### Token Validation Response Examples Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Example JSON responses returned by the server when checking token status. Includes a successful response with expiration details and an error response for invalid tokens. ```json {"resource_owner_id":"12345","scope":["office_setting:write","user_setting:write","transaction:write","report:write","account:write","public_resource:read"],"expires_in":2775961,"application":{"uid":"[CLIENT_ID]"},"created_at":1648021265} ``` ```json {"error":"invalid_token","error_description":"アクセストークンが無効です","state":"unauthorized"} ``` -------------------------------- ### Get Access Token Info Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Retrieves metadata about the current access token, including its validity and remaining expiration time. ```bash curl https://expense.moneyforward.com/oauth/token/info \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` -------------------------------- ### GET /oauth/token/info Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Validates the provided OAuth access token and returns its expiration time and scope information. ```APIDOC ## GET /oauth/token/info ### Description Validates an OAuth access token and retrieves metadata including expiration time and authorized scopes. Use the expense domain for expense-related tokens and the payable domain for debt payment tokens. ### Method GET ### Endpoint https://expense.moneyforward.com/oauth/token/info or https://payable.moneyforward.com/oauth/token/info ### Parameters #### Headers - **Authorization** (string) - Required - Bearer [access_token] ### Request Example curl https://expense.moneyforward.com/oauth/token/info -H "Authorization: Bearer [ACCESS_TOKEN]" ### Response #### Success Response (200) - **resource_owner_id** (string) - The ID of the resource owner. - **scope** (array) - List of authorized scopes. - **expires_in** (integer) - Remaining time until expiration in seconds. - **application** (object) - Application details including UID. - **created_at** (integer) - Timestamp of token creation. #### Response Example { "resource_owner_id": "12345", "scope": ["office_setting:write", "user_setting:write"], "expires_in": 2775961, "application": {"uid": "[CLIENT_ID]"}, "created_at": 1648021265 } #### Error Response (401) - **error** (string) - Error code (e.g., "invalid_token"). - **error_description** (string) - Human-readable error message. - **state** (string) - Authorization state. ``` -------------------------------- ### Retrieve Office Information Response Example Source: https://context7.com/moneyforward/expense-api-doc/llms.txt This JSON structure represents the standard response format when querying office information from the Money Forward API. It includes fields such as office ID, name, zip code, and physical address. ```json { "offices": [ { "id": "office_abc123", "name": "株式会社サンプル", "zip": "100-0001", "address": "東京都千代田区..." } ] } ``` -------------------------------- ### Get Offices API Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Retrieves a list of offices accessible by the authenticated user. This API can be used to verify token functionality and obtain office IDs for subsequent API calls. ```APIDOC ## Get Offices API ### Description Retrieves a list of offices accessible by the authenticated user. This API can be used to verify token functionality and obtain office IDs for subsequent API calls. ### Method GET ### Endpoint - For Cloud Expense: `https://expense.moneyforward.com/api/external/v1/offices` - For Cloud Payable: `https://payable.moneyforward.com/api/external/v1/offices` ### Headers - **Authorization** (string) - Required - `Bearer YOUR_ACCESS_TOKEN` ### Response #### Success Response (200) - The response will be a JSON array of office objects. Each object typically contains an `id` and `name` field. #### Response Example ```json [ { "id": "office_id_1", "name": "Example Office 1" }, { "id": "office_id_2", "name": "Example Office 2" } ] ``` ``` -------------------------------- ### Validate Access Token via cURL Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Sends a GET request to the token information endpoint to verify the current access token. The request requires an Authorization header with a Bearer token. ```bash curl https://expense.moneyforward.com/oauth/token/info -H "Authorization: Bearer [アクセストークン]" ``` ```bash curl https://payable.moneyforward.com/oauth/token/info -H "Authorization: Bearer [アクセストークン]" ``` -------------------------------- ### List Offices Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Fetches a list of offices accessible to the authenticated user. Useful for verifying the token and obtaining office IDs for subsequent API calls. ```bash curl https://expense.moneyforward.com/api/external/v1/offices \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" ``` -------------------------------- ### Money Forward Cloud Expense & Payable API Overview Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Overview of the Money Forward Cloud Expense and Payable APIs, including their purpose, authentication method, and integration considerations. ```APIDOC ## Money Forward Cloud Expense & Payable API Overview ### Description The Money Forward Cloud Expense and Payable APIs provide a comprehensive set of tools for integrating expense and debt payment operations with external systems. Key use cases include integration with internal workflow systems, automatic data synchronization with accounting software, automated generation of expense reports, and streamlining invoice processing. ### Authentication The APIs utilize OAuth 2.0 for standard authentication. To integrate, you first need to obtain a Client ID and Client Secret through application registration, and then acquire an access token via the OAuth authorization flow. ### Key Considerations - **Token Expiration**: Access tokens have a validity period of approximately 32 days. It is recommended to implement automatic renewal using refresh tokens. - **Separate Services**: Cloud Expense and Cloud Payable are managed as separate services. If you intend to use both, you must register applications and manage tokens independently for each. ### Further Information For detailed API references, please refer to: - Cloud Expense API: [https://expense.moneyforward.com/api/index.html](https://expense.moneyforward.com/api/index.html) - Cloud Payable API: [https://payable.moneyforward.com/api/index.html](https://payable.moneyforward.com/api/index.html) ``` -------------------------------- ### Perform Authenticated API Request Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Demonstrates how to call an API endpoint by including the access token in the Authorization header. The token must be prefixed with 'Bearer'. ```bash curl https://expense.moneyforward.com/api/external/v1/offices -H "Authorization: Bearer [ACCESS_TOKEN]" ``` ```bash curl https://payable.moneyforward.com/api/external/v1/offices -H "Authorization: Bearer [ACCESS_TOKEN]" ``` -------------------------------- ### POST /oauth/token Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Exchanges an authorization code for an access token and refresh token. ```APIDOC ## POST /oauth/token ### Description Exchanges the authorization code obtained from the user approval flow for an access token and a refresh token. ### Method POST ### Endpoint https://expense.moneyforward.com/oauth/token (or payable.moneyforward.com) ### Parameters #### Request Body - **client_id** (string) - Required - The Client ID issued during application registration. - **client_secret** (string) - Required - The Client Secret issued during application registration. - **redirect_uri** (string) - Required - The redirect URI registered for the application. - **grant_type** (string) - Required - Must be 'authorization_code'. - **code** (string) - Required - The authorization code received from the redirect. ### Request Example curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d redirect_uri=[REDIRECT_URL] -d grant_type=authorization_code -d code=[認可コード] -X POST https://expense.moneyforward.com/oauth/token ### Response #### Success Response (200) - **access_token** (string) - The token used for API requests. - **refresh_token** (string) - The token used to obtain new access tokens. - **token_type** (string) - Type of token (usually Bearer). - **expires_in** (integer) - Expiration time in seconds. ``` -------------------------------- ### OAuth Authorization Endpoint Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Initiates the OAuth 2.0 authorization code grant flow to obtain user consent. The authorization code is valid for 10 minutes. ```APIDOC ## OAuth Authorization Endpoint ### Description Initiates the OAuth 2.0 authorization code grant flow to obtain user consent. The authorization code is valid for 10 minutes. ### Method GET ### Endpoint - For Cloud Expense: `https://expense.moneyforward.com/oauth/authorize` - For Cloud Payable: `https://payable.moneyforward.com/oauth/authorize` ### Query Parameters - **client_id** (string) - Required - Your application's client ID. - **redirect_uri** (string) - Required - The URL to redirect to after authorization. - **response_type** (string) - Required - Must be `code`. - **scope** (string) - Required - The requested permissions (e.g., `office_setting:write`, `transaction:write`). ### Request Example ``` https://expense.moneyforward.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://your-app.com/callback&response_type=code&scope=office_setting:write%20transaction:write%20report:write ``` ### Response Upon successful authorization, the user is redirected to the `redirect_uri` with an authorization code: `https://your-app.com/callback?code=AUTHORIZATION_CODE_HERE` ``` -------------------------------- ### OAuth2.0 Authorization URLs Source: https://context7.com/moneyforward/expense-api-doc/llms.txt URLs used to initiate the OAuth2.0 Authorization Code Grant flow. Users must visit these links in a browser to authorize the application and receive an authorization code. ```bash # クラウド経費の認可URL https://expense.moneyforward.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://your-app.com/callback&response_type=code&scope=office_setting:write%20transaction:write%20report:write # クラウド債務支払の認可URL https://payable.moneyforward.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://your-app.com/callback&response_type=code&scope=office_setting:write%20transaction:write ``` -------------------------------- ### Refresh Access Token Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Uses a refresh token to obtain a new access token and refresh token pair. This ensures continuous API access before the current token expires. ```bash curl -X POST https://expense.moneyforward.com/oauth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "grant_type=refresh_token" \ -d "refresh_token=YOUR_REFRESH_TOKEN" ``` -------------------------------- ### Issue Access Token Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Exchanges an authorization code for an access token and refresh token. Requires a POST request with application/x-www-form-urlencoded content type. ```bash curl -X POST https://expense.moneyforward.com/oauth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "redirect_uri=https://your-app.com/callback" \ -d "grant_type=authorization_code" \ -d "code=AUTHORIZATION_CODE" ``` -------------------------------- ### Access Token Info API Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Retrieves information about an access token, including its validity and expiration time. Used to check the status of a token. ```APIDOC ## Access Token Info API ### Description Retrieves information about an access token, including its validity and expiration time. Used to check the status of a token. ### Method GET ### Endpoint - For Cloud Expense: `https://expense.moneyforward.com/oauth/token/info` - For Cloud Payable: `https://payable.moneyforward.com/oauth/token/info` ### Headers - **Authorization** (string) - Required - `Bearer YOUR_ACCESS_TOKEN` ### Response #### Success Response (200) - **resource_owner_id** (string) - The ID of the resource owner. - **scope** (array of strings) - The scopes associated with the token. - **expires_in** (integer) - The remaining lifetime of the token in seconds. - **application** (object) - Information about the application that issued the token. - **uid** (string) - The client ID of the application. - **created_at** (integer) - The timestamp when the token was created. #### Response Example (Valid Token) ```json { "resource_owner_id": "12345", "scope": ["office_setting:write", "user_setting:write", "transaction:write", "report:write", "account:write", "public_resource:read"], "expires_in": 2775961, "application": {"uid": "YOUR_CLIENT_ID"}, "created_at": 1648021265 } ``` #### Error Response (Invalid Token) - **error** (string) - Indicates the error type, e.g., `invalid_token`. - **error_description** (string) - A human-readable description of the error. - **state** (string) - The state associated with the error, e.g., `unauthorized`. #### Response Example (Invalid Token) ```json { "error": "invalid_token", "error_description": "アクセストークンが無効です", "state": "unauthorized" } ``` ``` -------------------------------- ### Issue Access Token from Authorization Code Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Exchanges an authorization code for an access token and refresh token using a POST request. This requires the client credentials and the redirect URI defined during application registration. ```bash curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d redirect_uri=[REDIRECT_URL] -d grant_type=authorization_code -d code=[認可コード] -X POST https://expense.moneyforward.com/oauth/token ``` ```bash curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d redirect_uri=[REDIRECT_URL] -d grant_type=authorization_code -d code=[認可コード] -X POST https://payable.moneyforward.com/oauth/token ``` -------------------------------- ### POST /oauth/revoke Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Invalidates an existing access token. ```APIDOC ## POST /oauth/revoke ### Description Immediately invalidates an access token. ### Method POST ### Endpoint https://expense.moneyforward.com/oauth/revoke (or payable.moneyforward.com) ### Parameters #### Request Body - **client_id** (string) - Required - The Client ID. - **client_secret** (string) - Required - The Client Secret. - **token** (string) - Required - The access token to revoke. ### Request Example curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d token=[アクセストークン] -X POST https://expense.moneyforward.com/oauth/revoke ``` -------------------------------- ### Access Token Issuance API Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Exchanges an authorization code for an access token and a refresh token. This API uses the `application/x-www-form-urlencoded` content type. ```APIDOC ## Access Token Issuance API ### Description Exchanges an authorization code for an access token and a refresh token. This API uses the `application/x-www-form-urlencoded` content type. ### Method POST ### Endpoint - For Cloud Expense: `https://expense.moneyforward.com/oauth/token` - For Cloud Payable: `https://payable.moneyforward.com/oauth/token` ### Parameters #### Request Body - **client_id** (string) - Required - Your application's client ID. - **client_secret** (string) - Required - Your application's client secret. - **redirect_uri** (string) - Required - The URL used during the authorization request. - **grant_type** (string) - Required - Must be `authorization_code`. - **code** (string) - Required - The authorization code received from the authorization endpoint. ### Request Example ```bash curl -X POST https://expense.moneyforward.com/oauth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "redirect_uri=https://your-app.com/callback" \ -d "grant_type=authorization_code" \ -d "code=AUTHORIZATION_CODE" ``` ### Response #### Success Response (200) - **access_token** (string) - The access token for API authentication. - **token_type** (string) - The type of token, usually `Bearer`. - **expires_in** (integer) - The lifetime of the access token in seconds. - **refresh_token** (string) - The token used to obtain a new access token. - **scope** (string) - The granted scopes. - **created_at** (integer) - The timestamp when the token was created. #### Response Example ```json { "access_token": "ACCESS_TOKEN_HERE", "token_type": "Bearer", "expires_in": 2775961, "refresh_token": "REFRESH_TOKEN_HERE", "scope": "office_setting:write transaction:write report:write", "created_at": 1648021265 } ``` ``` -------------------------------- ### Refresh Access Token Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Uses a refresh token to obtain a new access token and refresh token pair when the current access token expires. ```bash curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d grant_type=refresh_token -d refresh_token=[REFRESH_TOKEN] -X POST https://expense.moneyforward.com/oauth/token ``` ```bash curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d grant_type=refresh_token -d refresh_token=[REFRESH_TOKEN] -X POST https://payable.moneyforward.com/oauth/token ``` -------------------------------- ### Access Token Refresh API Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Uses a refresh token to obtain a new access token and potentially a new refresh token. This is used to maintain API access after the current access token expires. ```APIDOC ## Access Token Refresh API ### Description Uses a refresh token to obtain a new access token and potentially a new refresh token. This is used to maintain API access after the current access token expires. ### Method POST ### Endpoint - For Cloud Expense: `https://expense.moneyforward.com/oauth/token` - For Cloud Payable: `https://payable.moneyforward.com/oauth/token` ### Parameters #### Request Body - **client_id** (string) - Required - Your application's client ID. - **client_secret** (string) - Required - Your application's client secret. - **grant_type** (string) - Required - Must be `refresh_token`. - **refresh_token** (string) - Required - The refresh token obtained previously. ### Request Example ```bash curl -X POST https://expense.moneyforward.com/oauth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "grant_type=refresh_token" \ -d "refresh_token=YOUR_REFRESH_TOKEN" ``` ### Response #### Success Response (200) - **access_token** (string) - The new access token. - **token_type** (string) - The type of token, usually `Bearer`. - **expires_in** (integer) - The lifetime of the new access token in seconds. - **refresh_token** (string) - The new refresh token (may be the same or different). - **scope** (string) - The granted scopes. - **created_at** (integer) - The timestamp when the new token was created. #### Response Example ```json { "access_token": "NEW_ACCESS_TOKEN", "token_type": "Bearer", "expires_in": 2775961, "refresh_token": "NEW_REFRESH_TOKEN", "scope": "office_setting:write transaction:write report:write", "created_at": 1650613265 } ``` ``` -------------------------------- ### Revoke Access Token Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Immediately invalidates an access token. Used for security purposes or when a user logs out of the application. ```bash curl -X POST https://expense.moneyforward.com/oauth/revoke \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "token=YOUR_ACCESS_TOKEN" ``` -------------------------------- ### Access Token Revocation API Source: https://context7.com/moneyforward/expense-api-doc/llms.txt Immediately invalidates an access token. This is useful for security reasons, such as when a user logs out or a token is compromised. ```APIDOC ## Access Token Revocation API ### Description Immediately invalidates an access token. This is useful for security reasons, such as when a user logs out or a token is compromised. ### Method POST ### Endpoint - For Cloud Expense: `https://expense.moneyforward.com/oauth/revoke` - For Cloud Payable: `https://payable.moneyforward.com/oauth/revoke` ### Parameters #### Request Body - **client_id** (string) - Required - Your application's client ID. - **client_secret** (string) - Required - Your application's client secret. - **token** (string) - Required - The access token to revoke. ### Request Example ```bash curl -X POST https://expense.moneyforward.com/oauth/revoke \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "token=YOUR_ACCESS_TOKEN" ``` ### Response #### Success Response (200) - A successful revocation returns an HTTP 200 status code with an empty body. ``` -------------------------------- ### Revoke Access Token Source: https://github.com/moneyforward/expense-api-doc/blob/master/README.md Immediately invalidates an existing access token to prevent further unauthorized access. ```bash curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d token=[アクセストークン] -X POST https://expense.moneyforward.com/oauth/revoke ``` ```bash curl -d client_id=[CLIENT_ID] -d client_secret=[CLIENT_SECRET] -d token=[アクセストークン] -X POST https://payable.moneyforward.com/oauth/revoke ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.