Overview
All API endpoints require an API key passed as a Bearer token in the Authorization header. There is no OAuth or session-based auth; every request must include a valid key.
Creating an API key
- Log in to the dashboard.
- Navigate to API Keys in the sidebar.
- Click Create key.
- Give the key a descriptive name (e.g.,
production-app, data-pipeline).
- Copy the key immediately. It is only shown once.
Store your API key securely. If you lose it, you will need to create a new one and update all integrations that use it.
Using your API key
Pass your key as a Bearer token in the Authorization header on every request:
curl https://api.buyparceldata.com/parcels/query \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '...'
Security best practices
- Never commit API keys to version control. Use environment variables or a secrets manager.
- Use one key per environment. Keep separate keys for development, staging, and production so you can rotate them independently.
- Rotate keys immediately if you suspect a key has been compromised. Create a new key, update your integrations, then delete the old key from the dashboard.
- Restrict access: only share keys with team members or services that need them.
Rotating a key
- Create a new key in the dashboard.
- Update your integrations to use the new key.
- Verify that requests succeed with the new key.
- Delete the old key from the dashboard.
Error responses
| Status | Meaning |
|---|
401 Unauthorized | No API key was provided, or the key is malformed. |
403 Forbidden | The key is valid but does not have access to the requested resource (e.g., your plan does not include this endpoint). |
{
"detail": "Invalid or missing API key"
}
