What the API is
LAC runs your company’s accounting as a service. The API is a window into that service — the same one the portal uses. It is read-heavy by design: your books are produced by LAC, and the API lets you read them in full and feed evidence and instructions back in.- Books & GL — canonical general-ledger rows, paginated, by month, quarter, or year.
- VAT — per-period VAT view, previews, drafts, and filed returns.
- Financial statements — income statement, balance sheet, and cash flow, with drill-down to the transactions behind any line.
- Documents — upload receipts, invoices, and contracts as evidence; track ingest state.
- Björn — message the AI accountant and read the conversation.
- Filings — review requests, standing filing authorization, published output packages.
- Invoicing — draft, send, credit, and remind; manage billing customers and recurring templates.
- Payroll — stays in the portal: payroll data and actions require an interactive admin/approver in the portal UI and are not available to API keys.
- Connections — health and syncs for bank, Stripe, Procountor, Fennoa, inbox, and Sheets connections.
Get an API key
API keys are created in the portal: Settings → API access. Only company admins can create them. Each key:- starts with
lac_sk_and is shown once at creation — store it immediately; - is pinned to one company, so you never pass a company identifier (accounts with multiple businesses mint one key per business);
- carries one scope,
readorwrite; - can be revoked at any time from the same settings page.
Scopes
| Scope | What it allows |
|---|---|
read | Read-only access to everything: books, VAT, statements, analytics, documents, messages, filings, invoices, connections, imports. |
write | Everything read allows, plus operator-level actions: upload documents, message Björn, draft and send invoices, request filing reviews, trigger connection syncs. |
Even a
write key can never touch payroll (payroll stays in the portal), change company settings, grant portal access, or manage API keys. Those require an interactive admin or approver signed in to the portal.Quickstart
Authenticate every request with your key as a bearer token. Fetch your company overview:Base URL
https://api.app.lastaccountingcompany.com/portal
Conventions
- JSON in and out,
snake_casefield names. - Amounts are integer cents; rates are basis points (
2550= 25.5%, the Finnish standard VAT rate). - Periods are
YYYY-MM; ranges acceptYYYY-MM,YYYY-Qn,YYYY,all,this_month, orlast_6_months. - Errors return a non-2xx status with
{"error": "...", "detail": "..."}. customer_idis optional everywhere — API keys are pinned to one company.
Keep your keys safe
- Store keys in environment variables or a secret manager — never in source code, config files under version control, or client-side code.
- Use
readscope unless you need writes. Analysis, dashboards, and reporting agents should run on read-only keys. - Revoke on suspicion. Any admin can revoke a key instantly in Settings → API access; issue a new one afterwards.
- API keys are company credentials, not personal ones — they keep working if the person who created them leaves. Revoke or rotate keys in Settings → API access when an admin departs.
- Every action is tenant-isolated and audited. A key can only ever see and touch its own company, and every request is attributed to the key that made it.