API & integrations

The CashSheet REST API surface: base URL, authentication, common endpoints, pagination, rate limits, and how to get an API key.

← Back to Help Center

On this page

The API surface

Every feature in the silo UI is also exposed via REST. Common use cases:

  • Syncing customer master data from your CRM
  • Posting sales orders programmatically from a customer portal
  • Pulling invoice and payment data into a BI tool
  • Querying ATP from a sales-rep mobile app
  • Exporting financial statements into a consolidated reporting system

The API is versioned. Current version is v2; v1 is supported but deprecated for new integrations.

Base URL

Each silo's API is scoped to its own subdomain:

https://{your-slug}.cashsheets.com/api/v2/

For example, the BLYTHE silo's API root is https://blythe.cashsheets.com/api/v2/. There's no shared cross-tenant API endpoint by design — the silo boundary is enforced at the URL.

Authentication

API calls authenticate with a Bearer token in the Authorization header:

curl https://blythe.cashsheets.com/api/v2/customers/ \
  -H "Authorization: Bearer YOUR_API_TOKEN"

API tokens are scoped to a specific user — the API call has the same permissions as the user, applied via the same group/permission system the silo UI uses. Issue tokens from Profile → API Tokens in your silo.

Common endpoints

ResourceEndpointMethods
Customers/customers/GET, POST, PATCH
Vendors/vendors/GET, POST, PATCH
Items/items/GET, POST, PATCH
Sales Orders/sales-orders/GET, POST, PATCH
Invoices/invoices/GET, POST, PATCH
Bills/bills/GET, POST, PATCH
Payments/payments/GET, POST
Receipts/receipts/GET, POST
Journal Entries/journal-entries/GET, POST
Stock Movements/stock-movements/GET, POST
ATP Check/atp/check/POST
Reports/reports/{name}/GET

All endpoints return JSON. Full request/response schemas are in the OpenAPI spec served at /api/v2/openapi.json.

The ATP endpoint

The ATP endpoint is the most commonly-integrated. POST a payload describing the requested line item; get back feasibility plus the marginal price:

POST /api/v2/atp/check/
{
  "facility_id": "BLYTHE",
  "imps_code": "112A",
  "quantity_lb": 2400,
  "delivery_date": "2026-03-14"
}

200 OK
{
  "result": "feasible",
  "available_lb": 2400,
  "marginal_price_per_lb": 14.20,
  "source_facility": "BLYTHE",
  "solver_latency_ms": 64
}

Typical end-to-end latency from request to response is under 200 ms. Suitable for real-time UI like a sales-rep app or a customer-facing quote tool.

Pagination and filtering

List endpoints support standard pagination:

  • ?page=1&page_size=50 — page through results
  • ?ordering=-created_at — sort (prefix with - for descending)
  • ?search=acme — text search across the resource's indexed fields
  • Resource-specific filters — e.g. ?status=confirmed&customer=42 on sales orders

Default page size is 25, max is 200. Response envelope includes count, next, and previous URLs for cursor-style iteration.

Rate limits

Default rate limit is 1,000 requests per minute per API token. Burst allowance up to 100 requests/second.

Rate-limit headers are returned on every response:

  • X-RateLimit-Limit — your limit
  • X-RateLimit-Remaining — what's left in the current window
  • X-RateLimit-Reset — when the window resets (Unix timestamp)

Hit the limit and you get a 429 Too Many Requests with a Retry-After header. Higher limits available on enterprise plans — talk to your account manager.

Webhooks

Webhooks let your systems react to events in the silo without polling. Configure under Settings → Webhooks. Available events include:

  • sales_order.created / .confirmed / .shipped
  • invoice.posted / .paid
  • bill.posted / .paid
  • lp_solve.complete — fires when the LP solver finishes a run
  • atp.checked — fires for every ATP query (useful for analytics)

Webhooks are signed with HMAC SHA-256 — verify the X-CashSheet-Signature header against your endpoint's shared secret to confirm the payload is genuine.

Third-party integrations

Direct integrations with QuickBooks Online, Xero, and major ERPs are handled during onboarding rather than self-serve, so the migration is supervised end-to-end and opening balances land correctly. If you want one of these added, talk to your onboarding contact.

For DIY integrations to systems we don't cover natively, the REST API + webhooks above are the supported surface. We're happy to review your integration design — ping [email protected] with a one-page summary.

Getting an API key

  1. Sign in to your silo.
  2. Open Profile → API Tokens.
  3. Click Create token. Give it a descriptive name (e.g. crm-sync, bi-tool).
  4. Copy the token string immediately — we only show it once.
  5. Store the token in your secrets manager. Don't commit it to git, don't paste it in chat, don't put it in client-side code.

Tokens inherit your user's permissions. Best practice: create a dedicated “integration” user with only the permissions the integration needs, then issue the token under that user. Revoke any time from the same screen.

Related reading