> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parable.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Workspace API keys and how to use them

All `/api/v1` endpoints authenticate with a bearer token:

```
Authorization: Bearer parable_...
```

## API keys

* Minted in the Parable app under **Settings → API** (workspace admins), or
  provisioned by Parable for you.
* The full token is `parable_` followed by 32 URL-safe random characters.
  It is shown **once** at creation — Parable stores only a SHA-256 hash and
  a display prefix.
* Keys are **workspace-scoped machine credentials**: a key reads all
  processed captures in its workspace, independent of member-level
  visibility rules.
* Keys can be deleted at any time from the same settings page. Deletion
  is immediate and irreversible.

## Errors

Failed authentication returns `401` with the standard error envelope:

```json theme={null}
{
  "error": {
    "message": "invalid bearer token",
    "status": 401
  }
}
```

| Status | Message                | Meaning                                     |
| ------ | ---------------------- | ------------------------------------------- |
| `401`  | `missing bearer token` | No `Authorization: Bearer` header was sent. |
| `401`  | `invalid bearer token` | Unknown or deleted key.                     |

<Warning>
  Tokens are secrets. Send them only in the `Authorization` header over HTTPS —
  never in URLs, logs, or client-side code. If a token leaks, delete it and mint
  a new one.
</Warning>
