You can now manage your API credentials under Settings>Integrations>API access management. To gain API access initially, you need to contact Spendesk account management team.
API credentials allow developers to connect to your Spendesk entity, retrieve and edit information in it according to the permissions you grant. However, access to API credentials requires prior approval from Spendesk support to ensure proper authorization.
Implementing API Access
In order to create a new API client ID and client secret (think of it as login and password) follow these steps:
Click on the
Create new keybutton.Enter a name and a description for this API access. It's important to mention the purpose these credentials will serve so that anyone can easily identify them later (think about someone new coming in and trying to understand the purpose of each API access).
Choose an expiration date. The expiration date cannot be later than one year from today. But if you are sharing these credentials with an external development team, make it as short as practically possible. If unsure, always start with shorter validity periods (e.g. one month) - you can always create new API credentials, with the same validity period or longer, based on the new level of trust you have. It is not possible to extend the validity of existing API credentials - new ones need to be created.
Select permissions you want to grant to this set of credentials. Our growing list of API features currently includes the following:
Retrieve payables
Retrieve payable attachments
Retrieve settlements
Retrieve bank fees
Retrieve wallet loads
Retrieve wallet summary
Retrieve users (members) of the company
Retrieve suppliers
Retrieve analytical fields and values
Retrieve cost centers
Retrieve expense categories
Check the box to acknowledge that the new API credentials will provide access to the features and data selected abov It is important to note that permissions should align strictly with usage needs to minimize risk and ensure secure API operations.e.
Once you click on Create API key you will see a modal with a client ID and client secret.
Store them in a secure password vault and never share them via messaging/email. Additionally, it is recommended to conduct periodic reviews of stored credentials and revoke those no longer in use.
This is the only moment you will ever see the client secret in clear text - it is not possible to retrieve it again.
If you lose the 'client secret', you will need to generate a new set of credentials.
Troubleshooting and FAQs
I don’t see the API options in my Spendesk account. Verify whether your account is on the Enterprise plan. The API features are unavailable for accounts on other plans, such as Premium.
Can I recover my Client Secret if I lose it? No, the Client Secret is shown only once during key creation. If lost, you must create new API credentials.
What if I don’t have Administrator permissions? Contact the Account Owner or Administrator for your account and request either Administrator access or that they create the API credentials for you.