# Read-Only API Keys Read-only keys provide a safe way to grant access to your Parasail account for monitoring, reporting, and integration use cases. ## What read-only keys can do A read-only key can call the following Parasail management API endpoints. Full-access keys can call all of these too—read-only keys are restricted to *just* this list, with `GET` only. ### Model catalog View available models, supported hardware, and capability/performance information. | Method | Endpoint | Description | | ------ | ------------------------------- | ---------------------------------------------------------- | | `GET` | `/api/v1/openrouter/models` | List models available via OpenRouter | | `GET` | `/api/v1/dedicated/devices` | List supported hardware (GPU types, etc.) | | `GET` | `/api/v1/dedicated/support` | Check whether a model is supported on dedicated hardware | | `GET` | `/api/v1/dedicated/performance` | Get performance estimates for a model/hardware combination | ### Deployment status Read information about your dedicated deployments. | Method | Endpoint | Description | | ------ | ------------------------------------------- | ------------------------------------ | | `GET` | `/api/v1/dedicated/deployments` | List your deployments | | `GET` | `/api/v1/dedicated/deployments/{id}` | Fetch a specific deployment | | `GET` | `/api/v1/dedicated/deployments/{id}/models` | List models on a specific deployment | ### Billing Read invoices for your account. | Method | Endpoint | Description | | ------ | -------------------------------------- | --------------------------------------- | | `GET` | `/api/v1/billing/invoices` | List invoices | | `GET` | `/api/v1/billing/invoices/current` | Fetch the current (in-progress) invoice | | `GET` | `/api/v1/billing/invoices/{invoiceId}` | Fetch a specific invoice | ## What read-only keys *cannot* do Read-only keys are blocked from: * **Inference**—any call to `/openai/*` or other inference endpoints. Use a full-access key for inference traffic. * **Mutating any resource**—creating, updating, or deleting deployments; rotating keys; changing account settings; etc. * **Any management endpoint not in the list above.** ## Creating a read-only key 1. Open the **API Keys** page in the Parasail web portal. 2. Click **Create API Key**. 3. Under **Access Level**, select **Read-only**. 4. Give the key a name and click **Create**. 5. Copy the key value—it's shown only once. Read-only keys appear in the API Keys list with a **Read-only** badge, so you can tell them apart from full-access keys at a glance. ## Example A read-only key **can** list your dedicated deployments: ```bash curl -H "Authorization: Bearer psk--" \ https://api.parasail.io/api/v1/dedicated/deployments ``` The same key **cannot** create one. A `POST` to the same endpoint returns `403 Forbidden`: ```bash curl -X POST \ -H "Authorization: Bearer psk--" \ -H "Content-Type: application/json" \ https://api.parasail.io/api/v1/dedicated/deployments ``` Response: ```json { "type": "about:blank", "title": "Forbidden", "status": 403, "detail": "This API key is read-only", "instance": "/api/v1/dedicated/deployments" } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parasail.io/parasail-docs/security-and-account-management/read-only-api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.