API Keys and Client Secrets
開発者
API
APIキー
セキュリティ
For server-to-server integrations where your own server accesses Receipt Roller, using an API key is simpler than OAuth. This page explains how to issue and manage API keys.
Issuing an API key
- Open "Developer" → "API Keys" from the business account management screen
- From "Issue New," enter a descriptive name for the intended use (e.g. "Nightly batch" or "Internal dashboard")
- Select the required scopes (read-only, read/write, etc.)
- Click the issue button and the API key will be displayed
Handling API keys
- The key is shown only once, immediately after issuance. Be sure to save it somewhere secure right away
- We recommend storing it in a server environment variable or a secrets management service
- Never embed it in client-side code (browsers or public apps)
- Issuing a separate key for each use case limits the blast radius if one is ever leaked
Rotation and revocation
- We recommend periodically issuing a new key and revoking the old one
- When a person responsible leaves, immediately revoke the corresponding key
- Access with a revoked key is denied immediately
Detailed developer information
For how to send the key in request headers, rate limits, and error behavior, see the developer help.
https://receiptroller.io/en/developer/help
Related articles
Published: 2026-04-15
Updated: 2026-07-02
Related articles
-
Registering an OAuth AppLearn how to register an external app that connects to Receipt Roller using OAuth 2.0.
-
Developer API OverviewLearn about the Receipt Roller developer API and the steps to get started. Available on Starter plan and above.
-
Webhooks and Event NotificationsLearn how to register webhooks and which events ReceiptRoller sends notifications for.