BeeL
Get StartedVeriFactuStripeAPI Reference

Authentication

How to authenticate your requests to the BeeL. API


The BeeL. API supports two authentication methods. Both use the Authorization: Bearer header.

MethodBest forHow it works
API KeysServer-to-server integrationsCreate a key in the dashboard, use it as Bearer token
OAuth2MCP clients, third-party appsUser authorizes your app, you receive a JWT token

Both methods enforce scopes that control which endpoints your token can access. See Available Scopes for the full list.

Quick Start

API Key (simplest)

curl https://app.beel.es/api/v1/invoices \
  -H "Authorization: Bearer beel_sk_live_your_key_here"

OAuth2 Token

curl https://app.beel.es/api/v1/invoices \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiI..."

Environments

BeeL. provides two separate environments. The base URL is the same — the key or token determines the environment.

EnvironmentAPI Key PrefixOAuth2Purpose
Sandboxbeel_sk_test_Include sandbox scopeTesting. No AEAT submissions.
Productionbeel_sk_live_Default (no sandbox scope)Real invoices via VeriFactu.

Authentication Errors

HTTP StatusCodeMeaning
401UNAUTHORIZEDToken missing, expired, or invalid
403FORBIDDENToken valid but missing required scope
429TOO_MANY_REQUESTSRate limit exceeded

Security Best Practices

Treat API keys and OAuth2 client secrets like passwords. Anyone with your credentials can access user data.

  • Use environment variables — never hardcode credentials
  • Use sandbox for development and testing
  • Rotate keys regularly and revoke unused ones
  • Never commit credentials to Git repositories
  • Never include credentials in client-side code