BILL keys and tokens
BILL provides a set of keys and tokens for different API products and capabilities.
Developer key
With the developer key, you can build with the BILL AP, AR, BILL network, and webhook workflows. These workflows are at the BILL organization level. See Sandbox API sign up to learn how to generate a developer key.
When you generate a developer key, the key is available for you to use with any of your test organizations and test users.
In this cURL example, you sign in with POST /v3/login
. The generated sessionId
in the response is available only for the selected devKey
in your request.
curl --request POST \
--url 'https://gateway.stage.bill.com/connect/v3/login' \
--header 'content-type: application/json' \
--data '{
"username": "{username}",
"password": "{password}",
"organizationId": "{organization_id}",
"devKey": "{developer_key}"
}'
From the API response, use the generated sessionId
and your devKey
as header fields in all subsequent API calls. If your API session is inactive for 35 minutes, the session expires and you are automatically signed out.
AP/AR sync token
As a BILL app partner, you can onboard your customers with an AP/AR sync token and easily limit their capabilities. For example, BILL payment capabilities are not available when your customers sign in with the AP/AR sync token. See AP/AR sync token-based sign in to learn how to generate an AP/AR sync token.
In this cURL example, you sign in with POST /v3/login
. The generated sessionId
in the response is available only for the selected devKey
in your request.
curl --request POST \
--url 'https://gateway.stage.bill.com/connect/v3/login' \
--header 'content-type: application/json' \
--data '{
"username": "{apar_sync_token_name}",
"password": "{apar_sync_token_value}",
"organizationId": "{organization_id}",
"devKey": "{developer_key}"
}'
From the API response, use the generated sessionId
and your devKey
as header fields in all subsequent API calls. The generated sessionId
expires when it is inactive for 48 hours, and provides limited access to the BILL API.
Accountant Console API token
With the Accountant Console API token, you can sign in to your client organizations and perform all BILL AP and AR operations with the BILL v3 API. See BILL Accountant Console operations to learn how to generate a Console API token.
AP/AR sync token-based sign in is available with
POST /v2/Login.json
You must sign in with the BILL v2 API login operation (
POST /v2/Login.json
) when you use the AP/AR sync token.
In this cURL example, you sign in with POST /v2/Login.json
. The generated sessionId
in the response is available only for the selected devKey
in your request.
curl --request POST \
--url 'https://api-stage.bill.com/api/v2/Login.json' \
--header 'accept: application/json' \
--data 'userName={console_admin_email}' \
--data 'password={console_api_token}' \
--data 'orgId={client_organization_id}' \
--data 'devKey={client_developer_key}'
From the API response, use the generated sessionId
and your devKey
as header fields in all subsequent API calls. If your API session is inactive for 35 minutes, the session expires and you are automatically signed out.
Spend & Expense API token
A Spend & Expense API token is required for you to begin testing with the Spend & Expense API. You can build with budgets, users, and virtual cards. In addition, you can manage transactions and reimbursements. See Authentication with Spend & Expense API token to learn how to generate a Spend & Expense API token.
In this cURL example, we get a list of budgets. The required header field is your Spend & Expense apiToken
. There is no API login required before you begin testing with the Spend & Expense API.
curl --request GET \
--url 'https://gateway.stage.bill.com/connect/v3/spend/budgets' \
--header 'apiToken: {se_api_token}' \
--header 'Accept: application/json'
Partner app key
As a BILL partner, you can perform partner-level operations, which include creating an organization, and then creating and managing users for that organization. See BILL partner operations for more information.
In this cURL example, you sign in with POST /v3/partner/login
. The generated sessionId
in the response is available only for the selected devKey
in your request.
curl --request POST \
--url 'https://gateway.stage.bill.com/connect/v3/partner/login' \
--header 'content-type: application/json' \
--data '{
"username": "{username}",
"password": "{password}",
"appKey": "{partner_app_key}"
}'
From the API response, use the generated sessionId
and your appKey
as header fields in all subsequent partner API calls. For managing users for an organization you have created, the organizationId
is an additional required header field. If your API session is inactive for 35 minutes, the session expires and you are automatically signed out.
Updated about 11 hours ago