Skip to main content

Public API Overview

The Fiskl public API lets you read and update your accounting data from your own software, connect third-party apps, and react to changes as they happen. This overview explains how the four building blocks fit together so you can choose the right one for your task.

info

Beta Notice: The API, Webhooks, and MCP server are currently in Beta. This means these tools are actively in development; stability is not fully guaranteed and endpoints may change without notice. We encourage you to use this period to familiarise yourself with the system, and we will notify all users once they reach general availability.

What the Public API Is

The public API is a stable set of web endpoints under /v1 — for example /v1/clients and /v1/invoices. You send a request with a token, and Fiskl returns your company's data as JSON. Every request is authenticated and limited to what the token is allowed to do.

The full, interactive reference lives at api-docs.fiskl.com. There you can browse every endpoint, see example responses, and try calls in the browser. This help section explains the concepts around that reference: how to get a token, how access is scoped, and how to receive events.

The Four Building Blocks

These four features work together. Most integrations use two or three of them.

Building blockWhat it isUse it when
API keysA token (fsk_…) you create for your own scripts and toolsYou are building your own integration or one-off automation
Connected apps (OAuth)A registered app that other Fiskl users authorise to act on their behalfYou are building an app or connector for other people to use
API endpointsThe /v1 requests that read and change your dataAny time you read or update Fiskl data programmatically
WebhooksNotifications Fiskl sends to your system when something happensYou need to react to events such as an invoice being paid

A simple way to remember the difference between the two token types: an API key is for your own access, while a connected app lets someone else's app access a user's data with that user's consent.

How Access Is Controlled

Every request carries a token in the Authorization header, and Fiskl checks two things: that the token is valid, and that it is allowed to perform the action.

  • API keys use fine-grained permissions, such as invoice.read. You select these on a grid when you create the key, and you can only grant permissions you hold yourself.
  • Connected apps use coarser scopes, such as invoicing:read. The person authorising the app approves these scopes on a consent screen.

In both cases, a token can never do more than its owner can. If your permissions change, every token you created reflects that change immediately.

Choosing Your Path

  1. To call the API from your own code, create an API key, then follow Make Your First API Request.
  2. To build an app others will connect, register a connected app and use the OAuth flow.
  3. To react to changes in Fiskl, set up webhooks.
info

The interactive endpoint reference at api-docs.fiskl.com always reflects the current API. Use it alongside these guides to see exact fields and example responses.

Guides