Sign in to your BILL sandbox developer account. In response, your API session is created and a sessionId is generated. Use the sessionId in all subsequent API calls to confirm that you are in a signed in session.

If your API session is inactive or idle for 35 minutes, the session expires and you are automatically signed out.

Note: After signing in, making any subsequent call resets the 35 minutes timer. You are required to sign in again and generate a new sessionId only if the session is inactive or idle for 35 minutes.

See API login best practices for more information.

Multi-Factor Authentication (MFA)

The following protected endpoints require MFA for login with a trusted API session:

Note: See Multi-factor authentication (MFA)/2-step verification in the BILL Help Center for more information about all the security measures in place for your BILL account operations.

Sign in with an MFA trusted API session is a three-step process:

  1. Sign in to generate a sessionId value with /Login.json.
  2. Generate an MFA challenge ID with /MFAChallenge.json. When you call /MFAChallenge.json, a token is sent to your mobile device registered with BILL.
  3. Authenticate the challenge ID and token with /MFAAuthenticate.json. At this point, the sessionId (from step one) is MFA trusted.
Click Try It! to start a request and see the response here!