> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lastaccountingcompany.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update company accounting settings (admin/approver only)

> Changes the fiscal year start month and/or VAT period length. Requires an interactive admin/approver session — NOT available to API keys (even write-scoped ones), which receive 403. `vat_period_valid_from` must be a period-aligned `YYYY-MM-DD` date.



## OpenAPI

````yaml /openapi.yaml post /company/settings
openapi: 3.1.0
info:
  title: LAC Customer API
  version: '2026-07-02'
  description: >
    The Last Accounting Company (LAC) is an AI-native accounting firm for
    Finnish SMBs:

    continuous reconciliation, daily close, real-time dashboards, and full Vero
    reporting.

    This API is the same surface the LAC customer portal UI uses. It gives you
    programmatic

    access to your books (read-only general-ledger views), financial statements,
    documents,

    invoicing, payroll, source-system connections, and the message channel to
    Björn, the

    accounting agent.


    ## Authentication


    Every request carries `Authorization: Bearer <token>`. Two token kinds are
    accepted:


    - **Portal API key** (`lac_sk_...`) — minted in portal Settings → API
    access. Keys have a
      scope of `read` or `write`. Read-scoped keys are refused on all mutating methods
      (POST/PATCH/DELETE). Write-scoped keys act as the `operator` role: they can never
      use payroll endpoints (reads included), change company settings, grant access, or
      manage API keys — those operations require an interactive admin/approver session.
    - **Firebase ID token** — the interactive session token used by the portal
    UI itself.


    API keys are pinned to a single company, so the `customer_id` parameter
    (query string on

    GETs, body field on writes) can always be omitted when authenticating with
    an API key.

    Interactive tokens with access to multiple companies use `customer_id` to
    select one.


    ## Conventions


    - All field names are `snake_case` on the wire.

    - Monetary amounts are **integer cents** (fields suffixed `_cents`).

    - Rates and percentages are **basis points** (fields suffixed
    `_basis_points`;
      10000 = 100%, e.g. Finnish standard VAT 25.5% = 2550).
    - Quantities on invoice lines are decimal strings (e.g. `"1"`, `"2.5"`).

    - Dates are `YYYY-MM-DD`; periods are `YYYY-MM`; ranges accept `YYYY-MM`,
    `YYYY-Qn`,
      `YYYY`, `all`, `this_month`, or `last_6_months`.

    ## Limits


    - Document uploads: at most 20 files and 25 MB per request.

    - Sheet pagination: `limit` is capped at 200 rows per page (0 =
    unpaginated).


    ## Errors


    Errors return a JSON envelope `{"error": "...", "detail": "..."}` with a
    conventional

    HTTP status code (401 missing/invalid token, 403 insufficient scope or role,
    404 not

    found, 422 validation failure).


    More at
    [docs.lastaccountingcompany.com](https://docs.lastaccountingcompany.com).
  contact:
    name: The Last Accounting Company
    url: https://docs.lastaccountingcompany.com
servers:
  - url: https://api.app.lastaccountingcompany.com/portal
    description: Production (note the /portal base path).
security:
  - apiKey: []
tags:
  - name: Company
    description: Company profile, identity, overview, and agent status.
  - name: Books
    description: >-
      Read-only windows into the canonical general ledger: the spreadsheet-style
      Books/VAT sheet, financial statements, and analytics. There is no
      cell-edit or batch-edit API — the books are maintained by LAC.
  - name: Documents
    description: Receipt/invoice/contract uploads and per-file ingest metadata.
  - name: Messages
    description: The chat channel to Björn, the accounting agent.
  - name: Filings
    description: Filing authorization, review requests, and produced output packages.
  - name: Invoicing
    description: >-
      Sales invoicing — drafts, sending (Maventa e-invoice / email PDF / PDF
      download), credit notes, reminders, recurring templates, and the
      invoice-customer register.
  - name: Payroll
    description: >-
      Payroll workspace — employees, tax cards, employer settings, draft runs,
      and payslips. Every payroll operation (reads included) requires an
      interactive admin/approver session and is NOT available to API keys.
  - name: Connections
    description: >-
      Source-system connections (bank, Stripe, Procountor, Fennoa, inbox/Gmail,
      Google Sheets) and service-connection requests/confirmations. Note: the
      browser-interactive OAuth start/complete flows (Yapily bank consent,
      Google OAuth) are portal-only and intentionally not part of this API — use
      the portal UI to establish a connection, then read and sync it here.
  - name: Imports
    description: Historical import runs (e.g. migrated books) and their artifacts.
  - name: API keys
    description: >-
      Manage portal API keys. These endpoints require an interactive admin
      session (Firebase token) and are NOT available to API-key bearers, which
      receive 403.
paths:
  /company/settings:
    post:
      tags:
        - Company
      summary: Update company accounting settings (admin/approver only)
      description: >-
        Changes the fiscal year start month and/or VAT period length. Requires
        an interactive admin/approver session — NOT available to API keys (even
        write-scoped ones), which receive 403. `vat_period_valid_from` must be a
        period-aligned `YYYY-MM-DD` date.
      operationId: updateCompanySettings
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                customer_id:
                  type: string
                  description: Target company. Optional for single-company sessions.
                fiscal_year_start_month:
                  type: integer
                  description: Month the fiscal year starts (1-12).
                vat_period_months:
                  type: integer
                  description: VAT reporting period length in months (e.g. 1, 3, 12).
                vat_period_valid_from:
                  type: string
                  description: Period-aligned effective date, `YYYY-MM-DD`.
      responses:
        '200':
          description: Updated company profile.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CompanyProfile'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
      security:
        - firebaseToken: []
components:
  schemas:
    CompanyProfile:
      type: object
      description: The company's registered details and accounting configuration.
      properties:
        customer_id:
          type: string
        legal_name:
          type: string
        business_id:
          type: string
          description: Finnish business ID (Y-tunnus).
        vat_number:
          type: string
        country_code:
          type: string
        currency:
          type: string
        fiscal_year_start_month:
          type: integer
          description: Month the fiscal year starts (1-12).
        vat_period_months:
          type: integer
          description: VAT reporting period length in months.
        vat_period_source:
          type: string
          enum:
            - dated
            - column
            - default
          description: Where the VAT period setting comes from.
        company_form:
          type: string
        statement_format:
          type: string
        editable:
          type: boolean
          description: Whether the caller may change settings (false for API keys).
    Error:
      type: object
      description: Standard error envelope.
      properties:
        error:
          type: string
          description: Machine-readable error message.
        detail:
          type: string
          description: Human-readable detail.
  responses:
    Unauthorized:
      description: Missing or invalid bearer token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >-
        Insufficient scope or role — e.g. a read-scoped key on a mutating
        method, or an API key on an admin/approver-only endpoint.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    apiKey:
      type: http
      scheme: bearer
      bearerFormat: lac_sk_...
      description: >-
        Portal API key minted in portal Settings → API access. Scope `read` or
        `write`; pinned to one company. Send as `Authorization: Bearer
        lac_sk_...`.
    firebaseToken:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Firebase ID token from an interactive portal session. Required for
        admin/approver-only operations (payroll approval, company settings,
        API-key management).

````