SmartBills Logo

Authentication

Learn how to authenticate your requests to the SmartBills API.

Authentication

Learn how to authenticate your requests to the SmartBills API.

API Keys

The SmartBills API uses API keys for authentication. Include your API key in the Authorization header of every request:

Authorization: Bearer YOUR_API_KEY

Keep Your API Key Secure

Your API key carries many privileges, so be sure to keep it secure! Do not share your API key in publicly accessible areas such as GitHub, client-side code, and so forth.

Getting Your API Key

  1. Log in to your SmartBills Dashboard
  2. Navigate to Settings > API Keys
  3. Click Create New API Key
  4. Give your key a descriptive name
  5. Copy the key and store it securely

Environment-Specific Keys

We recommend using different API keys for different environments:

  • Development: Use for testing and development
  • Staging: Use for pre-production testing
  • Production: Use for live applications

Authentication Examples

cURL

curl -X GET https://api.smartbills.com/v1/invoices \
  -H "Authorization: Bearer sk_live_abcd1234..."

JavaScript

const SmartBills = require('@smartbills/sdk');

const client = new SmartBills('sk_live_abcd1234...');

Python

import smartbills

client = smartbills.Client('sk_live_abcd1234...')

API Key Types

SmartBills uses different key prefixes to identify the key type:

PrefixEnvironmentDescription
sk_test_TestFor development and testing
sk_live_LiveFor production use

Security Best Practices

Use Environment Variables

Store your API keys in environment variables, not in your code:

# .env file
SMARTBILLS_API_KEY=sk_live_abcd1234...

const client = new SmartBills(process.env.SMARTBILLS_API_KEY);

Rotate Keys Regularly

  • Rotate your API keys periodically for security
  • Immediately rotate keys if you suspect they've been compromised
  • You can have up to 5 active keys per environment

Use Key Restrictions

When creating API keys, you can restrict them to:

  • Specific IP addresses
  • Specific endpoints
  • Read-only or full access

Webhook Authentication

Webhooks use a different authentication method. See the Webhooks documentation for details on webhook signature verification.

Troubleshooting

Common Authentication Errors

401 Unauthorized

  • Check that your API key is correct
  • Ensure you're using the Bearer prefix
  • Verify the key is for the correct environment

403 Forbidden

  • Your API key may not have permission for this action
  • Check if your key has been restricted

Invalid API Key Format

  • API keys should start with sk_test_ or sk_live_
  • Ensure there are no extra spaces or characters

Next Steps

Getting Started

Learn how to integrate SmartBills API into your application and start extracting invoice data.

Installation

Learn how to install and set up the SmartBills API client libraries.