> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lastaccountingcompany.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting started

> What the LAC customer API covers, how to get an API key, and your first requests.

Everything a customer can do in the LAC portal at [app.lastaccountingcompany.com](https://app.lastaccountingcompany.com) is available programmatically: read the general ledger, pull VAT positions and financial statements, upload documents, draft and send invoices, check your connections — and talk to Björn, the AI accountant who keeps your books. One [REST API](/api-reference), and the same capabilities as an [MCP server](/mcp-server) for AI agents.

## What the API is

LAC runs your company's accounting as a service. The API is a window into that service — the same one the portal uses. It is read-heavy by design: your books are produced by LAC, and the API lets you read them in full and feed evidence and instructions back in.

* **Books & GL** — canonical general-ledger rows, paginated, by month, quarter, or year.
* **VAT** — per-period VAT view, previews, drafts, and filed returns.
* **Financial statements** — income statement, balance sheet, and cash flow, with drill-down to the transactions behind any line.
* **Documents** — upload receipts, invoices, and contracts as evidence; track ingest state.
* **Björn** — message the AI accountant and read the conversation.
* **Filings** — review requests, standing filing authorization, published output packages.
* **Invoicing** — draft, send, credit, and remind; manage billing customers and recurring templates.
* **Payroll** — stays in the portal: payroll data and actions require an interactive admin/approver in the portal UI and are not available to API keys.
* **Connections** — health and syncs for bank, Stripe, Procountor, Fennoa, inbox, and Sheets connections.

## Get an API key

API keys are created in the portal: **Settings → API access**. Only company admins can create them. Each key:

* starts with `lac_sk_` and is **shown once** at creation — store it immediately;
* is pinned to one company, so you never pass a company identifier (accounts with multiple businesses mint one key per business);
* carries one scope, `read` or `write`;
* can be revoked at any time from the same settings page.

### Scopes

| Scope   | What it allows                                                                                                                                                     |
| ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `read`  | Read-only access to everything: books, VAT, statements, analytics, documents, messages, filings, invoices, connections, imports.                                   |
| `write` | Everything `read` allows, plus operator-level actions: upload documents, message Björn, draft and send invoices, request filing reviews, trigger connection syncs. |

<Note>
  Even a `write` key can **never** touch payroll (payroll stays in the portal), change company settings, grant portal access, or manage API keys. Those require an interactive admin or approver signed in to the portal.
</Note>

## Quickstart

Authenticate every request with your key as a bearer token. Fetch your company overview:

```bash theme={null}
curl -H "Authorization: Bearer lac_sk_..." \
  https://api.app.lastaccountingcompany.com/portal/overview
```

Read June's general ledger:

```bash theme={null}
curl -H "Authorization: Bearer lac_sk_..." \
  "https://api.app.lastaccountingcompany.com/portal/sheet?tab=books&range=2026-06"
```

Ask Björn a question:

```bash theme={null}
curl -X POST \
  -H "Authorization: Bearer lac_sk_..." \
  -H "Content-Type: application/json" \
  -d '{"text": "Which purchases are still missing receipts for June?"}' \
  https://api.app.lastaccountingcompany.com/portal/messages
```

From here, the [API reference](/api-reference) covers every endpoint, and the [MCP page](/mcp-server) connects the same capabilities to Claude, Cursor, VS Code, or your own agents.

### Base URL

`https://api.app.lastaccountingcompany.com/portal`

### Conventions

* JSON in and out, `snake_case` field names.
* Amounts are **integer cents**; rates are **basis points** (`2550` = 25.5%, the Finnish standard VAT rate).
* Periods are `YYYY-MM`; ranges accept `YYYY-MM`, `YYYY-Qn`, `YYYY`, `all`, `this_month`, or `last_6_months`.
* Errors return a non-2xx status with `{"error": "...", "detail": "..."}`.
* `customer_id` is optional everywhere — API keys are pinned to one company.

## Keep your keys safe

* **Store keys in environment variables or a secret manager** — never in source code, config files under version control, or client-side code.
* **Use `read` scope unless you need writes.** Analysis, dashboards, and reporting agents should run on read-only keys.
* **Revoke on suspicion.** Any admin can revoke a key instantly in Settings → API access; issue a new one afterwards.
* **API keys are company credentials, not personal ones** — they keep working if the person who created them leaves. Revoke or rotate keys in Settings → API access when an admin departs.
* **Every action is tenant-isolated and audited.** A key can only ever see and touch its own company, and every request is attributed to the key that made it.
