Authentication
All API requests must include a valid API key in the Authorization header.
API key format
API keys use the prefix oim_ followed by 64 hexadecimal characters:
oim_a1b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef12345678
Using your API key
Include your key in every request as a Bearer token:
curl -X GET https://onlineinvoicemaker.com/api/v1/invoices \
-H "Authorization: Bearer oim_your_api_key_here"
Keep your API key secret
Your API key grants access to your business data. Never share it in client-side code, public repositories, or logs. If a key is compromised, revoke it immediately from the dashboard.
Creating an API key
- Navigate to Integrations > API Keys in your dashboard
- Click Create API Key
- Give it a descriptive name (e.g., "Zapier Integration")
- Select the appropriate scope
- Copy the key immediately — you will not be able to see it again
Scopes
Each API key has a scope that determines its permissions:
| Scope | Read | Write | Webhooks | Description |
|---|---|---|---|---|
all | Yes | Yes | Yes | Full access to all resources |
read | Yes | No | No | Read-only access to invoices, quotations, customers |
write | Yes | Yes | No | Read and write access to resources |
webhooks | No | No | Yes | Manage webhook subscriptions only |
Key management
Listing keys
View all your API keys in the dashboard. For security, only the first 12 characters of each key are shown (the prefix).
Revoking keys
Revoked keys stop working immediately. This action cannot be undone.
Expiration
You can optionally set an expiration date when creating a key. Expired keys automatically stop working.
Plan limits
| Plan | Max API Keys |
|---|---|
| Basic | 2 |
| Pro | 20 |
Error responses
| Status | Description |
|---|---|
401 | Missing or invalid Authorization header |
401 | API key not found, revoked, or expired |
403 | Key does not have the required scope for this endpoint |
429 | API key limit reached for your plan |
Example error:
{
"error": "Invalid API key"
}
Code examples
Node.js
const response = await fetch('https://onlineinvoicemaker.com/api/v1/invoices', {
headers: {
'Authorization': 'Bearer oim_your_api_key_here',
'Content-Type': 'application/json',
},
});
const data = await response.json();
Python
import requests
headers = {
'Authorization': 'Bearer oim_your_api_key_here',
'Content-Type': 'application/json',
}
response = requests.get(
'https://onlineinvoicemaker.com/api/v1/invoices',
headers=headers,
)
data = response.json()
PHP
$ch = curl_init('https://onlineinvoicemaker.com/api/v1/invoices');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer oim_your_api_key_here',
'Content-Type: application/json',
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response, true);