> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parse.bot/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Get an API key and authenticate your requests

Parse has two ways to authenticate, depending on how you're connecting:

* **API key** — for REST calls, scripts, and backends. (This page.)
* **OAuth** — for MCP clients like Claude Code and Cursor, which handle login for you. (See [MCP Server](/mcp).)

## Get an API key

API keys are created in the dashboard — you can't mint one over the API (creating a key requires a logged-in session, not another key).

1. Log in to [parse.bot](https://parse.bot)
2. Go to **Settings → API Keys**
3. Click **Create key**, give it a name (e.g. `production`, `laptop`, `ci`), and optionally set an expiry
4. **Copy the key immediately** — the full value is shown only once

You can create as many keys as you like — one per app or environment is good practice, so you can revoke a single key without disrupting the others. Every key starts with the prefix `pmx_`.

<Note>
  Treat keys like passwords. Store them in a secret manager or environment variable, never in source control. If a key leaks, revoke it in the dashboard and create a new one — revoking is instant.
</Note>

## Use your key

Send the key in the `X-API-Key` header on every request:

```bash theme={null}
curl https://api.parse.bot/dispatch/tasks \
  -H "X-API-Key: pmx_your_key_here"
```

As an alternative, you can pass it as a bearer token — useful with HTTP clients that have first-class `Authorization` support:

```bash theme={null}
curl https://api.parse.bot/dispatch/tasks \
  -H "Authorization: Bearer pmx_your_key_here"
```

Both are equivalent. If you send both headers, `X-API-Key` wins.

### What needs a key

| Surface                                                          | Auth                            |
| ---------------------------------------------------------------- | ------------------------------- |
| `GET /marketplace/*`                                             | **None** — public search/browse |
| `POST /dispatch`, `GET /dispatch/tasks`, revise, export, updates | API key                         |
| `POST /scraper/{id}/{endpoint}` (execution)                      | API key                         |
| `POST /mcp`                                                      | OAuth **or** API key            |

## MCP clients

If your MCP client supports OAuth (Claude Code, Cursor, Claude Desktop), you don't need a key at all — just point it at the server and it opens a browser login:

```json theme={null}
{
  "mcpServers": {
    "parse": { "url": "https://api.parse.bot/mcp" }
  }
}
```

For clients without OAuth, pass your key in headers instead:

```json theme={null}
{
  "mcpServers": {
    "parse": {
      "url": "https://api.parse.bot/mcp",
      "headers": { "X-API-Key": "pmx_your_key_here" }
    }
  }
}
```

Full setup and the OAuth flow details are in the [MCP Server](/mcp) guide.

## Troubleshooting auth

* **`401 Unauthorized`** — the key is missing, malformed, expired, or revoked. The header *name* is case-insensitive (`X-API-Key`, `x-api-key`, `X-Api-Key` all work), but the key *value* is case-sensitive and must start with `pmx_`. Watch for stray quotes or whitespace around the value.
* **`404 Not Found`** — make sure you're hitting `https://api.parse.bot` and the exact path (e.g. `/dispatch`, not `/api/dispatch`).

See [Errors & Troubleshooting](/errors) for the full reference.
