Getting started
The Tabba Public API lets you drive invoicing and revenue recognition from your own tooling — the same product you operate through our UI, now callable from your PM tool or automation stack.
Base URL
https://www.tabba.io/api/v1
All endpoints live under this prefix. The URL major (/v1) is
additive-only — new fields and endpoints may be added, but nothing you
already integrate against will break within a major.
Your first call
Mint an API key in Settings → Developers (an admin only permission).
The raw tpk_… secret is shown once at creation. Store it in your
integration's secret manager and drop the value into an
Authorization: Bearer … header.
curl https://www.tabba.io/api/v1/config \
-H "Authorization: Bearer $TABBA_API_KEY"
const res = await fetch('https://www.tabba.io/api/v1/config', {
headers: { Authorization: `Bearer ${process.env.TABBA_API_KEY}` },
})
const config = await res.json()
console.log(config.base_currency) // "DKK"
What each key can do
A key is bound to one connected Dinero integration and to a scope:
| Scope | Verbs | Use case |
|---|---|---|
read | GET | Dashboards, BI, read-only sync from PM tool |
read_write | all | Full drive: create/edit/issue invoices, register work |
A read key on a write endpoint returns 403 with a typed error code —
no ambiguity to parse.
There is no sandbox
Tabba does not host a test mode. There are no tpk_test_ keys and no
hosted fake-Dinero sandbox. Build against your live integration using a
throwaway customer and product — a name like Test Corp and a product
INTEGRATION-TEST are fine. When your integration is working, delete
those records the same way you would any other resource.
We chose no-sandbox deliberately: a sandbox that drifts from production is worse than a live account you can control. Every failure mode you would hit in test — an unbookable credit note, a rate limit, a Dinero timeout — is a failure mode you can hit in production, and there is no substitute for exercising the real path.
Where to go next
- Authentication — key format, headers, rotation.
- external_id and idempotency — how Tabba correlates your resources with theirs without you ever holding a Tabba UUID.
- Work registration — sending hours and completion into the same recognition engine the UI uses.
- Issuance and auto-send — driving invoice issuance explicitly, or letting the cron do it.
- Webhooks — signed events for changes your integration did not trigger (auto-issued invoices, month-end accruals, Dinero reconcile writes).
- Errors — the machine-readable envelope and every code you can branch on.
- Pagination — cursor-based lists
with
updated_sincefiltering.