API Reference

Authentication

📘

API Keys

To get your API Key please see the Getting Started guide.

All requests to our Public API must be authenticated using API Keys. This guide will explain how to manage your API key and use it for secure access to the API.

Using Your API Key

To authenticate your requests, include your API Token in the Authorization header of every API call. Here are some examples:

curl --request GET \
     --url https://api.itmc.i.moneyforward.com/api/v1/organizations/00000000 \
     --header 'accept: application/json' \
     --header 'authorization: Bearer <YOUR API KEY>'

// npm install axios --save
const axios = require('axios');

const options = {
  method: 'GET',
  url: 'https://api.itmc.i.moneyforward.com/api/v1/organizations/00000000',
  headers: {accept: 'application/json', authorization: 'Bearer <YOUR API KEY>'}
};

axios
  .request(options)
  .then(function (response) {
    console.log(response.data);
  })
  .catch(function (error) {
    console.error(error);
  });

# python -m pip install requests
import requests

url = "https://api.itmc.i.moneyforward.com/api/v1/organizations/00000000"

headers = {
    "accept": "application/json",
    "authorization": "Bearer <YOUR API KEY>"
}

response = requests.get(url, headers=headers)

print(response.text)

In this example, replace <YOUR API KEY> with the actual token you received and the 00000000 with your Organization ID (see the Getting Started ). The API will use this token to verify your identity and authorize the requested actions.

For errors please see the Errors page.

Managing your API Key

Your API keys are essential for authenticating with our Public API. Once you have obtained your key (see the Getting Started ), you should store it securely.

The API Keys:

  • They do not expire, so you can use the same key indefinitely.
  • They have full access to all resources.
  • API keys are suspended if the person who created them is deleted.
  • API keys remain active even after the person who created them loses Admin access.
  • An organization can have up to 20 API keys at a time.
  • API keys are only visible immediately after creation; once the modal is closed, the key is no longer accessible.

To view your available API keys, navigate to Settings > API Keys. Here you can see all API keys and their statuses, including:

  • Name of the key.
  • The person who generated the key.
    • If the user who created the key has been deleted, this information is not available.
  • Time of key generation.
  • Time of last activity.

❗️

Never expose your API key to unauthorized individuals or publicly!

Your API key grants access to your account and its resources. Never expose your API key to unauthorized individuals or publicly. Treat it like a password and store it securely.

If you believe your key has been compromised, delete it from the Settings > API Keyspage.