Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.trueparser.com/llms.txt

Use this file to discover all available pages before exploring further.

TrueParser separates human dashboard access from machine access used by tenant apps and the Demo UI.

Authentication Model

There are two main authentication paths:
  1. dashboard sign-in for tenant users
  2. machine-to-machine token issuance for tenant apps

1. Dashboard Sign-In

The dashboard is used to manage tenants, apps, plans, storage, and billing.
  • URL: https://dashboard.trueparser.com
  • Users: tenant users
  • Current host setup: Google authentication is configured in the host
This is the management side of the control plane.

2. Machine Access For Tenant Apps

Backend services and the Demo UI authenticate by exchanging app credentials for an access token.
  • Token endpoint: https://admin-api.trueparser.com/connect/token
  • Identity: tenant application
  • Credentials: client_id and client_secret
  • Flow: OAuth 2.0 client_credentials

Requesting A Token

curl -X POST https://admin-api.trueparser.com/connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=TrueParser.API"

Access Token Lifetime

The access token lifetime is configured to 15 minutes.
A 15-minute access token should not be a bottleneck for M2M clients if your backend caches the token and renews it close to expiry. The usual anti-pattern is requesting a new token for every API call.

Token Claims

For tenant apps, the access token is enriched with claims from tenant and app metadata. Common claims include:
  • sub
  • tenantid
  • appId
  • licenseRegionCode
  • dbCode
  • allowed_domain_1, allowed_domain_2, allowed_domain_3
  • entitlements when a usable plan is assigned
Example: 
{
  "iss": "https://admin-api.trueparser.com",
  "sub": "your_client_id",
  "tenantid": "3f9a6c6e-...",
  "appId": "7b1c0d8c-...",
  "licenseRegionCode": "aws-us-east-1",
  "dbCode": "region-db-code",
  "allowed_domain_1": "localhost:3000",
  "entitlements": {
    "maxDocumentUnitsPerMonth": 1000,
    "advancedPdfExtraction": false,
    "ocrPdfExtraction": false
  }
}

What Is Required For Token Issuance

For tenant apps, token issuance depends on app and tenant state.
  • the app must exist
  • the app must be enabled
  • the tenant must be active
  • the app must have a license region
  • the app must have a stamped database code

Plan Impact On Tokens

Plan assignment affects the entitlements claim.
  • no plan assigned: token issuance can still succeed, but entitlements is omitted
  • usable plan assigned: token includes entitlements
  • retired plan assigned: token issuance is blocked
Last modified on April 28, 2026