The Invaro API uses API keys to authenticate requests. All API requests must be made over HTTPS and include your API key in the Authorization header using Bearer token authentication.

Getting Your API Key

  1. Sign in to your Invaro Dashboard
  2. Navigate to Dashboard > API Keys
  3. Click Generate New API Key
  4. Copy and securely store your API key

Using Your API Key

Authorization Header

All API requests must include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer your_api_key_here

Example Requests

curl -X POST "https://api.invaro.ai/api/v1/parse/upload" \
  -H "Authorization: Bearer your_api_key" \
  -F "files=@statement.pdf"

API Key Best Practices

Security Guidelines

  1. Protect Your API Keys

    • Never expose API keys in client-side code
    • Don’t commit API keys to version control
    • Use environment variables or secure secret management systems
    • Avoid sharing API keys in public forums or documentation

  2. Key Management

    • Generate separate API keys for different environments (development, staging, production)
    • Implement key rotation policies
    • Monitor API key usage through the dashboard
    • Delete unused API keys

  3. Access Control

    • Use the principle of least privilege
    • Assign appropriate permissions to each API key
    • Regularly audit API key access and usage

Implementation Examples

// Using environment variables
require('dotenv').config();

const apiKey = process.env.INVARO_API_KEY;
const headers = {
  'Authorization': `Bearer ${apiKey}`
};

Error Handling

Authentication Errors

Status CodeError CodeDescription
401UNAUTHORIZEDInvalid or missing API key
403FORBIDDENAPI key lacks required permissions

Example Error Response

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key provided",
    "details": "Please check your API key or generate a new one from the dashboard"
  }
}

Rate Limiting

Each API key has its own rate limits. When exceeded, you’ll receive a 429 Too Many Requests response. See our Rate Limits page for detailed information about:

  • Default rate limits
  • Rate limit headers
  • Handling rate limit errors
  • Best practices for staying within limits

Support

If you encounter any authentication issues:

  1. Verify your API key is valid and active in the dashboard
  2. Check our Error Handling Guide
  3. Contact support@invaro.ai for assistance
Error Handling