BrandparserInvite Only

Authentication

API key authentication for the Brandparser API

API Keys

All Brandparser API requests require authentication using an API key.

API Key Format

API keys follow this format:

bp_{environment}_{random_string}
  • bp_prod_ - Production environment keys
  • bp_stag_ - Staging environment keys

Example: bp_prod_xK9mP2nQ4rS6tU8vW0xY

Using Your API Key

Include your API key in the Authorization header as a Bearer token:

curl https://api.brandparser.com/v1/api/brands \
  -H "Authorization: Bearer bp_prod_your_api_key"

Creating API Keys

  1. Log in to your Brandparser dashboard
  2. Go to Settings > API Keys
  3. Click Create API Key
  4. Select the environment (staging or production)
  5. Optionally add a description to identify the key's purpose
  6. Click Create

Your API key is displayed once. Copy it immediately - you won't be able to see it again.

Key Security Best Practices

Do

  • Store API keys in environment variables or a secrets manager
  • Use staging keys for development and testing
  • Rotate keys periodically
  • Use separate keys for different applications

Don't

  • Commit API keys to source control
  • Share keys between team members
  • Expose keys in client-side code
  • Log API keys in application output

Environment Variables

Store your API key in an environment variable:

# .env file (add to .gitignore)
BRANDPARSER_API_KEY=bp_prod_your_api_key

Access it in your code:

// Node.js
const apiKey = process.env.BRANDPARSER_API_KEY;
# Python
import os
api_key = os.environ.get('BRANDPARSER_API_KEY')

Workspace Scope

API keys are scoped to a single workspace. Brands created with a key belong to that workspace and can only be accessed by keys from the same workspace.

Revoking Keys

To revoke an API key:

  1. Go to Settings > API Keys
  2. Find the key you want to revoke
  3. Click the Delete button
  4. Confirm the deletion

Revoked keys immediately stop working. Any applications using that key will receive 401 Unauthenticated responses.

Error Responses

Missing Authorization Header

{
  "error": "Unauthenticated",
  "message": "Missing authentication token"
}

Invalid API Key Format

{
  "error": "Unauthenticated",
  "message": "Invalid API key format"
}

Invalid or Revoked Key

{
  "error": "Unauthenticated",
  "message": "Invalid API key"
}

All authentication errors return HTTP status 401.

Getting Started

Quick start guide for the Brandparser API

Environments

Understanding staging and production environments

On this page

API KeysAPI Key FormatUsing Your API KeyCreating API KeysKey Security Best PracticesDoDon'tEnvironment VariablesWorkspace ScopeRevoking KeysError ResponsesMissing Authorization HeaderInvalid API Key FormatInvalid or Revoked Key