Perk uses the Yokoy API for spend management. The Yokoy API is a REST API that allows accounts to submit expenses, consult transactions, and manage invoices in Perk. Only account admins can request API credentials for the Yokoy API.
Tip: New to the Spend API? Check out Yokoy Developer.
API credentials are account scoped. This means that they have permissions to modify master data for different legal entities.
When you request API credentials, you receive the client ID and client secret that are used to generate an access token for the Spend API. The generated access token must be used to authenticate all calls to the API. In addition, you need the organization ID for your account. You can find this information in the top right corner in Developer tools > Spend tools.
To generate an access token in the API, see Authentication and authorization. API credentials are valid for the entire organization, regardless of who submits the calls.
You can generate the API credentials in the Access credentials tab.
Generating API credentials
To generate API credentials for the Yokoy API:
- Go to Developer tools > Spend tools. In the Access credentials tab, to create new API credentials, click Generate credentials.
-
Choose OAuth Credentials and click Generate credentials.
- Enter a name to describe the API credentials. The name helps you to identify the credentials. The name must be unique. You cannot continue until a unique name has been entered. Click Next.
- Copy the Client ID and Client secret and store them safely(i.e. in a protected file). The credentials are unique and non-recoverable. Store them in a secure location for subsequent reference. To continue, you must acknowledge that you have copied the ID and secret.
API credentials do not expire. You can revoke the credentials at any stage during this period. If you should lose your API credentials, you must revoke access and generate new credentials.
You can generate multiple API credentials for use in different applications. API credentials are not automatically revoked if you generate more than one set of credentials.
Spend developer tools page displays all API credentials that have been generated or revoked, including the user who requested the credentials, the date on which they were requested.
Revoking access
To revoke the access provided by the API credentials:
- In the Spend developer tools page, click the action Revoke access.
- Click Revoke access to confirm and remove the token.
Caution: If you revoke access, any other applications or scripts using these credentials will no longer be able to access Spend data. As a result, the API credentials now appear in the Spend developers tools page with the status Revoked and the name of the user who revoked it and the revoke date.