Authentication & Access
Enable the API, get your API key, set up authentication, and manage security.
Getting started
Go to your Account → API access. Click "Enable API" to mint a long-lived key.
Your key starts with upc_live_ and is unique to your account. You'll receive 50 free credits to get started.
Keep your key safe.
Never commit keys to repos or expose them in client-side code. Rotate keys immediately if they're compromised. Old keys are revoked when you rotate.
Authentication
Include this header with every API call:
Authorization: Bearer upc_live_xxx
Replace upc_live_xxx with your actual API key.
https://extraction-api.upcaret.com
Every response includes a requestId for tracing requests through logs.
Supported formats
Images: JPEG, PNG
Documents: PDF
You can send files via URL (fileUrl) or as base64-encoded content (fileBase64).
The Parse endpoint is optimized for receipts and invoices and supports images and PDFs. The Deskew endpoint works on image files only (JPEG, PNG). Parse automatically deskews images before processing, or you can call Deskew separately for preprocessing.
Key management
Visit Account → API access and click "Rotate" to generate a new key. The old key is revoked immediately and stops working.
If you think your key is exposed, rotate it right away. All compromised requests will be denied.
- ✓ Store keys in environment variables or secure vaults
- ✓ Rotate keys regularly or after any suspected exposure
- ✓ Use one key per environment (dev, staging, production)
- ✓ Never share keys via chat, email, or public channels
- ✗ Don't hardcode keys in source code
- ✗ Don't expose keys in client-side applications
Errors & debugging
requestId to trace issues.API errors return consistent JSON responses:
{
"error": "Unauthorized",
"requestId": "7b4b44b0-34c2-4e65-8b65-6fe7c7d8e1a2"
}Include the requestId when contacting support. It helps us track down issues quickly.
Need help?
Questions about access, keys, or authentication? Reach out anytime.