In the bills API response, you now receive the total bill amount in addition to the existing bill line item amounts.
When you create any /v3/bills API request, you now see the amount field in the response. The amount value is the total bill amount. For a bill in an international currency (not USD), this value is in the local currency.
See Bills for more information.
We have added two new recipes for showcasing more workflows with the v3 API.
| Recipe | Description |
|---|---|
| Connect with a BILL network vendor | In this recipe, we search for and invite a network vendor. |
| Expense management with users, budgets, and virtual cards | In this recipe, we create a Spend & Expense user for a budget and then assign the user to a budget. In addition, we create a virtual card and assigned it to the budget user. |
When you create a bank account with the BILL v3 API, you can now enable bank account access to all users with the ADMINISTRATOR user role. Simply set accessToAdmins as true in your Create a bank account (POST /v3/funding-accounts/banks) or Update a bank account (PATCH /v3/funding-accounts/banks/{bankAccountId}) request.
See POST /v3/funding-accounts/banks and PATCH /v3/funding-accounts/banks/{bankAccountId} in the API reference for more information.
We have introduced a new Get API session details (GET /v3/login/session) endpoint. You can now get information about the current organization, current user, and MFA status of the organization.
See GET /v3/login/session in the API reference for more information.
An MFA ID is generated when you set rememberMe as true in your POST /v3/mfa/challenge/validate request.
To create a new MFA-trusted API session, you can now set an MFA ID and device name in your API login (POST /v3/login) request. In addition, BILL partners can create a new MFA-trusted API session by setting an MFA ID and device name in the API login as user (POST /v3/partner/login-as-user) request.
See POST /v3/login and POST /v3/partner/login-as-user in the API reference for more information.
We have introduced Guides section documentation for working with the BILL Spend & Expense API. The BILL Spend & Expense API enables you to build with virtual card and expense management services for real-time visibility and control over the finances of a business.
On September 13, 2024, BILL will update the current API certificate for api.bill.com. Updating API certificates every 90 days is a common practice for maintaining a high level of security. We expect no impact to API services unless you are pinning certificates or are managing them manually.
We highly recommend that you do not pin any BILL API certificates. Certificate pinning is not scalable, requires maintenance, and can cause downtime for your integrations in the production environment.
If you are pinning certificates for api.bill.com, update the certificate to use all five Root CAs listed on https://pki.goog/repository/ (GTS Root R1, GTS Root R2, GTS Root R3, GTS Root R4, and GlobalSign R4).
For questions or concerns, email us at [email protected].
We have introduced new features for the BILL webhook API. BILL partners can now perform subscription and event operations at the partner level.
As a BILL partner, when you create a subscription for events, you get event notifications for all the organizations created with your partner appKey. To create a subscription at the partner level, simply set the required header values. The base URL and body parameters in the POST /v3/subscriptions request are the same for partner users and organization users.
| Partner-level header values for webhooks | Organization-level header values for webhooks |
|---|---|
X-Idempotent-KeyIdempotency key. The key must be in the UUID4 format. | X-Idempotent-KeyIdempotency key. The key must be in the UUID4 format. |
sessionIdPartner API session ID generated with /v3/partner/login | sessionIdAPI session ID generated with /v3/login |
appKeyApplication key sent to you by BILL when you create a partner account | devKeyDeveloper key sent to you by BILL when you create a developer account |
We have introduced a set of Multi-Factor Authentication (MFA) API endpoints. There are two stages in the BILL MFA process.
MFA setup: Add a valid phone number for setting up MFA in the organization (with POST /v3/mfa/setup), and then complete the setup by validating the entered phone number (with POST /v3/mfa/validate). At this point, the phone number is registered for the MFA sign in operation.
MFA sign in: Generate an MFA challenge (with POST /v3/mfa/challenge), and then complete MFA sign in by validating the MFA challenge (with POST /v3/mfa/challenge/validate). At this point, your API session is MFA trusted.
| Operation | API endpoint |
|---|---|
| Add phone for MFA setup | POST /v3/mfa/setup |
| Validate phone for MFA setup | POST /v3/mfa/validate |
| Generate MFA challenge | POST /v3/mfa/challenge |
| Validate MFA challenge | POST /v3/mfa/challenge/validate |
The PENDING risk verification decision status is now updated to IN_PROGRESS. We made this update for further simplifying the meaning of different status values.
See POST /v3/risk-verifications in the API reference for more information.
