All /api/v1 endpoints authenticate with a bearer token:
Authorization: Bearer parable_...
API keys
- Minted in the Parable app under Settings → API (workspace admins), or
provisioned by Parable for you.
- The full token is
parable_ followed by 32 URL-safe random characters.
It is shown once at creation — Parable stores only a SHA-256 hash and
a display prefix.
- Keys are workspace-scoped machine credentials: a key reads all
processed captures in its workspace, independent of member-level
visibility rules.
- Keys can be deleted at any time from the same settings page. Deletion
is immediate and irreversible.
Errors
Failed authentication returns 401 with the standard error envelope:
{
"error": {
"message": "invalid bearer token",
"status": 401
}
}
| Status | Message | Meaning |
|---|
401 | missing bearer token | No Authorization: Bearer header was sent. |
401 | invalid bearer token | Unknown or deleted key. |
Tokens are secrets. Send them only in the Authorization header over HTTPS —
never in URLs, logs, or client-side code. If a token leaks, delete it and mint
a new one.