When you create a bank account with the BILL v3 API, you can now enable bank account access to all users with the ADMINISTRATOR user role. Simply set accessToAdmins as true in your Create a bank account (POST /v3/funding-accounts/banks) or Update a bank account (PATCH /v3/funding-accounts/banks/{bankAccountId}) request.

See POST /v3/funding-accounts/banks and PATCH /v3/funding-accounts/banks/{bankAccountId} in the API reference for more information.

We have introduced a new Get API session details (GET /v3/login/session) endpoint. You can now get information about the current organization, current user, and MFA status of the organization.

See GET /v3/login/session in the API reference for more information.

An MFA ID is generated when you set rememberMe as true in your POST /v3/mfa/challenge/validate request.

To create a new MFA-trusted API session, you can now set an MFA ID and device name in your API login (POST /v3/login) request. In addition, BILL partners can create a new MFA-trusted API session by setting an MFA ID and device name in the API login as user (POST /v3/partner/login-as-user) request.

See POST /v3/login and POST /v3/partner/login-as-user in the API reference for more information.

On September 13, 2024, BILL will update the current API certificate for api.bill.com. Updating API certificates every 90 days is a common practice for maintaining a high level of security. We expect no impact to API services unless you are pinning certificates or are managing them manually.

BEST PRACTICE: Avoid certificate pinning

We highly recommend that you do not pin any BILL API certificates. Certificate pinning is not scalable, requires maintenance, and can cause downtime for your integrations in the production environment.

If you are pinning certificates for api.bill.com, update the certificate to use all five Root CAs listed on https://pki.goog/repository/ (GTS Root R1, GTS Root R2, GTS Root R3, GTS Root R4, and GlobalSign R4).

For questions or concerns, email us at [email protected].

We have introduced new features for the BILL webhook API. BILL partners can now perform subscription and event operations at the partner level.

As a BILL partner, when you create a subscription for events, you get event notifications for all the organizations created with your partner appKey. To create a subscription at the partner level, simply set the required header values. The base URL and body parameters in the POST /v3/subscriptions request are the same for partner users and organization users.

Partner-level header values for webhooksOrganization-level header values for webhooks
X-Idempotent-Key
Idempotency key. The key must be in the UUID4 format.
X-Idempotent-Key
Idempotency key. The key must be in the UUID4 format.
sessionId
Partner API session ID generated with /v3/partner/login
sessionId
API session ID generated with /v3/login
appKey
Application key sent to you by BILL when you create a partner account
devKey
Developer key sent to you by BILL when you create a developer account

We have introduced a set of Multi-Factor Authentication (MFA) API endpoints. There are two stages in the BILL MFA process.

  1. MFA setup: Add a valid phone number for setting up MFA in the organization (with POST /v3/mfa/setup), and then complete the setup by validating the entered phone number (with POST /v3/mfa/validate). At this point, the phone number is registered for the MFA sign in operation.

  2. MFA sign in: Generate an MFA challenge (with POST /v3/mfa/challenge), and then complete MFA sign in by validating the MFA challenge (with POST /v3/mfa/challenge/validate). At this point, your API session is MFA trusted.

OperationAPI endpoint
Add phone for MFA setupPOST /v3/mfa/setup
Validate phone for MFA setupPOST /v3/mfa/validate
Generate MFA challengePOST /v3/mfa/challenge
Validate MFA challengePOST /v3/mfa/challenge/validate

In the payments API response, you now receive information about the bills that a payment amount is applied to.

When you pay a bill with POST /v3/payments or when you pay multiple bills with one POST /v3/payments/bulk, you now see a billPayments object in the response. For each bill payment, the billPayment object includes the bill payment id, bill id, and amount applied to the bill.

See Payments for more information.