After an extensive and successful beta phase the new trial balance API endpoint is at your service.

It’s easy to use with a call like the following:

GET /trial_balance?from_date=2020-05-01&to_date=2020-05-31

This will return the trial balance of the authorized business:

{
  "from_date": "2020-05-01",
  "to_date": "2020-05-31",
  "ledger_accounts": [
    {
      "id": "8912b74ef19c11e9a10a0242ac160007",
      "displayed_as": "Trade Debtors (1100)",
      "$path": "/ledger_accounts/8912b74ef19c11e9a10a0242ac160007",
      "opening_balance": {
        "debit": "444.00",
        "credit": "0"
      },
      "closing_balance": {
        "debit": "777.00",
        "credit": "0"
      },
      "debit": "333.00",
      "credit": "0"
    },
    # ...
  ]
}

This endpoint is a read-only resource. It became available for all supported countries of this API and in all subscribed product flavors of the end user: Accounting Start, Accounting Standard and Accounting Plus.

Even though the trial balance is aggregated asynchronously in a separate, highly optimized database, actions which have an effect on the reporting data should be reflected there within very few seconds.

Check out the new Reporting API Documentation.


On May 6th 2020 an additional Accounting product was added to the existing portfolio for you and your customers — Accounting Standard. This new product sits between Accounting Start and Accounting Plus and gives users the opportunity to make their experience more bespoke.

You can take a deeper dive into the differences between the 3 products in this detailed breakdown.

What does this mean for the API?

Accounting Standard has all of the features of Accounting Plus apart from Stock/Inventory control and Foreign Currency. The API documentation will be updated as soon as possible to reflect the differences between each product. Here is a list of all endpoints that are restricted in the new Accounting Standard product. The behaviour of Accounting Start and Plus remains unchanged.

stock_items
stock_movement
currency
business_exchange_rate
exchange_rate
live_exchange_rate

Note: Accounting Standard is currently only available in the UK and Ireland.


We have improved the global authentication page (https://www.sageone.com/oauth2/auth/central) that you use to start the OAuth2 flow. 🎉

Read more about authentication in our Detailed Authentication Guide.

Immediate redirect to given country

It is now possible to provide the extra query parameter country to skip the country selection page. If you know the country of your business before starting the auth flow, send it with the auth request - this will save time and prevent user errors during authentication.

Here’s an example request for a French business:

GET https://www.sageone.com/oauth2/auth/central?country=FR&...

Better filtering

We already had an option to filter for API v3.1 countries only on this page, but if you provided a wrong filter value, you would have just seen an empty page. This has now changed - you will see a message as well as a link to see all available countries instead:

Invalid Filter Value on Auth Page


HOORAY!! To enhance the security, the API now supports PKCE authorization. 🎉🎊

Proof Key for Code Exchange is an extension of the OAuth 2.0 Authorization Code Flow and Access Token Request by adding additional parameters. The usage of PKCE is completely optional and it is defined in RFC 7636. PKCE is particularly useful in insecure environments where decompiling the application reveals sensitive information like the Client Secret. Insecure environments can be e.g. Single Page Applications or Mobile Apps.

The code_verifier is a random generated string with a length between 43 and 128, so it is protected against decompiling. In the Authorization Code Flow the client sends a hashed version of the code_verifier (now called code_challenge) and the used hash method (called code_challenge_method) along with the required OAuth parameters to the token endpoint. When the client requests an access token, the code_verifier and the OAuth required parameters will be send to the token_endpoint. The token endpoint hashes the reviewed code_verifier and compares it with the stored code_challenge from the Authorization Code Flow. If both are equal, the PKCE check is passed. An overview about the all used OAuth 2.0 parameter is given in the Authentication section.

The new PKCE authorization comes with new error messages.

PKCE errors while requesting the autorization code
  • invalid_request: Incomplete PKCE code_challenge. When the code_challenge_method is not given, the code_challenge from the client needs to be base64 url encoded. The error means that the code_challenge cannot be base64 url decoded.
  • invalid_request: Error while Base64 decoding of PKCE code_challenge. This will be shown if the code_challenge_method is set to S256 but the code_challenge is no valid SHA-256 hash.
PKCE errors while requesting the access token
  • invalid_grant: Invalid PKCE code_verifier. There was an error at comparing the received code_verfier and the stored code_challenge.

After 11 pm GMT on 31 January 2020 the UK will no longer be a member state of the European Union.

There will then be a formal transition period which is currently scheduled to end on 31 December 2020.

Existing trade and tax rules for UK based businesses will not change in the transition period – the country is still effectively in the customs union and single market - so there is no immediate impact in the usage of Accounting and its API.

The next important deadline is 1 July 2020. If the UK wants to extend the transition period it must request it before this date and can extend by either one or two years (subject to approval). If it doesn’t, then we are potentially back into a countdown to no-deal Brexit on 31 December 2020.

If your application allows cross-border trading between the United Kingdom and the countries of the EU (you make use of sales or purchase invoices and credit notes and have not implemented any restrictions) then please check back regularly for alerts about upcoming changes in Accounting and the API.