API authentication

Authenticate API requests with Bearer tokens and scoped API keys.

Overview

The invoicesparser.com REST API uses Bearer token authentication. Every request must include an Authorization header with a valid API key. Keys are created from the API Keys dashboard and are only shown once at creation time.

API key format

All keys are prefixed with ip_ followed by 64 random hex characters (256 bits of entropy). Only the first 10 characters are stored and shown in the dashboard for identification.

ip_a1b2c3d4e5f6...  ← full key (shown once at creation)
ip_a1b2c3d4e5  ← prefix shown in dashboard

Making authenticated requests

Pass the full key in the Authorization header:

curl https://invoicesparser.com/api/v1/workspaces/{workspaceId}/invoices \
  -H "Authorization: Bearer ip_your_api_key_here"

In JavaScript / TypeScript:

const res = await fetch(
  `https://invoicesparser.com/api/v1/workspaces/${workspaceId}/invoices`,
  {
    headers: {
      Authorization: `Bearer ${process.env.INVOICESPARSER_API_KEY}`,
    },
  }
);
const { data } = await res.json();

Scopes

API keys carry one or more scopes that limit what they can do. Assign the minimum scopes required.

Scope	Allowed operations
`invoices:read`	List invoices, get invoice details, download files
`invoices:write`	Upload invoices, edit fields, approve, delete
`exports:read`	List and download exports
`exports:write`	Create new exports

Base URL and workspace ID

All resource endpoints are scoped to a workspace. Your workspace ID is visible in the URL when you are logged into the dashboard (/dashboard), or returned by GET /api/v1/workspaces.

# Base pattern
https://invoicesparser.com/api/v1/workspaces/{workspaceId}/{resource}

# List invoices
GET /api/v1/workspaces/{workspaceId}/invoices

# Upload an invoice
POST /api/v1/workspaces/{workspaceId}/invoices/upload

# Get a single invoice
GET /api/v1/workspaces/{workspaceId}/invoices/{invoiceId}

Error responses

All errors follow the same JSON envelope:

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required."
  }
}

HTTP status	Code	Meaning
401	`UNAUTHORIZED`	Missing or invalid API key
403	`FORBIDDEN`	Key lacks the required scope, or plan does not include API access
404	`NOT_FOUND`	Resource does not exist or belongs to a different workspace
429	`RATE_LIMITED`	Too many requests — back off and retry
422	`VALIDATION_ERROR`	Request body failed validation — see details field

← All docs Questions? Contact us →