> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parcha.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your requests to the Parcha API

Parcha API uses bearer token authentication for all endpoints. This method provides a secure way to authenticate your requests and access our API services.

## Obtaining an API Key

Before you can start using the Parcha API, you need to obtain an API key. Follow these steps:

1. Sign up for a Parcha account at [https://app.parcha.ai](https://app.parcha.ai).
2. Once logged in, navigate to the API Keys section in your account settings.
3. Generate a new API key.

<Warning>
  Store your API key securely. It won't be displayed again after generation. If you lose it, you'll need to generate a new one.
</Warning>

## Using Your API Key

To authenticate your requests, include your API key in the Authorization header as a Bearer token:

```http theme={null}
Authorization: Bearer YOUR_API_KEY
```

Replace `YOUR_API_KEY` with your actual Parcha API key.

## API Request Examples

Here are examples of how to include the bearer token in API requests using various programming languages:

<Note>
  You also need your **agent key** which identifies which agent to use. Find your agent key in the Parcha dashboard under your agent's settings, or in the "Test API Integration" dialog.
</Note>

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST 'https://api.parcha.ai/api/v1/startKYBAgentJob' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "agent_key": "your-kyb-agent-key",
    "kyb_schema": {
      "id": "parcha-demo-case-001",
      "self_attested_data": {
        "business_name": "Acme Corp",
        "website": "https://www.acmecorp.com"
      }
    }
  }'
  ```

  ```python Python theme={null}
  import requests

  api_key = 'YOUR_API_KEY'
  url = 'https://api.parcha.ai/api/v1/startKYBAgentJob'

  headers = {
      'Authorization': f'Bearer {api_key}',
      'Content-Type': 'application/json'
  }

  data = {
      'agent_key': 'your-kyb-agent-key',  # Replace with your actual agent key
      'kyb_schema': {
          'id': 'parcha-demo-case-001',
          'self_attested_data': {
              'business_name': 'Acme Corp',
              'website': 'https://www.acmecorp.com'
          }
      }
  }

  response = requests.post(url, json=data, headers=headers)
  print(response.json())
  ```

  ```typescript TypeScript theme={null}
  import axios from 'axios';

  const apiKey = 'YOUR_API_KEY';
  const url = 'https://api.parcha.ai/api/v1/startKYBAgentJob';

  const data = {
    agent_key: 'your-kyb-agent-key',  // Replace with your actual agent key
    kyb_schema: {
      id: 'parcha-demo-case-001',
      self_attested_data: {
        business_name: 'Acme Corp',
        website: 'https://www.acmecorp.com'
      }
    }
  };

  axios.post(url, data, {
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json'
    }
  })
  .then(response => console.log(response.data))
  .catch(error => console.error('Error:', error));
  ```
</CodeGroup>

## Error Handling

If you provide an invalid or expired API key, you'll receive a 401 Unauthorized response. Here's an example of what this might look like:

```json theme={null}
{
  "error": "Unauthorized",
  "message": "Invalid API key provided"
}
```

If you encounter this error, double-check that you're using the correct API key and that it hasn't been revoked or expired.

## API Key Best Practices

To ensure the security of your Parcha account and data, follow these best practices:

1. **Keep it secret**: Never share your API key publicly or with unauthorized parties.
2. **Use environment variables**: Store your API key in environment variables rather than hardcoding it in your application.
3. **Rotate regularly**: Periodically generate new API keys and update your applications to use the new keys.
4. **Limit exposure**: Use different API keys for different environments (development, staging, production) to limit the impact of a compromised key.
5. **Monitor usage**: Regularly review your API usage logs to detect any unauthorized access or unusual activity.
6. **Least privilege**: If possible, use scoped API keys that only have the permissions necessary for the specific tasks they need to perform.
7. **Secure transmission**: Always use HTTPS when making API requests to ensure your API key is transmitted securely.

## Revoking API Keys

If you suspect that an API key has been compromised, you should immediately revoke it:

1. Log in to your Parcha account.
2. Navigate to the API Keys section in your account settings.
3. Find the compromised key and click the "Revoke" or "Delete" button.
4. Generate a new API key to replace the revoked one.
5. Update all your applications and scripts to use the new API key.

By following these authentication guidelines and best practices, you'll be able to securely access and utilize the full power of the Parcha API for your KYB and KYC processes.
