AI agent integration

Connect an AI agent to your German accounting

Your bookkeeping module ships with two doors an AI agent can walk through: a hosted MCP server and an open REST API. Both let a large language model read your real German ledger and, with the right scope, post entries back. You create the key, you set read or write, and every posting still runs through the GoBD booking core. Nothing is scraped, nothing is guessed.

Two ways to connect an agent

Pick the door that matches your client. Both speak to the same bookkeeping data and obey the same rules.

MCP server

For MCP-capable clients such as Claude Code and Claude Desktop, add your bookkeeping as a tool source. It is a thin adapter over the REST API and exposes fourteen tools — ten read, four write — so the agent discovers what it can do without you wiring endpoints by hand.

REST API

For everything else — a custom GPT, a script, a function-calling model, an automation platform — call the fixed endpoint allowlist directly. Same key, same scopes, same GoBD safety. It is a data API, not a code API: there is no SQL passthrough and no free-form query.

What an agent can read

Ten read endpoints cover the whole bookkeeping picture for one company, filterable by fiscal year, period and account.

  • Company master data and the list of fiscal years with their status.
  • The full chart of accounts — SKR03 or SKR04 plus the company's own accounts.
  • Journal entries, single or in bulk, filtered by year, period or account.
  • The trial balance (Saldenliste) as a server-side rollup that already carries the HGB keys.
  • Open items on both sides — receivables and payables — plus outgoing and incoming invoices.
  • Bank transaction lines, so the agent can reconcile against the ledger.

What an agent can post

With a read-plus-write key, four write endpoints let the agent do real bookkeeping — and only bookkeeping.

  • Post a manual journal entry with account, contra-account and tax key.
  • Reverse a booking with a proper Storno instead of a delete.
  • Issue an outgoing invoice, booked as revenue plus VAT plus a receivable.
  • Book an incoming invoice with its input VAT.
  • That is the entire write surface. There is no API path that files an annual report, submits an E-Bilanz or does a tax return — the agent prepares numbers, the app owns the filing.

Keys, scopes and one company per key

Access is deliberately narrow so an agent can never wander.

Every key carries the prefix jab_live_ and is sent as an Authorization Bearer token — no second header needed. The company is derived from the key itself, never passed as a parameter, so a key can only ever touch the one company it was minted for.

You choose the scope when you create the key: read, or read plus write. A read key can never post, no matter what the model asks. Keys can be time-limited — ninety days, a year, or unlimited — and revoked at any moment. The secret is shown once and stored only as a hash.

You create keys inside the app under Buchhaltung, API access. Minting a key needs the paid bookkeeping module; existing keys keep working even if a subscription lapses, so a running automation never breaks overnight.

Quick start in three commands

Create a key, read the trial balance, post one entry. The base URL lives in the app under API access.

# 1. Create a key in the app: Buchhaltung → API-Zugang
#    Scope: read  (or read + write to post)
export JAB_KEY="jab_live_…"

# 2. Read the trial balance for a fiscal year
curl "$BASIS_URL/saldenliste?fiscal_year=2025" \
  -H "Authorization: Bearer $JAB_KEY"

# 3. Post a manual booking (needs write scope)
curl -X POST "$BASIS_URL/journal-entries" \
  -H "Authorization: Bearer $JAB_KEY" \
  -H "Content-Type: application/json" \
  -d '{"date":"2025-03-31","account":"4930","contra_account":"1200","amount":119.00,"tax_key":"9","text":"Office supplies"}'

Frequently asked questions

Can the agent file my annual accounts through the API?

No. The API is bookkeeping data and postings only. The agent can prepare and clean the figures that later flow into the annual accounts, but the actual compilation and filing happen inside the app, never through the API.

Do I need to write any code to get started?

Not for MCP clients. If your tool speaks MCP, you add the server with one command and start asking questions. For a custom GPT, a script or an automation platform, you call the REST endpoints directly.

How does the key stay safe?

The secret is shown once and stored only as a hash. It is scoped to a single company, limited to read or read-plus-write, can be time-limited, and you can revoke it instantly if a device or workflow is compromised.

Can an agent bypass GoBD rules by using the API?

No. Write calls run through the same booking core as the manual UI, so append-only, Festschreibung, Storno-instead-of-delete and Soll-equals-Haben all still apply. The API cannot switch them off.

Which model or client works best?

Any of them. MCP-capable clients like Claude Code get the smoothest experience; ChatGPT, a custom GPT, Cursor or any function-calling LLM works through the REST API. You are never locked to one vendor.