Access Point information
Start typing to search…

Authentication

Secured Authentication

Authentication Method: API Key

Upon creating a Billit account, you gain immediate access to API authentication through an API Key, easily located in the Billit Application under the profile of the user. Make sure this is a user who has access to the master account. This key is unique to your account and is not limited to a single company within Billit, allowing for versatile use across multiple entities associated with your account.

API Key Authentication

  • **Getting Started:**Your API Key is found under 'Profile' -> 'Users & API Key'. It's crucial to keep this key confidential and store it securely.
  • Usage instructions:
    • For general API calls, include your API Key in the request header.
    • To specify the company for the API call, include the Company/PartyID in the request. This detail is essential when your account is linked to multiple companies.
    • For accountants managing multiple companies, include both the ContextCompanyID (accountant's ID) and the PartyID (company's ID) in the request headers.

Where to find the API key

Login with your user in MyBillit. Your API Key is found under 'My Profile'.

API key in Detail Screen My Profile:

From this interface, you can also renew the API key and apply this new key for your API-communication.

Secret Keys

🚧

Billit places paramount importance on the security of your authentication keys. Under no circumstances will Billit request your secret keys.

Sharing these keys poses a significant security risk. If you suspect that your keys have been compromised, please reach out to Billit immediately so we can take the necessary steps to secure your account.

Include PartyID of Master account in header

On production environment, a check will be done that you are entitled to use the API. This is why PartyID of master account needs to be present in the header.

Explanation:

  1. Path/URL contains the RegistrationID of the entity/subaccount you are using
  2. Header contains partyID = the RegistrationID of the master account

When partyID is needed:

EnvironmentKYC identification APIAny other API
SandboxMandatoryAllowed
ProductionMandatoryMandatory

Later Step : Renewal with token

An additional Security layer will be in the future : with a refresh token access can be renewed and kept alive. There will be one active token for all your accounts.

Information will be added when available.

Updated 23 days ago