When you create a vendor payment with a card account, we now require you to specify the card funding purpose for the payment. Set the card funding purpose as the vendor industry.

In your create payment request with POST /v3/payments, cardFundingPurpose is a new required body parameter for the CARD_ACCOUNT funding account type.

See POST /v3/payments in the API reference for more information.

In response to customer feedback, we have added check number information in the payments API response. When BILL processes your vendor payment as a check payment, the checkDisbursement object in the payments API response now includes the checkNumber field.

See POST /v3/payments in the API reference for more information.

In the bills API response, you now receive the total bill amount in addition to the existing bill line item amounts.

When you create any /v3/bills API request, you now see the amount field in the response. The amount value is the total bill amount. For a bill in an international currency (not USD), this value is in the local currency.

See Bills for more information.

When you create a bank account with the BILL v3 API, you can now enable bank account access to all users with the ADMINISTRATOR user role. Simply set accessToAdmins as true in your Create a bank account (POST /v3/funding-accounts/banks) or Update a bank account (PATCH /v3/funding-accounts/banks/{bankAccountId}) request.

See POST /v3/funding-accounts/banks and PATCH /v3/funding-accounts/banks/{bankAccountId} in the API reference for more information.

We have introduced a new Get API session details (GET /v3/login/session) endpoint. You can now get information about the current organization, current user, and MFA status of the organization.

See GET /v3/login/session in the API reference for more information.

An MFA ID is generated when you set rememberMe as true in your POST /v3/mfa/challenge/validate request.

To create a new MFA-trusted API session, you can now set an MFA ID and device name in your API login (POST /v3/login) request. In addition, BILL partners can create a new MFA-trusted API session by setting an MFA ID and device name in the API login as user (POST /v3/partner/login-as-user) request.

See POST /v3/login and POST /v3/partner/login-as-user in the API reference for more information.

On September 13, 2024, BILL will update the current API certificate for api.bill.com. Updating API certificates every 90 days is a common practice for maintaining a high level of security. We expect no impact to API services unless you are pinning certificates or are managing them manually.

BEST PRACTICE: Avoid certificate pinning

We highly recommend that you do not pin any BILL API certificates. Certificate pinning is not scalable, requires maintenance, and can cause downtime for your integrations in the production environment.

If you are pinning certificates for api.bill.com, update the certificate to use all five Root CAs listed on https://pki.goog/repository/ (GTS Root R1, GTS Root R2, GTS Root R3, GTS Root R4, and GlobalSign R4).

For questions or concerns, email us at [email protected].

We have introduced new features for the BILL webhook API. BILL partners can now perform subscription and event operations at the partner level.

As a BILL partner, when you create a subscription for events, you get event notifications for all the organizations created with your partner appKey. To create a subscription at the partner level, simply set the required header values. The base URL and body parameters in the POST /v3/subscriptions request are the same for partner users and organization users.

Partner-level header values for webhooksOrganization-level header values for webhooks
X-Idempotent-Key
Idempotency key. The key must be in the UUID4 format.
X-Idempotent-Key
Idempotency key. The key must be in the UUID4 format.
sessionId
Partner API session ID generated with /v3/partner/login
sessionId
API session ID generated with /v3/login
appKey
Application key sent to you by BILL when you create a partner account
devKey
Developer key sent to you by BILL when you create a developer account