TrueParser separates human dashboard access from machine access used by tenant apps and the Demo UI.
Authentication Model
There are two main authentication paths:
- dashboard sign-in for tenant users
- machine-to-machine token issuance for tenant apps
1. Dashboard Sign-In
The dashboard is used to manage tenants, apps, plans, storage, and billing.
- URL:
https://dashboard.trueparser.com
- Users: tenant users
- Current host setup: Google authentication is configured in the host
This is the management side of the control plane.
2. Machine Access For Tenant Apps
Backend services and the Demo UI authenticate by exchanging app credentials for an access token.
- Token endpoint:
https://admin-api.trueparser.com/connect/token
- Identity: tenant application
- Credentials:
client_id and client_secret
- Flow: OAuth 2.0
client_credentials
Requesting A Token
curl -X POST https://admin-api.trueparser.com/connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "scope=TrueParser.API"
Access Token Lifetime
The access token lifetime is configured to 15 minutes.
A 15-minute access token should not be a bottleneck for M2M clients if your
backend caches the token and renews it close to expiry. The usual anti-pattern
is requesting a new token for every API call.
Token Claims
For tenant apps, the access token is enriched with claims from tenant and app metadata.
Common claims include:
sub
tenantid
appId
licenseRegionCode
dbCode
allowed_domain_1, allowed_domain_2, allowed_domain_3
entitlements when a usable plan is assigned
Example:
{
"iss": "https://admin-api.trueparser.com",
"sub": "your_client_id",
"tenantid": "3f9a6c6e-...",
"appId": "7b1c0d8c-...",
"licenseRegionCode": "aws-us-east-1",
"dbCode": "region-db-code",
"allowed_domain_1": "localhost:3000",
"entitlements": {
"maxDocumentUnitsPerMonth": 1000,
"advancedPdfExtraction": false,
"ocrPdfExtraction": false
}
}
What Is Required For Token Issuance
For tenant apps, token issuance depends on app and tenant state.
- the app must exist
- the app must be enabled
- the tenant must be active
- the app must have a license region
- the app must have a stamped database code
Plan Impact On Tokens
Plan assignment affects the entitlements claim.
- no plan assigned: token issuance can still succeed, but
entitlements is omitted
- usable plan assigned: token includes
entitlements
- retired plan assigned: token issuance is blocked