π Web app | π€ Developer (Admin)
The Yokoy API is a REST API that allows organizations to submit expenses, consult transactions, and manage invoices in Yokoy. Only developer roles can request API credentials for the Yokoy API.
π‘ Tip
New to the Yokoy API? Check out Yokoy Developer.
π§ Developer role users with API credentials
Users with a Developer role are organization-scoped. This means that once they hold API credentials, they have permissions to modify master data for different legal entities.
When you request API credentials, you receive the client ID and client secret that are used to generate an access token for the Yokoy API. The generated access token must be used to authenticate all calls to the API.
To generate an access token, see Authentication and authorization. API credentials are valid for the entire organization, regardless of the user who submits the calls.
You can generate the API credentials in Yokoy yourself if you are a developer user. If you are not a developer user, you need to ask your Yokoy admin for permissions to perform this task.
Generating API credentials
To generate API credentials for the Yokoy API:
Go to Admin > Developer (at the bottom of the Admin menu). To create new API credentials, click Generate credentials.
Choose OAuth Credentials and click Generate credentials.
Enter a name to describe the API credentials. The name helps you to identify the credentials. The name must be unique. You cannot continue until a unique name has been entered. Click Next.
Copy the Client ID and Client secret and store them safely(i.e. in a protected file). The credentials are unique and non-recoverable. Store them in a secure location for subsequent reference. To continue, you must acknowledge that you have copied the ID and secret.
API credentials do not expire. You can revoke the credentials at any stage during this period. If you should lose your API credentials, you must revoke access and generate new credentials.
You can generate multiple API credentials for use in different applications.
API credentials are not automatically revoked if you generate more than one set of credentials.
The Developers page displays all API credentials that have been generated or revoked, including the user who requested the credentials, the date on which they were requested.
Revoking access
To revoke the access provided by the API credentials:
In the Developers page, click the action Revoke access.
Click Revoke access to confirm and remove the token.
π§ Caution
If you revoke access, any other applications or scripts using these credentials will no longer be able to access Yokoy.
As a result, the API credentials now appear in the Developer page with the status Revoked and the name of the user who revoked it and the revoke date.