Browse Documentation
- Report
- Overview
- Organizations
- GET Get Organisation
- POST Update Organisation
- Invoices
- POST Create Invoice
- GET Get Invoice
- PUT Update Invoice
- DELETE Delete Invoice
- POST Approve Invoice
- POST Add Attachment
- DELETE Delete Attachment from Invoice
- POST Send Invoice
- POST Pay Invoice
- Purchases
- POST Create Purchase
- GET Get Purchase
- PUT Update Purchase
- DELETE Delete Purchase
- POST Approve Purchase
- POST Add Attachment to Purchase
- DELETE Delete Attachment from Purchase
- POST Pay Purchase
- Pos sales
- GET Get POS Sales
- POST Create POS Sale
- PUT Update POS Sale
- DELETE Delete POS Sale
- POST Add POSSales Payment
- Offers
- POST Create Offer
- GET Get Offer
- PUT Update Offer
- DELETE Delete Offer
- POST Add Attachment to Offer
- DELETE Delete Attachment from Offer
- POST Send Offer
- POST Convert to Invoice
- Items
- POST Create Item
- GET Get Item
- POST Update Item
- POST Add Item Picture
- DELETE Delete Item Picture
- Item categories
- Contacts
- POST Create Contact
- GET Get Contact
- PUT Update Contact
- Account types
- GET Account Types
- Accounts
- POST Create Account
- GET Get Account
- Financial accounts
- Taxes
- POST Create Tax
- GET Get Tax
- Invoice template
- GET Get Template
- POST Update Invoice Template
- POST Upload Template Logo
- POST Create New Invoice Template
- DELETE Delete Invoice Temaplate
- Inbox
- POST Upload Attachment
- GET Get Attachments
- DELETE Delete Attachment
- Payments
- DELETE Delete Payment
- Journals
- GET Get journals
- Banks
- GET List banks
- Team
- POST Create Team Member
- GET List Team Members
- DELETE Remove Team Members
Authentication
Authentication
To interact with Accounteer account, you need to authenticate yourself. Authentication is done by using OAuth, this is the only authentication mechanism available in the Accounteer API. To start with OAuth, you need to register your application, download the client ID and secret and exchange these ids for access tokens which you can use to access our API.
Registration of your Application
Before you can use OAuth2 in our API, you will need to register your Application with Accounteer. Registration allows us to know which app is making a request to authenticate and who the owner of the app is.
To register a new app you can visit our developer page and click on login, you will be redirected to our main app where you can single sign-on and be redirected back to the developer app where you can proceed to create your app.
After your Registration, you will be given Client ID and Client Secret. You will use these tokens to identify your application when requesting access for users.
Scopes
Right now Accounteer allows the authenticated app to have access to the following scopes
Account Invoices Offers Purchases Financial Accounts Items Contacts Taxes Organisation
Authentication
In order to access the API in behave of a user, you need to get an.access token
This token will give you access to the resource belonging to the user in the given scope. During the authentication of your user, Accounteer creates a special API user with access to the administration. All actions performed by your application will be named based on the application you registered.- Authenticating a user consists of the following steps, as prescribed by the OAuth 2.0 protocol:
- 1. In your application, obtain a request token and authorise URL using an Authorization Request:
- You can place a form on your app to request for Authentication code by or you can also leverage the web browser URL to obtain an Authentication code since it's an HTTP GET request.
curl -vv \ 'https://app.accounteer.com/oauth/v2/auth?client_id=26766825788095593&redirect_uri=https://accounteer.com&response_type=code'
- 2 . The response of the HTTP request contains a
Location
header and HTML content pointing towards an authorized URL. Redirect your user to this URL. Accounteer present the user with a login screen, checks all credentials (user should be the owner of the administration) and presents the user with an authorization screen as shown below:
- 3. When the user authorizes your application, Accounteer redirects the user to you provided
redirect URI
in the first step. If you use the redirecturl:https://accounteer.com
URI to indicate that the redirect URI is Out-of-Band, the user will not be redirected. Instead, the code is displayed in the web browser. eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE0ODgyMDM2ODgsImlhdCI6MTQ4ODIwMzY4OCwiZXhwIjoxNDg4MjA3Mjg4LCJidXNpbmVzcyI6MjIsInVzZXIiOjcsImNsaWVudCI6Mn0.ZlPsR3gBTKUgpILD1Bkjf1hiMBqNzWnw9forou_vSY2fd23ogf41JJBAX4IZGHcY_nadI18jwk9wk6EiO-LlSA
4. With the Authentication Code appended to the,redirect URI
you can exchange it for an access token with an Access Token Request:
curl -vv \ -X GET \ -d "client_id=2166825788095593&client_secret=ndzjmzotq0mzfiodjhythhnwjiyzkymzlmmjg2zdcxowe4mmq3mzu0nja0&code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzxMiJ9.eyJuYmYiOjE0ODgyMDc4NjEsImlhdCI6MTQ4ODIwNzg2MSwhwIjoxNDg4MjExNDYxLCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbnQiOjJ9.64p3eQDfOJX48ws9XWF2fxFItJVLD1ORJOQk8DXjqLUq29wf2snXvkeQddgKq7gQ4AIxm_fbLb1tL3OewDQ&redirect_uri=https://accounteer.com&grant_type=authorization_code" \ https://app.accounteer.com/oauth/v2/token
You can run the code above on the terminal to get your access token and refresh token or you can also issue the request in your web browser like below.
https://app.accounteer.com/oauth/v2/token?client_id=2_3166825788095593&client_secret=ndzjmzy1otq0iodjhythhnwjiyzkymzlmmjg2zdcxowe4mmq3mzu0nja0&code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE0ODgyMDc4NjEsImI6MTQ4ODIwNzg2MSwiZXhwIjoxNDg4MjExNDYxLCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbnQiOjJ9.64p3eQDfOJX48ws9XWF2fxFbXfItJVLD1ORJOQk8DXjqLUq29wf2snXvkeQddgKq7gQ4AIxm_fbLbOewDQ&redirect_uri=https://accounteer.com&grant_type=authorization_c
The Authentication code will expire within 1 hour after it's issued, so you will need to use it to request for access token within that time or you can authorise your app again to obtain a new Authorization Code. And if all parameters provided were correct you should receive your access and refresh token like below.
{ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ.JleHAiOjE0OTU4OTM5MjUsIm5iZiI6MTQ4ODIwNzkyNSwiaWF0IjoxNDg4MjA3OTI1LCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbnQiOjJ9.C0gwdXg6P9nE1tA5icoluKHueEo1eCFi0qmgfkbWqHM4IIzGqeKpP6q1C_A-C7wNjz9KRZut61xBM-5A", "expires_in": 3600, "token_type": "bearer", "scope": null, "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUJ9.eyJleHAiOjE0OTU4OTM5MjUsIm5iZiI6MTQ4ODIwNzkyNSwiaWF0IjoxNDg4MjA3OTI1LCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbnQiOjJ9.C0gwdXg6P9nE1tA5icoluKHueEo1eCFi0qmgfkbWqHMPBoSciGqeKpP6q1C_A-C7wNjz9KRZut61xBM-5A" }
If the Authorization code has expired you will receive the below response
{"error": "invalid_grant","error_description": "The authorization code has expired"}
- 5. The response contains
Access token
you can use to connect with the API. The canRefresh token
be used to retrieve a new access token in case the access token can expire. In that case, an isexpires_in
given. Both the access token and the refresh token should be persisted to be used for future requests. - 6. To refresh an access token with the refresh token, call the token URL:
https://app.accounteer.com/oauth/v2/token?client_id=2_3166825788095593&client_secret=ndzjmzy1otq0mzfiodjhythhnwjiyzky2zdcxowe4mmq3mzu0nja0&refresh_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE0ODgyMDc4NjEsImlMTQ4ODIwNzg2MSwiZXhwIjDg4MjExNDYxLCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbn9.64p3eQDfOJX48ws9XWF2fxFbXfItJVLD1ORJOQk8DXjqLUq29wf2snXvkeQddgKq7gQ4AIxm_fbLb1tL3OewDQ&redirect_uri=https://accounteer.com&grant_type=refresh_token
if the refresh token has not expired you should be greeted with a JSON response containing your new access token and refresh token and see a response like below
{ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJiJ9.eyJleHAiOjE1MDM4NDQzMzIsIm5iZiI6MTQ4ODIwOTUzMiwiaWF0IjoxNDg4MjA5NTMyLCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbnQiOjJ9.kTVtfmMLOEBsBxKSeJupQ2RP0wo6kPyqWFxQvcuU5nk7hRKlwxZPurK0IlMXrWxa8ktab0Yquc5j9s1w", "expires_in": 3600, "token_type": "bearer", "scope": null, "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOixMiJ9.eyJleHAiOjE1MDM4NDQzMzIsIm5iZiI6MTQ4ODIwOTUzMiwiaWF0IjoxNDg4MjA5NTMyLCJidXNpbmVzcyI6NjIsInVzZXIiOjEwLCJjbGllbnQiOjJ9.kTVtfmMLOEBsBxKSeJupQ2RP0wo6kPyqWFxQvcuU5nk7hRKlw-mcurK0IlMXrWxa8ktab0Yquc5j9s1w" }
Once your request for a new access token is successful you are fully equipped and can go ahead and use this access token to request for resources on Accounteer.