Finvo
Log in
Back to API Keys

API Keys Help

Everything you need to know about using Finvo API keys

An API key is a unique code that identifies your account when you make requests to the Finvo API. Think of it like a password that your applications or scripts use to prove they're allowed to generate invoices on your behalf.

API keys belong to your entire account, not to individual users. Anyone with access to your API key can perform actions as if they were you.

You need an API key if you want to:

  • Generate invoices automatically from your own software or scripts
  • Integrate Finvo with other tools (like your CRM or accounting system)
  • Build custom workflows that create invoices without manually logging into the dashboard

If you only use the Finvo dashboard to create invoices manually, you do not need an API key.

To generate a new API key:

  1. Go to the API Keys page in your dashboard
  2. Click Generate New Key
  3. Give your key a descriptive name (e.g., "Production Server" or "Automation Script")
  4. Click Generate

Your new API key will appear once. Copy it immediately and store it somewhere safe. You won't be able to see the full key again after you leave the page.

If you lose your key, you'll need to generate a new one and update any applications that use it.

To use your API key, include it in the Authorization header of your HTTP request as a Bearer token.

Example request:

curl -X POST https://api.finvo.com/generate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "invoice_number": "INV-001",
    "recipient": {
      "name": "Acme Corp",
      "email": "billing@acme.com"
    },
    "line_items": [
      {
        "description": "Consulting services",
        "quantity": 10,
        "unit_price": 150.00
      }
    ]
  }'

Replace YOUR_API_KEY with your actual API key. For complete examples and detailed integration guide, see the full API documentation.

API keys are sensitive credentials. Treat them like passwords:

  • Never share your API key in public places like GitHub, forums, or chat rooms
  • Store keys in environment variables or secure credential storage, not in your code
  • Use different keys for different environments (e.g., one for testing, one for production)
  • Limit who has access to your API keys within your team
  • Rotate keys regularly as a security best practice

If you think your API key has been exposed or compromised, revoke it immediately and generate a new one.

Revoking a key means permanently disabling it. Once revoked, the key can no longer be used to make API requests.

To revoke a key:

  1. Go to the API Keys page
  2. Find the key you want to revoke
  3. Click Revoke
  4. Confirm the action

Rotating a key means generating a new key and replacing the old one in your applications. To rotate a key, generate a new key, update your applications to use it, then revoke the old key once you've confirmed everything works.

We recommend rotating keys every few months as a security best practice, and immediately if you suspect a key has been compromised.