Authentication

The Imprest API uses OAuth 2.0 for authentication. All API requests must include a valid access token and an organization identifier.

OAuth 2.0 Flow

Imprest implements the Authorization Code flow, which is the recommended approach for server-side applications.

1. Register your application
Contact us to register your application and receive your client_id and client_secret.
2. Redirect to authorization
Send the user to our authorization endpoint:
https://imprest.ai/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=money_in+money_out+reports

3. Exchange code for tokens

After the user authorizes, exchange the code for access and refresh tokens:

Token exchange

curl -X POST https://imprest.ai/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "authorization_code",
    "code": "AUTH_CODE",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "redirect_uri": "YOUR_REDIRECT_URI"
  }'

Response

{
  "access_token": "eyJhbGciOiJSUzI1NiJ9...",
  "token_type": "Bearer",
  "expires_in": 7200,
  "refresh_token": "abc123def456...",
  "scope": "money_in money_out reports",
  "created_at": 1711065600
}

4. Use the access token
Include the access token and organization ID in every API request:
Authorization: Bearer YOUR_ACCESS_TOKEN X-Organization-Id: YOUR_ORGANIZATION_ID
5. Specify the organization
If your token has access to multiple organizations, include the X-Organization-Id header to specify which organization to operate on. Omitting it when multiple organizations are available will return an error.

6. Refresh expired tokens

Access tokens expire after 2 hours. Use the refresh token to get a new one:

Refresh token

curl -X POST https://imprest.ai/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "refresh_token",
    "refresh_token": "YOUR_REFRESH_TOKEN",
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET"
  }'

Scopes

Request only the scopes your integration needs. The default scope is reports.

Scope	Description
money_in	Manage invoices and receivables
money_out	Manage bills and payables
banking	Bank connections and transactions
accounting	Chart of accounts and categorization
journal_entries	Manual journal entries
transfers	Account transfers
taxes	Tax rates and settings
close_books	Period closing entries
reports	Financial reports (default)
settings	Organization settings
team	Team member management
payroll_view	View payroll data
payroll_manage	Manage payroll runs
documents	Document uploads and extraction
time_tracking_view	View time entries
time_tracking_manage	Create and edit time entries
time_tracking_approve	Approve time entries

Error Responses

Authentication errors return standard OAuth 2.0 error responses:

Status	Meaning
401	Invalid or expired access token
403	Insufficient scope for the requested resource

Authentication

OAuth 2.0 Flow

1. Register your application

2. Redirect to authorization

3. Exchange code for tokens

4. Use the access token

5. Specify the organization

6. Refresh expired tokens

Scopes

Error Responses