About Login
Login to your Bill.com sandbox developer account. In response, your API session is created and a sessionId
is generated. Use the sessionId
value in all subsequent calls to confirm that you are in a logged in session.
If the API session is inactive or idle for 35 minutes, the session expires and you are automatically logged out.
Note: After logging in the first time, making any subsequent call resets the 35 minutes timer. You are required to login again and generate a new sessionId
only when the session is inactive or idle for 35 minutes.
MFA for login
The following protected endpoints require Multi-Factor Authentication (MFA) for login with a trusted API session:
- Invite a vendor to setup ePayments with SendVendorInvite
- Add a vendor bank account with VendorBankAccount
- Pay a vendor using Bill.com with PayBills
- Invite a customer with SendInvite
Login with an MFA trusted API session is a three-step process:
- Login to generate a
sessionId
- Create a MFA challenge ID and send a token to your mobile device with MFAChallenge
- Validate the challenge ID and token with MFAAuthenticate. At this point, the login
sessionId
is MFA trusted.
Note: See Multi-factor authentication (MFA)/2-step verification in the Bill.com Help for more information about all the security measures in place for your Bill.com account operations.
Example
Request
<API_Base_URL>/Login.json
curl --request POST \
'https://api-sandbox.bill.com/api/v2/Login.json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'userName={username}' \
--data 'password={password}' \
--data 'orgId={organization_ID}' \
--data 'devKey={developer_key}'
Response (successful)
{
"response_status" : 0,
"response_message" : "Success",
"response_data" : {
"sessionId" : "{session_ID}",
"orgId" : "{organization_ID}",
"apiEndPoint" : "https://api-sandbox.bill.com/api/v2",
"usersId" : "{user_ID}"
}
}
Response (failed)
{
"response_status" : 1,
"response_message" : "Error",
"response_data" : {
"error_code" : "BDC_1111",
"error_message" : "No active user for: admin@youremail.com, yourOrgId."
}
}
Setting timers for login
You can set a timer at login and then reset the timer at every subsequent API call. With this logic, you login again only when the session is about to expire.
In this example, a timer is set for 34 minutes (one minute before the login timer expires). At every subsequent API call, the timer is canceled and a new timer is started. Only when the timer expires, you login again and retrieve a new sessionId
.
timer_example.py
from threading import Timer
// Login API call (new sessionId generated)
// Set a timer for 34 minutes
// (one minute before the timer expires)
def newTimer():
global t
t = Timer(2040, {Login API call})
// Start the timer
newTimer()
t.start()
// Reset the timer at every subsequent API call
t.cancel()
newTimer()
t.start()
Parameters
Request parameters
Field Name | Description | Required? |
---|---|---|
userName | The email that is used to login to the Bill.com account. | Yes |
password | The password that is used to login to the Bill.com account. | Yes |
orgId | The organization ID that was shared when API access was provisioned. | Yes |
devKey | The developer key that was shared when API access was provisioned. | Yes |
mfaId | Optional, if passed with deviceId the pair is validated and the API session is marked as trusted | No |
deviceId | Optional, if passed with mfaId the pair is validated and the API session is marked as trusted | No |