Parcha API uses bearer token authentication for all endpoints. This method provides a secure way to authenticate your requests and access our API services.

Obtaining an API Key

Before you can start using the Parcha API, you need to obtain an API key. Follow these steps:
  1. Sign up for a Parcha account at https://app.parcha.ai.
  2. Once logged in, navigate to the API Keys section in your account settings.
  3. Generate a new API key.
Store your API key securely. It won’t be displayed again after generation. If you lose it, you’ll need to generate a new one.

Using Your API Key

To authenticate your requests, include your API key in the Authorization header as a Bearer token: 
Authorization: Bearer YOUR_API_KEY
Replace YOUR_API_KEY with your actual Parcha API key.

API Request Examples

Here are examples of how to include the bearer token in API requests using various programming languages: 
curl -X POST 'https://api.parcha.ai/startKYBAgentJob' \
-H 'Authorization: Bearer YOUR_API_KEY' \
-H 'Content-Type: application/json' \
-d '{
  "agent_key": "public-bdd",
  "kyb_schema": {
    "id": "parcha-demo-case-001",
    "self_attested_data": {
      "business_name": "Acme Corp",
      "website": "https://www.acmecorp.com"
    }
  }
}'

Error Handling

If you provide an invalid or expired API key, you’ll receive a 401 Unauthorized response. Here’s an example of what this might look like: 
{
  "error": "Unauthorized",
  "message": "Invalid API key provided"
}
If you encounter this error, double-check that you’re using the correct API key and that it hasn’t been revoked or expired.

API Key Best Practices

To ensure the security of your Parcha account and data, follow these best practices:
  1. Keep it secret: Never share your API key publicly or with unauthorized parties.
  2. Use environment variables: Store your API key in environment variables rather than hardcoding it in your application.
  3. Rotate regularly: Periodically generate new API keys and update your applications to use the new keys.
  4. Limit exposure: Use different API keys for different environments (development, staging, production) to limit the impact of a compromised key.
  5. Monitor usage: Regularly review your API usage logs to detect any unauthorized access or unusual activity.
  6. Least privilege: If possible, use scoped API keys that only have the permissions necessary for the specific tasks they need to perform.
  7. Secure transmission: Always use HTTPS when making API requests to ensure your API key is transmitted securely.

Revoking API Keys

If you suspect that an API key has been compromised, you should immediately revoke it:
  1. Log in to your Parcha account.
  2. Navigate to the API Keys section in your account settings.
  3. Find the compromised key and click the “Revoke” or “Delete” button.
  4. Generate a new API key to replace the revoked one.
  5. Update all your applications and scripts to use the new API key.
By following these authentication guidelines and best practices, you’ll be able to securely access and utilize the full power of the Parcha API for your KYB and KYC processes.