BEXIO API · INTEGRATION
Bexio API: AI integration into Swiss fiduciary bookkeeping
The Bexio REST API connects Swiss SME bookkeeping with AI workflows. OAuth 2.0, Swiss hosting, a clear data model.
Researched & fact-checked by: DuneDive LLC · As of: 2026-05
What is the Bexio API?
Bexio is the Swiss market leader for fiduciary and SME bookkeeping, with around 70,000 customers in Switzerland as of May 2026. The Bexio API is the official REST interface through which external systems can read and write contacts, receipts, invoices, quotes, projects, and bookings. It is the most important interface when you want to plug AI workflows into an existing fiduciary pipeline without leaving the underlying data store.
The API uses OAuth 2.0 (authorization code flow) and JSON over HTTPS. Endpoints are versioned (currently v2 for most resources, v3 for newer modules such as KB invoices). The base URL is https://api.bexio.com. The rate limit is 50 requests per second per app, with a burst buffer for short spikes. Hosting runs in Swiss data centres (Zurich), which is a central argument for mandates with elevated confidentiality (professional secrecy under Art. 321 SCC).
For AI applications, the most interesting endpoints are /2.0/contact (contacts), /2.0/kb_invoice (invoices), /2.0/kb_offer (quotes), /2.0/project (projects), /2.0/accounting/journal_entry (bookings), and /3.0/files (file attachments). The data model is conservative: each record has a numeric ID, timestamps, and a clearly defined status (e.g. invoice_status_id).
Why it matters for Swiss fiduciary
Fiduciary bookkeeping is traditionally conservative in Switzerland. Switching to a new bookkeeping platform is expensive, risky, and politically sensitive. Over the past five years, Bexio has overcome that barrier and today is often the default platform in Swiss SMEs. If you want to introduce AI, the most important question is: where does the data live today, and how do we reach it?
The Bexio API answers that question cleanly on the technical side. You can build a RAG index over all client invoices without touching Bexio itself. You can OCR receipts and write them back to Bexio as kb_bill. You can have an LLM draft dunning notices and only send the ones that have been approved. You can have AI sanity-check VAT statements before the quarter-end.
The key point: the AI layer sits next to Bexio, not on top. The bookkeeping logic stays in the certified platform. That is a major advantage for audit-ready setups under Art. 957a CO. It is also why the Bexio integration is often the first module we build when introducing AI into a Swiss fiduciary office.
How it works
Entry happens in four steps: register the app, run the OAuth flow, use the access token, query endpoints.
App registration happens in the Bexio Developer Hub. You receive a client ID and client secret. In the OAuth flow, Bexio redirects the user to a login page, the user authorises the app for a specific mandate, and Bexio returns an authorisation code. You exchange that for an access token (valid 1 hour) and a refresh token (valid 60 days).
A typical example call to fetch all open invoices:
```bash curl -X GET "https://api.bexio.com/2.0/kb_invoice?kb_invoice_status_id=10" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Accept: application/json" ```
The response contains an array of invoice objects with fields like id, document_nr, contact_id, total, is_valid_to, kb_invoice_status_id. Rate limits are communicated through HTTP headers (X-RateLimit-Remaining); on 429 Too Many Requests you must retry with exponential backoff.
For AI use-cases the data typically flows into an intermediate layer: we fetch invoices via API, index them in Qdrant (see RAG), and the LLM answers client questions over that index. Write operations (e.g. setting a new dunning stage in Bexio) only run after human approval via /2.0/kb_invoice/{id} PUT.
Bexio integration in 5 steps
- 01Register the app in the Bexio Developer Hub, store client ID and client secret safely in a .env file or a secrets manager.
- 02Implement the OAuth 2.0 authorisation-code flow, store the refresh token in an encrypted database, renew the access token every 60 minutes.
- 03Set up the read pipeline: poll the required endpoints (contacts, invoices, bills) every 5 to 15 minutes or subscribe through the Bexio webhook hub.
- 04Define the AI layer: which workflow uses which data? Receipt OCR reads /2.0/kb_bill, dunning reads /2.0/kb_invoice plus correspondence.
- 05Secure write operations with a four-eyes principle: proposals by the LLM, release by the case handler, writing to Bexio only after explicit OK.
When to use
The Bexio integration is worthwhile when (a) Bexio is already in productive use at the mandate, (b) a recurring, data-driven process is automatable, and (c) the AI layer is clearly used as a supporting tool, not as an autonomous bookkeeper.
Typical cases: receipt OCR with automatic pre-coding and Bexio upload as kb_bill. Dunning proposals based on open invoices and client correspondence. VAT quarterly close with a plausibility check and listing of suspicious bookings. Client FAQ over a client invoice history. Automatic lead capture from email inquiries, created as a contact in Bexio.
For fiduciary offices with 20 to 200 mandates the Bexio connector is usually the highest-ROI lever in the first AI year. Typical setup takes between one and four weeks, depending on data volume and the number of integrated workflows.
When not to use
The Bexio API is not the right lever when the mandate uses a different bookkeeping platform (Abacus, Sage, SAP). A migration purely for AI integration is never economical; in such cases a direct integration with the existing platform is more sensible.
Also cautious: Bexio offers no full payroll module for complex cases with multiple pension funds, withholding-tax specifics, and ELM-5 wage statements. If your use-case sits there, the API is reachable but the data model is limited. Here Abacus is often the stronger platform.
Writing bulk operations through the API is technically possible, but risky. A bug in the importer can route hundreds of bookings into wrong accounts. We recommend always mirroring write operations to a staging mandate, building a human four-eyes principle, and keeping a rollback path ready.
Trade-offs
STRENGTHS
- Swiss hosting in Zurich, clean for FADP setups
- Clear REST API with OAuth 2.0, good documentation
- Standard platform in Swiss SMEs with a large user base
- Webhooks significantly reduce polling overhead
WEAKNESSES
- Limited payroll module for complex cases
- Rate limit 50 req/s per app, large imports must be chunked
- Bulk write operations are risky, always use a staging mandate
- Refresh tokens expire after 60 days of inactivity, OAuth flow must be re-run
FAQ
What does the Bexio API cost?
The API itself is included in the Bexio subscription. You pay the normal Bexio licence (from CHF 39 per month, higher tiers for more users and modules). There is no additional API fee. What you pay are the AI components (LLM calls, embedding, vector DB) and the setup and maintenance effort.
Where does the data sit?
Bexio hosts in Swiss data centres (Zurich, Lucerne). That is relevant for mandates with data-protection sensitivity and for data transfer under the FADP. If you additionally run the AI layer on Swiss or EU infrastructure (Hetzner Falkenstein, Exoscale Geneva), all data stays within the EEA.
Are there webhooks?
Yes, Bexio offers webhooks for important events (invoice created, payment booked, mandate changed). They reduce polling overhead and API calls considerably. Configuration in the Developer Hub, HMAC signature for replay protection. See the webhooks topic for details.
What happens on API changes?
Bexio versions the API (v2 stable, v3 for newer modules). Breaking changes are announced at least six months in advance. You should nevertheless put an abstraction layer between Bexio calls and AI logic, so that an API update does not touch the whole system.