDPACompliant (India Data Protection)
Google CASACertified (External security audit)
SOC 2Planned
ISO 27001Planned

Gmail Inbox Security

For Gmail import:
FeatureDetails
ScopeRead-only (cannot send emails)
OAuthStandard Google OAuth 2.0
Token StorageEncrypted server-side
RevocationUser can revoke via /v4/inbox/disconnect

Reporting Vulnerabilities

Found a security issue? Email security@casparser.in. We respond to reports within 24 hours and follow responsible disclosure practices.

Questions?

Contact Support

Reach out for security questions