EIGENN.
docsguidesapichangelogpricingsign in
EIGENN.

Authentication

Authenticate Eigenn public API v1 requests with a scoped API key or OAuth access token.

Protected Eigenn API operations accept one credential format:

Authorization: Bearer <token>

The token can be an Eigenn API key or an OAuth access token. The public contract does not document X-API-Key, query-string credentials, cookies, or basic authentication for protected resource operations.

Base URLs

EnvironmentBase URL
Productionhttps://api.eigenn.io/v1
Sandboxhttps://api-staging.eigenn.io/v1

The current public contract describes sandbox as staging-backed. Keep credentials and test records separated by environment.

API Keys

Create keys from Settings → Developer → API Keys.

  1. Select Create API Key.
  2. enter a service and environment name
  3. choose All, Read Only, or Restricted
  4. prefer Restricted and select the needed resource scopes
  5. create and copy the secret
  6. store it in a server-side secret manager

Only a workspace owner can create, rotate, or revoke a team API key. Plan limits apply. The full secret appears only once.

Example:

curl --request GET \
  --url https://api.eigenn.io/v1/customers?pageSize=25 \
  --header "Authorization: Bearer $EIGENN_API_TOKEN" \
  --header "Accept: application/json"

This request requires customers.read.

Scope Presets

PresetMeaning
apis.allExpands to every public resource read and write scope.
apis.readExpands to every public resource read scope.
RestrictedStores only the selected resource scopes.

Operations document the exact scope they require. Common pairs include customers.read and customers.write, invoices.read and invoices.write, transactions.read and transactions.write, and reports.read and reports.write.

An API key with no granted scopes is rejected. A key also stops working when its user no longer has access to the bound team.

OAuth

The public authorization server supports:

  • authorization code
  • refresh token
  • client credentials

Create and manage OAuth applications in Settings → Developer → OAuth Applications.

The authorization flow validates:

  • client ID
  • exact registered redirect URL
  • requested scopes
  • selected team membership
  • S256 PKCE for public clients

Authorization and token endpoints:

  • https://api.eigenn.io/v1/oauth/authorize
  • https://api.eigenn.io/v1/oauth/token

OAuth-capable clients can use the discovery documents at:

  • https://api.eigenn.io/.well-known/oauth-protected-resource
  • https://api.eigenn.io/.well-known/oauth-authorization-server

Do not treat an OAuth application secret as an API key. Follow the selected OAuth grant and send the resulting access token as a bearer token.

401 and 403

StatusMeaning
401Authorization is missing, malformed, invalid, expired, or not bound to an accessible team.
403Authentication succeeded, but the credential lacks a required scope.

Scope errors can include the required and granted scopes. Log the response request ID when present before contacting support.

Credential Handling

  • Never embed a privileged token in browser or mobile code.
  • Do not put a token in a URL.
  • Use one credential per service and environment.
  • Rotate by deploying a replacement before revoking the old key.
  • Remove unused OAuth redirect URLs.
  • Revoke access when a vendor or team member no longer needs it.
  • Avoid All access when a pair of read or write scopes is sufficient.

Verify a New Credential

With users.read, call:

curl --request GET \
  --url https://api.eigenn.io/v1/users/me \
  --header "Authorization: Bearer $EIGENN_API_TOKEN"

A successful response identifies the authenticated user. Confirm the user and environment before testing a write.

Related Pages

  • Developer API Setup
  • Errors
  • Rate Limits
  • Developer Platform

API Reference

Authenticate, call, and monitor Eigenn public API resources.

Bank Accounts API

List and manage team-scoped bank account records through public API v1.

On this page

Base URLsAPI KeysScope PresetsOAuth401 and 403Credential HandlingVerify a New CredentialRelated Pages

Eigenn docs

current product

Overview
Overview
OverviewAccount PreferencesAssistant AutomationAssistant Command CenterBank ConnectionsBilling and UsageBudgets and ForecastCommand CenterCustomer LifecycleCustomer RecordsCustomersDeveloper PlatformDocument Processing and ExtractionDocument VaultFinancial Analytics and ReportsFinancial OverviewInvoice InsightsInvoice ProductsInvoicesMarketplace IntegrationsNotifications and BrandingOnboarding and SupportOverviewReceivablesReceivables AnalyticsReceivables ControlsSecurity and AccessSettings OverviewStress TestsTeams and OrganizationsTone Profiles and ExperimentsTransaction Categories and RulesTransactionsWeekly Finance RitualWorkflow ExecutionsWorkflow PausesWorkflowsWorkspace Inbox and Approvals
OverviewBuild and Review a ForecastBuild Your First WorkflowConfigure Assistant OperationsConfigure Notifications and BrandingConfigure Receivables ControlsConnect Transaction RecordsCreate and Manage CustomersCreate and Send InvoicesDeveloper API SetupFirst Cash ReviewInvoice Collection WorkflowMaintain Transaction RulesManage Security and BillingManage Team AccessManage the Invoice LifecycleMCP WorkflowsMonitor and Recover WorkflowsOrganize and Share DocumentsProcess Inbox ItemsReconcile and Categorize TransactionsReview a Customer Finance RecordRun a Finance Operating ReviewRun a Receivables Tone ExperimentRun a Runway Stress TestRun Your First Command Center ReviewSet Up a WorkspaceTroubleshoot Account AccessWebhook DeliveryWeekly CFO Review
OverviewIntegrationsMCPSDKsWebhooks
OverviewAuthenticationBank Accounts APICustomers APIErrorsForecasts and Stress Tests APIInvoice Payments APIInvoices APIPaginationRate LimitsTransactions APIWebhooks API StatusWorkflows API Status
Overview
Overview