API - Application Programming Interface

help

API - Get Started

InvoiceTab offers Application Programming Interface (API) to help you integrate with our invoicing platform. With API, you can integrate your existing applications, such as membership systems, accounting software, inventory management, timesheet application, ticketing systems and/or mobile applications.

Our API uses XML to communicate and it is language neutral. This allows you to use any programming language. Simply post the request SML string to: https://www.invoicetab.com/invoices/api_service.php. Our API will respond in xml.

This document assumes you have a basic understanding of programming language and web application terms.
NOTE: API services are still in development. Some API is not completed yet. Please make us aware if there is a particular service you would like to have. Thank you!

API Requirements

To access InvoiceTab API, you need:

  1. An eligible InvoiceTab account.
  2. Login to InvoiceTab.com as the admin and set up the API private key.
  3. A developer to integrate with InvoiceTab.
  4. An Internet connection to invoke our API.

How to get API Key?

Login to InvoiceTab.com account as the admin. Click "Tools" on top, then click the "Manage API Private Key" link. The dialog is loaded with the API private key masked. Click the "Get API Key" button to retrieve the private key. If you update the private key, please remember to change the API private key on your application side.

How does it work?

Our API can be invoked by HTTPS POST or HTTPS GET. You always post the request XML with parameter name "req" to the same URL: https://www.invoicetab.com/invoices/api_service.php and the XML request must be form-URL encoded.

Your request XML has an action element to indicate which service you want to invoke. The key_hmac value authenticates that your request is truly from you.

Here is a sample Request XML to create client profiles:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?xml version="1.0" encoding="UTF-8"?>
<request xsi:schemaLocation="http://invoicetab.com/clients/request clients_request.xsd" xmlns="http://invoicetab.com/clients/request" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<authentication>
              <handle>127.0.0.1</handle>
              <request_time_seconds>1339102350</request_time_seconds>
              <key_hmac>12aee677db8d149bb3ca1f5b94d1949e266619a5990b11462070ed4f49109160</key_hmac>
	</authentication>
	<action>client_create</action>
	<client_create>
		<client>
			<username>bobsmith</username>
			<password>bob475</password>
			<user_group_id>2</user_group_id>
			<email>bsmith@hotmail.com</email>
			  ...
		</client>
		<client>
			<username>sbaker</username>
			<password>Y748high4</password>
			<user_group_id>2</user_group_id>
			 ...
			<last_update>2001-12-17T09:30:47Z</last_update>
		</client>
		<client>
			<username>jen2012</username>
			<password>jwoods4024</password>
			<user_group_id>2</user_group_id>
			<email>jenwoods@gmail.com</email>
			 ...
		</client>
	</client_create>
</request>

One sample response document looks like:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?xml version="1.0" encoding="UTF-8"?>
<response xmlns="http://invoicetab.com/clients/response" version="1.0">
	<status>
		<code>MIXED</code>
		<message>1 records were skipped. Please exam these records. </message>
		<errors>
			<error>
				<level>ERROR</level>
				<message>Username sbaker is too short or already taken. Record skipped, record number: 2</message>
			</error>
		</errors>
	</status>
	<client_create>
		<count_created>2</count_created>
		<count_skipped>1</count_skipped>
		<clients>
			<client>
				<client_id>118</client_id>
				<username>bsmith</username>
				<fullname>Bob Smith</fullname>
				<email>bsmith@hotmail.com</email>
			</client>
			<client>
				<client_id>0</client_id>
				<username>sbaker</username>
				<fullname>Sam Baker</fullname>
				<email>sam.baker@gmail.com</email>
			</client>
			<client>
				<client_id>119</client_id>
				<username>jen2012</username>
				<fullname>Jenny Woods</fullname>
				<email>jenwoods@gmail.com</email>
			</client>
		</clients>
	</client_create>
</response>

The required for request

The request XML is validated against the request XML schema before InvoiceTab processes it. The XML schema clearly defines which fields are required as well as the input limits. For different request actions, the required fields are different. Please refer to the XML schema for details.

Keeping the above information in mind, all API requests are required to have the following fields:

  1. handle, which is the handle string you picking during signup. The handle value can also be found in the Tools->Get API URL Address page.
  2. request_time_seconds, which is the time in seconds since Epoch when the request XML is created.
  3. key_hmac, which is HMAC-SHA256 hashed code of handle and the requested time in seconds (this is the same number of seconds you used above).
  4. action, which indicates which service you are calling.


Also, note your XML string must have a proper namespace string defined in the root element. For example, any client-related API request must have http://invoicetab.com/clients/request as namespace. You may use the schema XSD file to generate a sample request document.