Conventions
Base URL:https://api.app.lastaccountingcompany.com/portal
- Auth:
Authorization: Bearer lac_sk_...on every request. Keys are created in the portal (Settings → API access) and carry areadorwritescope. AllGETendpoints needreadand all mutations needwrite— except payroll, where every endpoint (reads included) is not for API keys; those and a few other endpoints return403because they need an interactive admin or approver in the portal. - JSON in and out,
snake_casefields. - Amounts are integer cents. Rates are basis points (
2550= 25.5%). Periods areYYYY-MM. - Ranges:
YYYY-MM|YYYY-Qn|YYYY|all|this_month|last_6_months. customer_idis an optional parameter everywhere — API keys are pinned to one company, so you can omit it.- Errors: non-2xx status with a body of
{"error": "...", "detail": "..."}(401missing/invalid token,403insufficient scope or role,404not found,422validation failure).
Limits
- Document uploads: at most 20 files and 25 MB per request.
- Sheet pagination:
limitis capped at 200 rows per page.
Not for API keys
Some endpoint families serve the portal UI and require an interactive admin or approver session (Firebase token); API keys receive403:
- Payroll — every payroll endpoint, reads included.
- Company settings —
POST /company/settings. - API key management —
GET/POST /api-keys,DELETE /api-keys/{key_id}. A key can never mint or revoke keys.