API Documentation

Authentication

The way of being super sneaky and secure

OAuth Authentication

Billit uses OAuth 2.0 as the standard authentication method to ensure security, scalability, and user control.

  • Mandatory for multi-user integrations: Any integration that serves multiple Billit users must use OAuth.
  • Optional for single-user use: For personal or single-tenant use cases, OAuth is recommended but not required.

Why OAuth?

  • Stronger security than API keys
  • Users explicitly grant and revoke access by logging in
  • Users can disconnect integrations at any time

Getting Started

  1. Review the Getting Started with OAuth guide.
  2. Contact Billit Support to request OAuth credentials.
    • You will receive a Client ID and Client Secret for sandbox testing.
  3. Once your integration is ready for production, submit it for approval.
    • After approval, production credentials will be issued.



sequenceDiagram 
    participant Developer
    participant Billit
    
Developer->>Billit: send mail to [email protected] to to request Client ID and Secret for AppName and Redirect URL on Sandbox.
Billit->>Developer: confirms with Client ID & Secret	for Sandbox

OAuth 2.0 Flow


sequenceDiagram
    participant User
    participant App
    participant BillitAuth as Billit Auth Server
    participant Backend

    User->>App: Click "Login with Billit"
    App->>BillitAuth: Redirect (client_id, redirect_uri, scopes)
    BillitAuth->>User: Login & consent screen
    User->>BillitAuth: Credentials + consent
    BillitAuth->>App: Redirect with auth_code → redirect_uri
    App->>Backend: Send auth_code
    Backend->>BillitAuth: Exchange code for tokens (client_id, secret)
    BillitAuth->>Backend: Access_token + refresh_token
    Backend->>App: Session established