FinzBooksDevelopers
Sign in
Public API v1

Build with FinzBooks

A GST-first, REST + JSON API for Indian SMB bookkeeping. Invoices, bills, payments, reports, webhooks — same operations as the dashboard, scriptable from any language. external bookkeeping app-compatible field shape so migrations are one-line changes.

Get an API TokenOpen API ReferenceTry the Playground

Quickstart

From zero to first API call in under five minutes.

# 1. Mint a Personal Access Token from Settings → Developer
# 2. Export it
export AIBOOKS_TOKEN="aibk_pat_..."

# 3. List your invoices
curl -X GET 'http://localhost:8000/api/public/v1/invoices?per_page=10' \
  -H "Authorization: Bearer $AIBOOKS_TOKEN" \
  -H "Content-Type: application/json"

What you can build

65 endpoints across 24 resources — every CRUD operation the FinzBooks dashboard does is available over REST.

7 routes

Invoices

Create, approve, void; GST split + branch numbering

9 routes

Bills & Expenses

Vendor bills, RCM, ITC-blocked, direct payments

6 routes

Contacts

Customers + vendors with nested addresses + contact persons

7 routes

Items & Taxes

Item master with HSN/SAC, GST tax catalogue

14 routes

Reports

P&L, Balance Sheet, Trial Balance, GSTR-1/3B, AR/AP aging

4 routes

Bulk + Webhooks

Bulk POST for 50 docs/call, signed webhook events

Core concepts

Cross-cutting behaviour every endpoint inherits. Read once, applies everywhere.

Authentication

Bearer-token auth. Mint PATs from the Developer Settings page or get OAuth tokens via /oauth/authorize.

Envelopes

Lists return {code, message, <plural>, page_context}. Single resources return {code, message, <singular>}.

Pagination

Cursor-based, opaque. Pass page_context.next_cursor as ?cursor= to walk. has_more_page: false ends the walk.

Idempotency

Every POST accepts Idempotency-Key. Retries within 24h replay the original response — safe to retry on network blips.

Rate limits

600 req/min default, 3,000 req/min partner. Headers expose remaining + reset on every response.

Webhooks

Register endpoints from Settings → Developer → Webhooks. POSTs are signed with HMAC-SHA256; reject events > 5 min old.

Authentication

Two issuance paths, one verification layer. Pick the one that matches your integration.

Personal Access Token

aibk_pat_…

One-step token for server-side integrations, CI pipelines, internal tools. Mint from Settings → Developer; raw value shown once. Choose single-org or multi-org binding at creation.

Mint a token

OAuth 2.0

aibk_oat_…

Authorization Code + PKCE flow for partner apps where end-users grant access to their FinzBooks account. Short-lived (1h) access tokens with refresh tokens + rotation + replay detection.

Register an OAuth app

Ready to integrate?

Mint a token, point your favourite HTTP client at /api/public/v1, and start shipping. The full reference + Try-It-Out console is one click away.

Get an API TokenAPI Reference