API reference
Main resources of the abaco REST API. All routes require authentication (web session or API key) and apply to the user's or key's company scope.
With API key: company scope comes only from the key; every request is tied to that company. You must not try to pass another company’s context in the body or query string.
Conventions
Base URL
All requests use the same base URL (endpoint). In production this is typically https://api.abaco.hn (no port). Get it under Settings > Integrations.
Pagination
Many list endpoints accept pagination query params:
page: page number (e.g.1)limit: number of records per page (e.g.20)
Example: GET /documents?page=1&limit=20
HTTP status codes
| Code | Meaning |
|---|---|
| 200 | OK (success for GET/PUT) |
| 201 | Created (success for POST) |
| 400 | Validation error (invalid body or query) |
| 401 | Not authenticated (missing or invalid token/API key) |
| 403 | No permission for the resource |
| 404 | Resource not found |
| 429 | Too many requests (rate limit); see Rate limits |
| 500 | Internal server error |
Authentication
All requests must include authentication: web session cookie or API key header. Format: Authorization: Bearer <keyId:secret> or X-API-Key: <keyId:secret>.
Resources by category
| Resource | Description | Detail |
|---|---|---|
| Documents | Invoices, quotes, credit notes | CRUD, confirm, cancel |
| Products | Catalog, prices and stock | CRUD, search |
| Business partners | Customers and suppliers | CRUD, lists by type |
| Inventory | Warehouses and stock | Warehouses, stocks, by product/warehouse |
| Company and payments | Company, payment methods, CAI, branches | Configuration |
API keys are not part of the documented integration surface: they are created and managed only in the web app under Settings > Integrations (see Endpoint and keys).