Finance API
Related documentation: Finance Module Backend · Access Control Integration · Error Contract
Purpose
Section titled “Purpose”This page documents the current Finance backend route surface at a practical level.
It is not a line-by-line dump of the Finance repo README. It focuses on the contract and runtime rules that matter for platform work.
Runtime Shape
Section titled “Runtime Shape”- runtime: Node / TypeScript backend
- route style:
src/api/**/route.ts - route namespace:
/api/* - health endpoint:
GET /health
Access Rules
Section titled “Access Rules”Internal tenant routes
Section titled “Internal tenant routes”Protected internal company-scoped Finance routes require:
- valid auth
- valid
x-org - membership / scope from Auth
financeentitlement from Core
If the selected company is not commercially entitled to Finance:
- status:
403 - code:
finance_addon_required
Vendor routes
Section titled “Vendor routes”Vendor routes use the vendor auth flow and vendor JWT claims.
They still operate inside Finance because vendor invoice submission and related operational workflows are Finance-owned.
Company selector
Section titled “Company selector”For many internal routes, the active company comes from:
x-org: <companyId>
Accepted value:
- Core/Finance canonical company UUID
kisumCompanyIdwhen linked
Finance resolves the company from Core first. Responses may enrich company/BU display fields from Core; Finance does not rely on local Prisma Company / BusinessUnit relations.
Main Route Families
Section titled “Main Route Families”Examples:
GET /api/admin/companiesGET /api/admin/companies/{id}GET /api/admin/business-units/by-companyGET|POST|PATCH|DELETE /api/admin/business-units- vendor / category / stats / audit-log / sync-error admin routes
Important rule:
- company master writes are removed from Finance
- business-unit master writes go through Core
Examples:
GET /api/billsGET /api/bills/{id}GET /api/bills/{id}/signed-pdfPOST /api/billsPATCH /api/bills/{id}
These are Finance-owned expense/AP workflows.
Income
Section titled “Income”Examples:
GET /api/incomeGET /api/income/{id}POST /api/incomePATCH /api/income/{id}- related income payment and summary helpers
These are Finance-owned revenue/AR workflows.
Machine Venue deposit mode:
POST /api/incomewithsource=venue_depositPATCH /api/income/{id}withsource=venue_deposit
Status: live
Primary caller:
Backend-Kisum-Venues
Purpose:
- create or update the real Finance-side deposit invoice while reusing the normal income/Xero flow
Boundary rules:
- machine-authenticated with Finance
INTERNAL_API_KEY - tenant still selected with
x-org - Venue must send a normal income-compatible payload, not a reduced pseudo-finance payload
Vendor
Section titled “Vendor”Examples:
POST /api/auth/vendor/loginPOST /api/auth/vendor/forgot-passwordGET /api/vendor/invoicesGET /api/vendor/invoices/{id}POST /api/vendor/upload- vendor profile / account / user routes
Kisum Compatibility
Section titled “Kisum Compatibility”Examples:
GET /api/kisum/{companyId}GET /api/kisum/{companyId}/eventsGET /api/kisum/{companyId}/events/{eventId}GET /api/kisum/{companyId}/events/{eventId}/invoicesGET /api/kisum/{companyId}/events/{eventId}/income/summaryGET /api/kisum/{companyId}/events/{eventId}/income/highlightGET /api/kisum/event-expense/find-by-event/{id}
These remain supported compatibility/read routes.
Important current rule:
- company resolution for these routes is now Core-first
- they no longer trust the Finance local company compatibility row as the first resolver
Examples:
- connect / callback
- sync
- accounts
- currencies
- taxes
- related finance integration helpers
These remain Finance-owned.
Important Behavioral Notes
Section titled “Important Behavioral Notes”Company write removal
Section titled “Company write removal”These Finance endpoints are intentionally disabled and return 405 company_master_write_removed:
POST /api/admin/companiesPUT /api/admin/companiesPATCH /api/admin/companiesDELETE /api/admin/companiesPOST /api/admin/companies/{id}/request-deletion
Use Core/Admin for company lifecycle.
Business units
Section titled “Business units”Finance still exposes admin BU operations, but BU master truth is not local anymore.
Current behavior:
- Finance calls Core for BU master write/read behavior
- Finance syncs the local compatibility row afterward for finance-domain joins
Users and memberships
Section titled “Users and memberships”Finance is not the source of truth for:
- users
- company memberships
- business-unit memberships
Those come from Auth.
Entitlement enforcement
Section titled “Entitlement enforcement”Membership alone is not enough for tenant Finance access.
A company can only use Finance if Core says the company has the active finance add-on / enabled module.
Error Guidance
Section titled “Error Guidance”Finance commonly returns:
400validation errors401unauthorized403forbidden / no company scope / no finance entitlement404missing resource405removed company master write behavior409conflict500internal error
The two most important current Finance-specific platform cases are:
403 finance_addon_required405 company_master_write_removed
Engineering Guidance
Section titled “Engineering Guidance”When extending Finance API behavior:
- do not add new company master write flows
- do not add new BU master ownership in Finance
- use Auth for user and membership truth
- use Core for company, BU, and entitlement truth
- only keep local compatibility rows where finance-domain persistence still requires them
For deeper implementation detail, the repo-local sources are still useful references:
Backend-Kisum-Finance/README_API.mdBackend-Kisum-Finance/README_DOCS.mdBackend-Kisum-Finance/README_AUTH_API.md
But this page should be treated as the docs-site summary of the current platform behavior.