For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Contact UsDashboard
DocumentationAPI ReferenceChangelog
DocumentationAPI ReferenceChangelog
  • Get Started
    • Welcome
    • What is Ottimate?
    • Integration Journey
    • Sandbox Environment
    • Authentication
    • API Limits
    • Idempotency
    • Release Plan
  • Account Set Up
    • Onboarding an Ottimate account
    • Accounting Integration
  • Invoice Capture
    • Overview
  • Accounts payable
    • Overview
    • Purchase Orders
    • Purchase Receipts
    • Invoices
  • Catalog
    • Overview
    • Catalog-Entries
LogoLogo
Contact UsDashboard
On this page
  • Getting Started
  • Step 1: Account Onboarding
  • Step 2: Obtain API Key
  • Step 3: Create OAuth Application
  • Step 4: Request Access Token
  • Making API Requests
  • Environments
  • Token Management
Get Started

Authentication

Get started with the Ottimate API
Was this page helpful?
Previous

API Limits

Rate limits, quotas, and timeouts for the Ottimate API
Next
Built with

The Ottimate API uses OAuth2 Client Credentials with an API Key. Both the X-API-Key and Authorization: Bearer headers are required on all API requests.

Getting Started

Step 1: Account Onboarding

Ensure your client account is properly onboarded with all features configured by Ottimate.

Step 2: Obtain API Key

Your Ottimate Partner Manager will provision an API Key for each client account. If you’re a system integrator working with multiple clients, each account will have a separate key.

Step 3: Create OAuth Application

Currently, your Ottimate Partner Manager will create OAuth application and provide you with:

  • Client ID
  • Client Secret
Keep your Client Secret secure. Never expose it in client-side code or version control.

Step 4: Request Access Token

Exchange your credentials for an access token:

$curl -X POST https://sandbox-api.ottimate.com/v1/oauth/token \
>  -H "X-API-Key: YOUR_API_KEY" \
>  -H "Content-Type: application/x-www-form-urlencoded" \
>  -d "grant_type=client_credentials" \
>  -d "client_id=YOUR_CLIENT_ID" \
>  -d "client_secret=YOUR_CLIENT_SECRET" \
>  -d "scope=accounts.can_access_dashboard"

Response:

1{
2  "access_token": "Ou1iHg7dBwcUdAugFU1vbWQjXWAwhg",
3  "expires_in": 31536000,
4  "token_type": "Bearer",
5  "scope": "accounts.can_access_dashboard"
6}
Currently, only the accounts.can_access_dashboard scope is supported.

Making API Requests

Include both headers in all requests:

$curl -X GET https://sandbox-api.ottimate.com/v1/vendors \
>  -H "X-API-Key: YOUR_API_KEY" \
>  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Environments

EnvironmentBase URL
Sandboxhttps://sandbox-api.ottimate.com/v1
Productionhttps://api.ottimate.com/v1

Token Management

Access tokens expire after the duration specified in expires_in. Cache your token and request a new one when it expires or when you receive a 401 Unauthorized response.