Back to changelog

Developer Platform: OAuth2, MCP & REST API

Authorize access for
Claude Desktop
Read transactions
Manage invoices
View projects
AuthorizeAuthorized
MCP Tools
Live
query-expenses
Search & filter
create-invoice
Generate invoices
get-metrics
Revenue data
list-accounts
Bank balances
OAuth2
MCP
Developer Platform
Connected

Developer Platform

This release transforms Expensicat into a developer platform. Third-party apps and AI assistants can now securely access your financial data through a standards-based integration layer.

OAuth2 Authorization

Expensicat now acts as a full OAuth2 authorization server. Third-party applications request access through a consent screen where you control exactly which scopes to grant.

  • Granular scopes — read transactions, manage invoices, view projects, and more
  • Consent screen — review and optionally deselect scopes before authorizing
  • Short-lived tokens — access tokens with automatic refresh for security

MCP Server

Connect AI assistants like Claude Desktop directly to your Expensicat workspace via the Model Context Protocol.

Once authorized, AI tools get access to:

  • Query expenses — search and filter your transactions
  • Create invoices — generate and send invoices through natural language
  • View metrics — pull revenue, expense, and cash flow data
  • Manage accounts — list bank accounts and balances

REST API & SDK

A comprehensive REST API now covers every resource in Expensicat. Use the first-party SDK for type-safe programmatic access, or build your own integration against the documented endpoints.

Organizations & MFA

A new organization model supporting invitations, approvals, and role-based access. Multi-factor authentication adds an extra layer of security to your account.

  • OAuth2OAuth2 authorization server with consent screen and granular scope management
  • MCPMCP server — connect AI assistants like Claude directly to your workspace
  • APIFull REST API covering transactions, invoices, customers, projects, bank accounts, categories, time entries, documents, recurring invoices, and more
  • APIFirst-party SDK for programmatic access to all API resources
  • SecurityMulti-factor authentication (MFA)
  • PlatformOrganizations with invitations, approvals, and role-based access
  • PlatformSession and app management with short-lived tokens and automatic refresh
  • OAuth2Fine-grained consent screen — review and deselect individual scopes before authorizing
  • FilesFile browser UX improvements — better navigation and document-oriented layout
  • AuthFixed redirect issues during registration and login
  • GeneralVarious stability and performance improvements
  • MCPSecure, authenticated MCP server scoped to your organization
  • MCP12+ tools available — expenses, invoices, metrics, bank accounts, and more
  • MCPToken-based access control with scope enforcement