Authentication & API Details

AccelBooks ensures that all API interactions are secure and authenticated using Auth0, with fine-grained permissions and UUIDs for enhanced security. This guide details how to authenticate API requests and outlines our security measures.

​

Overview

Authentication is mandatory for all API requests to guarantee that only authorized users can access sensitive financial data. We utilize Auth0, a leading identity provider, to manage user authentication securely.

​

Key Features:

• Auth0 Integration: Secure and scalable user authentication.
• Fine-Grained Permissions: Detailed access control for data security.
• UUIDs: Unique identifiers for all entities to enhance traceability and security.

​

Obtaining API Credentials

To interact with the AccelBooks API, you must have valid credentials, which include a client_id and client_secret. These are provided directly by our team to ensure proper setup and integration.

​

Steps to Obtain Credentials:

1. Contact AccelBooks: Reach out to our support or sales team to request API access.
2. Provide Application Details: Submit your application details, including your business needs and intended use of the API.
3. Receive Credentials: Upon approval, we will provide you with a client_id and client_secret specific to your application.

​

Authenticating Requests

Once you receive your credentials, use them to request an access token. This token must be included in the header of each API request.

​

Requesting an Access Token

POST https://{provided_url}/oauth/token
Content-Type: application/json

{
  "client_id": "your-client-id",
  "client_secret": "your-client-secret",
  "audience": "https://api.accelbooks.ai",
  "grant_type": "client_credentials"
}

​

Response:

{
  "access_token": "your-access-token",
  "token_type": "Bearer",
  "expires_in": 36000
}

Include the access_token in the Authorization header as a Bearer token for all subsequent API requests.

​

Using UUIDs

Each entity within the AccelBooks system (e.g., transactions, companies, developers) is identified by a UUID (Universally Unique Identifier). UUIDs ensure that each entity is globally unique and secure.

​

Fine-Grained Permissions

Fine-grained permissions allow you to specify exactly what data each authenticated user can access. When setting up your Auth0 roles, you can define permissions that match your organization’s security policies.

​

Example of Role-Based Access Control:

• Admin: Full access to all API endpoints.
• Developer: Access limited to developer-related endpoints.
• Auditor: Read-only access to financial reports and transactions.

​

Secure Best Practices

• Securely store credentials: Never hard-code credentials in your applications. Use environment variables or secure vaults.
• Rotate secrets regularly: Change your client secrets periodically to maintain security.
• Monitor and log access: Track API usage and access patterns to detect any anomalies.

For further assistance with setting up authentication or any other inquiries, please contact our support team.