Skip to main content
All /api/v1 endpoints authenticate with a bearer token:
Authorization: Bearer parable_...

API keys

  • Minted in the Parable app under Settings → API (workspace admins), or provisioned by Parable for you.
  • The full token is parable_ followed by 32 URL-safe random characters. It is shown once at creation — Parable stores only a SHA-256 hash and a display prefix.
  • Keys are workspace-scoped machine credentials: a key reads all processed captures in its workspace, independent of member-level visibility rules.
  • Keys can be deleted at any time from the same settings page. Deletion is immediate and irreversible.

Errors

Failed authentication returns 401 with the standard error envelope:
{
  "error": {
    "message": "invalid bearer token",
    "status": 401
  }
}
StatusMessageMeaning
401missing bearer tokenNo Authorization: Bearer header was sent.
401invalid bearer tokenUnknown or deleted key.
Tokens are secrets. Send them only in the Authorization header over HTTPS — never in URLs, logs, or client-side code. If a token leaks, delete it and mint a new one.