Overview
API tokens let you connect external tools and services to your Beeswax account. Each token is linked to a specific user and account, and all API calls using that token operate in the context of that account.
Key characteristics:
- Account-specific — Each token is tied to a single account. This is useful for bookkeepers managing multiple client accounts.
- Scope-based — Tokens are granted specific permissions (scopes) that control what they can access.
- Revocable — Tokens can be deactivated at any time without deleting them.
- Auto-revoked — Tokens are automatically invalidated when the account's subscription becomes inactive.
- Usage tracked — The system records when each token was last used.
Creating a Token
Navigate to your company profile and find the API Tokens section.
Fields
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive label to identify what this token is used for. |
| Scopes | Yes | The permissions granted to this token. |
| Expires At | No | An optional expiration date. The token stops working after this date. |
Important
The full token value is only shown once — immediately after creation. Copy it and store it securely. You will not be able to view the full token again.
Available Scopes
Scopes control what actions a token can perform via the API.
| Scope | Description |
|---|---|
| expenses:write | Create and update expenses |
Additional scopes for invoices, projects, tasks, time entries, and other resources will be added in future updates.
Authentication
Include your API token in the Authorization header of your HTTP requests:
Authorization: Bearer YOUR_API_TOKEN
Alternatively, you can pass it as a query parameter (less secure):
https://app.beeswaxapp.com/api/expenses?auth_token=YOUR_API_TOKEN
Available API Endpoints
| Endpoint | Method | Description | Required Scope |
|---|---|---|---|
| /api/accounts | GET | List all available accounts | All |
| /api/accounts/active | GET | Get the active account | All |
| /api/projects | GET | List all active projects | projects:read |
| /api/projects/:id | GET | Get a specific project | projects:read |
| /api/expenses | GET | List expenses | expenses:read |
| /api/expenses/:id | GET | Get a specific expense | expenses:read |
| /api/expenses | POST | Create a new expense | expenses:write |
| /api/expenses/:id | PUT | Update an expense (not yet finalised) | expenses:write |
| /api/imports | GET | List import types | All |
| /api/imports | POST | Create an import | All |
Integration Examples
Zapier
- Choose Webhooks by Zapier as your action.
- Set the URL to
https://app.beeswaxapp.com/api/[endpoint]. - Add a custom header:
Authorization: Bearer YOUR_API_TOKEN. - Set the request type to POST.
- Configure the JSON body with the required fields.
N8n
- Add an HTTP Request node.
- Set the method to POST.
- Set the URL to
https://app.beeswaxapp.com/api/[endpoint]. - Under Authentication, select Generic Credential Type and choose Header Auth.
- Set the header name to
Authorizationand value toBearer YOUR_API_TOKEN.
Managing Tokens
Editing
You can update a token's name, scopes, and expiration date. The token value itself cannot be changed — use regenerate to create a new value.
Revoking
Revoking a token deactivates it immediately. Revoked tokens can no longer authenticate API requests. The token record is kept for audit purposes.
Deleting
Deleting a token removes it permanently from the system.
Security
- Never share tokens publicly — Treat API tokens like passwords. Do not commit them to version control or include them in client-side code.
- Use scopes wisely — Grant only the minimum permissions needed for each integration.
- Set expiration dates — For temporary integrations, set an expiration date so the token automatically stops working.
- Monitor usage — Check the "last used" timestamp to identify unused or potentially compromised tokens.
- Subscription-linked — If your subscription lapses, all tokens are automatically revoked and API access is disabled.
Permissions by Role
| Action | Owner | Super Admin | Admin | Accountant | General | Client |
|---|---|---|---|---|---|---|
| Create tokens | Yes | Yes | No | No | No | No |
| View tokens | Yes | Yes | No | No | No | No |
| Edit tokens | Yes | Yes | No | No | No | No |
| Revoke tokens | Yes | Yes | No | No | No | No |
| Delete tokens | Yes | Yes | No | No | No | No |
Key Notes
- Only Owners and Super Admins can manage API tokens.
- Admins, Accountants, General Users, Contractors, and Clients cannot access API token management.
- API token management requires the accounting add-on on your subscription plan.