Authentication
All API requests require authentication via an API key sent as a Bearer token in the Authorization header.
API Keys
API keys identify your account and track usage against your plan limits. Each key has full access to your account's API capabilities.
Creating an API Key
Generate API keys from your dashboard. You can create multiple keys and revoke them individually at any time.
Using Your API Key
Include your API key in the Authorization header of every request:
cURL
curl -X POST https://api.parse.conversiontools.io/v1/extract \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "file=@document.pdf"Python
import requests
headers = {
"Authorization": "Bearer YOUR_API_KEY"
}
with open("document.pdf", "rb") as f:
response = requests.post(
"https://api.parse.conversiontools.io/v1/extract",
headers=headers,
files={"file": f}
)
print(response.json())Node.js
const fs = require("fs");
const form = new FormData();
form.append("file", fs.createReadStream("document.pdf"));
const response = await fetch("https://api.parse.conversiontools.io/v1/extract", {
method: "POST",
headers: {
"Authorization": "Bearer YOUR_API_KEY",
},
body: form,
});
const result = await response.json();
console.log(result);Error Responses
401 Unauthorized
Returned when the API key is missing or invalid.
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
}403 Forbidden
Returned when the API key is valid but lacks permission for the requested resource.
{
"success": false,
"error": {
"code": "FORBIDDEN",
"message": "API key does not have access to this resource"
}
}Security Best Practices
- Store API keys in environment variables, never in source code
- Never commit API keys to version control (add them to .gitignore)
- Use separate API keys for development and production
- Rotate keys periodically and revoke any that may have been exposed
- Never expose API keys in client-side code — always call the API from your server