A User who attempts to access the resources in an Organization needs to provide the username and password that were used to sign up with Bill.com, and the Organization ID and Dev Key that were shared once API access was granted.
Once all this information is passed to the Login endpoint and they are successfully authenticated, a Session ID is returned. This Session ID is required to access the APIs.
Multi Factor Authentication
Additionally, the pay bills, send network invitations, send vendor invitations, and manage vendor bank accounts endpoints are Multi Factor Authentication (MFA) protected. Before calling these APIs you need to make sure you follow the MFA workflow and mark your session as a trusted session.
|MFA Challenge||Generates and returns a challenge ID, and sends a token to your mobile device that is registered with Bill.com.|
|MFA Authenticate||Validates the challenge ID, and the token that was sent to the users mobile device. Upon success, the user’s session is marked as trusted.|
|MFA Status||Checks the current user's Multi-Factor Authentication (MFA) session status. The status informs developers if the session is still trusted, or if the user needs to go through MFA Authenticate again before attempting to use one of the MFA protected endpoints.|
Once you have gone through the MFA workflow, and have the MFA ID that you get after calling MFA Authenticate and the Device ID you gave your device when calling MFA Authenticate, you can use them to log in and mark your session as trusted.
Note: See Multi-factor authentication (MFA)/2-step verification in the Bill.com Help for more information about all the security measures in place for your Bill.com account operations.
- Want to know more about adding a bank account, users, and account tracking segments to your Organization? See Organization.
- Want to know how your account receivables are handled within Bill.com? See Accounts Receivable.
- Want to know how your account payables are handled within Bill.com? See Accounts Payable.