API Access

Control which third-party services can connect to your finance data by issuing secure API tokens.

Generate Client Tokens

• Click Generate token to create a new credential for a partner or internal tool.

• Each token grants access to the client API immediately after creation.

• Regenerating a token revokes the previous key, ensuring that lost or compromised credentials cannot be reused.

Share Tokens Securely

• Distribute tokens through encrypted channels only—never paste them into public chats or emails.

• Store a copy in your internal password manager so authorized team members can retrieve it later.

Token List

When no tokens exist, the page displays the empty state message “No token yet” along with a reminder to generate your first key. Once tokens are created, the table includes:

• Reusable token indicator so you know which credentials power ongoing integrations.

• Current API key showing the masked value of each token.

• Controls to revoke or regenerate keys if access should be withdrawn.

Best Practices

• Rotate keys periodically, especially after staff changes.

• Revoke tokens immediately when an integration is no longer needed.

• Combine API access with user-level permissions to limit the data exposed to third parties.