Authentication
The API uses two layers of authentication.
1
Developer login — manage applications
Sign in to create and manage applications. Endpoints under Applications require a Bearer JWT obtained from /auth/sign-in. Use the Sign in button at the top right — the portal stores the token and attaches it automatically when you test those endpoints.
2
Access tokens — call the API
Your application exchanges its client_id and client_secret at the token endpoint for a short-lived access token, sent as a Bearer header on every resource request.
Authorization header
Authorization: Bearer <access_token>Tip: run POST /oauth/token in its “Try it” console — the returned access token is captured automatically and reused for the resource and invoice endpoints.