bexio API: The Complete 2026 Guide for Swiss Freelancers
Connect Switzerland's most popular business software with virtually any tool you use. OAuth 2.0 setup, code examples, and the critical 2025 authentication migration explained.
Stop the Manual Data Entry.
Automate Everything.
You're spending hours on manual data entry between your tools. Your invoicing app doesn't talk to your CRM. Your e-commerce store requires copy-pasting orders into accounting software. The bexio API solves this—connecting 40,000+ Swiss businesses with virtually any other tool.
5+ Hours Weekly
Lost to manual data entryDisconnected Tools
Apps that don't talk to each otherCopy-Paste Chaos
Orders manually entered into accountingWhat Is the bexio API?
An API (Application Programming Interface) lets different software systems exchange data automatically. The bexio API is a RESTful interface that exposes bexio's core features—contacts, invoices, accounting, inventory—to external applications.
In practical terms: Instead of manually creating an invoice in bexio after completing a project, your project management tool can trigger automatic invoice creation. Instead of copying customer details from your webshop, orders flow directly into bexio.
The API uses HTTPS and JSON format, making it compatible with any programming language. bexio currently offers API version 3.0.0.
What You Can Automate
| Function | API Capability |
|---|---|
| Contacts | Create, update, list clients and suppliers |
| Invoices | Generate, send, track payment status |
| Orders | Create from external systems, update status |
| Products | Sync inventory, update stock levels |
| Accounting | Fetch accounts, record transactions |
| Projects | Create, assign, track time |
2025 Authentication Migration
If you have existing bexio API integrations, read this first.
bexio is decommissioning idp.bexio.com on 31 March 2025. All applications must migrate to the new identity provider:
Old: https://idp.bexio.com
New: https://auth.bexio.com/realms/bexio
For most applications, migration requires only updating the authorization and token endpoint URLs. However, if you haven't migrated by the deadline, your integration will stop working.
Migration checklist:
- Update authorization URL in your app configuration
- Update token endpoint URL
- Test the complete OAuth flow before March 2025
- Monitor bexio's status page at bexio-status.com for announcements
No-Code Integration
For Non-Developers
Don't want to write code? You have options. bexio connects with 8,000+ apps through Zapier alone.
Zapier Integration
The fastest path to automation without programming. Connect to 8,000+ apps instantly.
- New/Updated Company triggers
- New/Updated Order triggers
- New Product triggers
- New/Updated Quote triggers
Make.com (Integromat)
More complex multi-step workflows than Zapier with conditional logic.
- Different invoice templates by client type
- Conditional routing based on order value
- Visual workflow builder
- Advanced data transformations
Pipedream
Visual workflow building with code flexibility for developers who want both.
- Pre-built bexio connectors
- Custom JavaScript/Python steps
- Bridge between no-code and full development
- Real-time event processing
Popular Zapier Automations for Freelancers
- Shopify → bexio: New order creates invoice automatically
- Toggl → bexio: Logged time entries sync to project
- HubSpot → bexio: New CRM contact creates bexio contact
- Gmail → bexio: Email attachment creates expense entry
Getting Started with the bexio API
Everything you need to know for your first integration
Prerequisites
- bexio Account: Any paid plan (Starter CHF 45/month, Pro CHF 75/month, Pro+ CHF 125/month). API access is included.
- Developer Portal Access: Visit the bexio Developer Portal and log in with your bexio credentials.
Creating API Credentials
- Navigate to "My Apps" in the developer portal
- Click "Create New App"
- Set a Redirect URL (required for OAuth flow)
- Save your Client ID and Client Secret immediately—you won't see the secret again
🔒 Security note: Never commit credentials to version control. Use environment variables or a secrets manager.
Authentication Deep Dive
bexio uses OAuth 2.0, the industry standard for API authorization. Understanding the dual authorization system is crucial.
Two Levels of Authorization
Level 1: Application Scopes When users connect your app, they grant specific permissions (scopes). Request only what you need—users see these permissions in the consent screen.
Available scope categories:
contact_show,contact_edit— Contact managementkb_invoice_show,kb_invoice_edit— Invoice accessaccounting_show— Read accounting dataarticle_show,article_edit— Product management
Level 2: User Rights API requests execute with the permissions of the user who authorized the connection. If that user lacks permission to delete invoices in bexio, your API can't delete invoices either.
OAuth 2.0 Flow
1. Your app redirects user to:
https://auth.bexio.com/realms/bexio/protocol/openid-connect/auth
?client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URL
&response_type=code
&scope=contact_show kb_invoice_edit
2. User logs in and approves permissions
3. bexio redirects to your URL with authorization code
4. Exchange code for tokens at:
https://auth.bexio.com/realms/bexio/protocol/openid-connect/token
5. Use access token for API requests
Token management:
- Access tokens are short-lived (typically 1 hour)
- Refresh tokens get new access tokens without user interaction
- Store refresh tokens securely and implement automatic token refresh
Implementation in Multiple Languages
Ready-to-use code snippets for Python, JavaScript, and PHP
Python
Python is popular among Swiss freelancers for automation scripts. While no official library exists, the community-maintained bexio-api-python-client provides a starting point.
import requests
BASE_URL = "https://api.bexio.com/2.0"
ACCESS_TOKEN = "your_access_token"
headers = {
"Authorization": f"Bearer {ACCESS_TOKEN}",
"Accept": "application/json"
}
# Fetch all contacts
response = requests.get(f"{BASE_URL}/contact", headers=headers)
contacts = response.json()
for contact in contacts:
print(f"{contact['id']}: {contact['name_1']}")
# Create new invoice
invoice_data = {
"contact_id": 1,
"title": "Project Work - January 2025",
"positions": [
{
"type": "KbPositionCustom",
"text": "Consulting Services",
"unit_price": "150.00",
"amount": "10"
}
]
}
response = requests.post(
f"{BASE_URL}/kb_invoice",
headers=headers,
json=invoice_data
)
print(response.json())
JavaScript (Node.js)
const axios = require('axios');
const BASE_URL = 'https://api.bexio.com/2.0';
const ACCESS_TOKEN = process.env.BEXIO_TOKEN;
const api = axios.create({
baseURL: BASE_URL,
headers: {
'Authorization': `Bearer ${ACCESS_TOKEN}`,
'Accept': 'application/json'
}
});
// Fetch contacts
async function getContacts() {
const response = await api.get('/contact');
return response.data;
}
// Create contact
async function createContact(contactData) {
const response = await api.post('/contact', {
contact_type_id: 1, // 1 = Company, 2 = Person
name_1: contactData.company,
name_2: contactData.name,
mail: contactData.email,
country_id: 1 // Switzerland
});
return response.data;
}
getContacts().then(contacts => console.log(contacts));
PHP
The onlime/bexio-api-client library on GitHub provides PHP integration:
<?php
require 'vendor/autoload.php';
use bexio\Client;
$client = new Client([
'clientId' => 'your_client_id',
'clientSecret' => 'your_client_secret',
]);
$client->setAccessToken('your_access_token');
// Get all contacts
$contacts = $client->getContacts();
// Create invoice
$invoice = $client->createInvoice([
'contact_id' => 1,
'title' => 'Web Development Services',
'positions' => [
[
'type' => 'KbPositionCustom',
'text' => 'Frontend Development',
'unit_price' => '120.00',
'amount' => '20'
]
]
]);
Note: Both Python and PHP community libraries cover only a subset of API methods. For complete functionality, you may need direct HTTP calls.
E-Commerce
Shopify/Shopware → bexio: Auto-generate invoices, sync contacts, update inventory
Time Tracking
Toggl → bexio: Sync logged time to projects, generate invoices from time entries
CRM
HubSpot → bexio: Sync deals and contacts, auto-invoice on close
Accounting
Bank feeds → bexio: Reconcile payments, track expenses automatically
Real-World Integration Examples
E-Commerce: Shopify + bexio
The Shopware-bexio integration demonstrates what's possible:
- Automatic invoice generation based on payment method
- Contact creation from customer accounts
- Order status synchronization
- Inventory updates across platforms
For Shopify, use Zapier or build a custom integration that:
- Listens for new Shopify orders (webhook or polling)
- Creates/updates bexio contact from customer data
- Generates invoice with line items
- Optionally sends invoice automatically
Time Tracking: Toggl + bexio
Link your time tracking with invoicing:
- Create corresponding projects in both systems
- When time is logged in Toggl, sync to bexio project
- Generate invoice from accumulated time entries
- Include detailed time breakdown on invoice
CRM: HubSpot + bexio
Keep sales and accounting aligned:
- New HubSpot deal closed → Create bexio invoice
- HubSpot contact updated → Sync to bexio contact
- bexio invoice paid → Update HubSpot deal status
API Limitations
& Workarounds
Being transparent about what the API can't do saves you hours of frustration. bexio's API has limitations—but knowing them upfront helps you plan better.
No Native Webhooks
Use polling or Zapier as workaroundsUndocumented Rate Limits
Implement backoff and cachingNo Sandbox Environment
Test with real data carefullyWorkarounds for No Webhooks
- Polling: Check for changes periodically (every 5-15 minutes)
- Zapier: Uses polling but handles the infrastructure
- Third-party webhook services: Some integration platforms offer pseudo-webhook functionality
Handling Rate Limits
Based on community experience:
- Implement exponential backoff on 429 errors
- Cache responses where possible
- Batch requests when the API supports it
- Avoid unnecessary polling frequency
Limited Client Libraries
Official SDKs don't exist. Community libraries are incomplete. For production applications, expect to write some custom code.
Security Best Practices
Protect your integration and your clients' data
Server-Side Only
Never expose credentials client-side. Keep Client Secret and tokens server-side only.
Environment Variables
Use BEXIOCLIENTID, BEXIOCLIENTSECRET, BEXIOACCESSTOKEN
Token Rotation
Refresh tokens before expiry, handle refresh failures gracefully
Minimal Scopes
Request only permissions your integration actually needs
bexio Plans & API Access
Current plans as of 2025—all include API access
| Feature | Starter | Pro | Pro+ |
|---|---|---|---|
| Price | CHF 45/month | CHF 75/month | CHF 125/month |
| Users | 1 user | Up to 3 | Up to 25 |
| API Access | ✓ Included | ✓ Included | ✓ Included |
| bexio Go App | ✗ No | ✓ Included | ✓ Included |
| Free Trial | 30 days | 30 days | 30 days (Pro+ features) |
When bexio API Is Overkill
Not every Swiss freelancer needs API integration. If you send fewer than 10 invoices monthly, don't use multiple business tools, or find OAuth 2.0 intimidating—consider simpler alternatives. Magic Heidi offers streamlined invoicing for Swiss freelancers at CHF 30/month. No API complexity required.
Frequently Asked Questions
Is the bexio API free?
Yes, API access is included with all paid bexio plans (starting CHF 45/month).
What programming languages work with the API?
Any language that can make HTTP requests—Python, JavaScript, PHP, C#, Ruby, Go, etc.
Can I use the API without coding?
Yes. Zapier and Make.com offer no-code automation with bexio.
Does bexio support webhooks?
Not natively. Use polling or Zapier as workarounds.
What are the API rate limits?
Not publicly documented. Implement backoff and caching as precautions.
Is there a test/sandbox environment?
No. Test with real data carefully.
When must I migrate authentication?
Before 31 March 2025. The old idp.bexio.com endpoint will stop working.
Need Simpler Swiss Invoicing?
Magic Heidi handles QR invoices, expenses, and VAT—available on every platform. No API complexity required.