Feature · Beta

Authenticated APIs

Some of the most useful data lives behind a login. Parse logs in, keeps the session alive, and reads it for you.

Get started →Read the authenticated APIs docs
POST /scraper/{id}/login
curl -X POST .../scraper/{id}/login \ -H "X-API-Key: pmx_..." \ -d '{ "username": "[email protected]", "password": "••••••••" }'
200 · response
{ "session_id": "550e8400-...", "encryption_key": "gAAAAABk..." }
Session held + re-encrypted for you.
Login endpointEnd-to-end encryptedSession held for youPaid · Beta
How it works

Login and protected endpoints

An authenticated API has a login endpoint that creates a session and protected endpoints that reuse it. Call login once to get a session_id and encryption_key, then pass them to any protected endpoint.

curl -X POST https://api.parse.bot/scraper/{scraper_id}/login \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"username": "[email protected]", "password": "s3cret"}'

# → { "session_id": "550e8400-...", "encryption_key": "gAAAAABk..." }

The session updates automatically after each call — you never track cookies or tokens yourself.

Security

Credentials, encrypted end-to-end

  • Credentials provided during setup are encrypted end-to-end and never stored in plaintext.
  • Session state is encrypted with your key — Parse stores only ciphertext it cannot read without you.
  • The proxy IP used at login is reused for protected calls, so sessions are not invalidated by IP changes.
  • Replay protection and short-lived signed session blobs guard against misuse.
Zero plaintext
Parse stores only ciphertext. Without your encryption key, the session data is unreadable — even to us.
Getting started

Built in the dashboard

Because they handle real credentials, authenticated APIs are created only through the Parse dashboard — not the public API or MCP. They're available on paid plans (in beta), with Enterprise adding white-glove setup for more complex logins. Each account gets one authenticated session per site.

The full request/response reference, session details, and error handling live in the documentation.

High volume or a blocked site?

Some sites are restricted for authenticated actions on self-serve. If you need large-scale authenticated integration or high call volume, book a time with us and we'll set it up with you.

Beta · Responsible use

Authenticated APIs are in beta

Authenticated API creation is experimental. We've taken substantial steps to redact the storage of your credentials and any private data the agent may come into contact with — but this is still early beta, so please read the following before you build one.

Beta disclaimer
  • Use this feature at your own risk, and only with test accounts on sites that hold no sensitive information.
  • Building APIs for protected actions on a site may be against its Terms of Service. In accordance with our own Terms of Service, we take no responsibility for your actions and assume you have checked the TOS of any site you submit to Parse — those sites may ban your accounts or take action against you.
  • Although the agent tries its best to follow your instructions, this is inherently risky and it may perform unintended actions, for which we likewise take no responsibility.

Have questions before you start? Reach out to [email protected].

Build your first API in two minutes.

Describe any site in a sentence. Parse ships a typed REST API and an MCP server — 200 free credits, no card.

Get free API key →Browse the catalog
More features
The marketplace

Thousands of pre-built APIs, free to explore, use, fork, and improve.

Actions on sites

Log in, fill forms, complete bookings — anything a browser can do, as one API call.

Scraping, structured

Turn any page into typed JSON — 100× faster than driving a browser.