Authentication

The way of being super sneaky and secure

πŸ”’ Authentication (OAuth or API key?)

🚧

Secret Keys

Billit places paramount importance on the security of your authentication keys. Under no circumstances will Billit request your secret keys.

Sharing these keys poses a significant security risk. If you suspect that your keys have been compromised, please reach out to Billit immediately so we can take the necessary steps to secure your account.

Authentication Methods: API Key vs. OAuth

Upon creating a Billit account, you gain immediate access to API authentication through an API Key, easily located in the Billit Application under your profile. This key is unique to your account and is not limited to a single company within Billit, allowing for versatile use across multiple entities associated with your account.

API Key Authentication

  • Getting Started:Your API Key is found under 'Profile' -> 'Users & API Key'. It's crucial to keep this key confidential and store it securely.
  • Usage instructions:
    • For general API calls, include your API Key in the request header.
    • To specify the company for the API call, include the Company/PartyID in the request. This detail is essential when your account is linked to multiple companies.
    • For accountants managing multiple companies, include both the ContextCompanyID (accountant's ID) and the PartyID (company's ID) in the request headers.

OAuth Authentication

Billit advocates for the use of OAuth for enhanced security and scalability, particularly for integrations intended for multiple users. While OAuth is not obligatory for individual use, it becomes a requirement for live integrations serving numerous users.

  • Getting Started with Oauth:
    • To initiate OAuth authentication, contact Billit support at [email protected] requesting OAuth credentials. You'll need to provide a Redirect URL and the name of your integration.
    • Upon review, Billit support will furnish the OAuth Client ID and Secret for sandbox testing. To obtain credentials for the production environment, your application must first be approved for production use.

Summary o fheader fields for API Calls

RequriedHeader field nameExample Value
YesapiKey"YourAPIKey"
As NeededpartyIDCompany ID
For accountants casesContextPartyIDAccountant's Company ID

By adhering to these guidelines, developers can ensure secure and efficient access to Billit's API, leveraging the appropriate authentication method to suit their application's needs.