Brex

Integrate Brex with Payvy to manage your payments efficiently and securely.

Brex Integration Guide

Welcome to Payvy's Brex Integration Guide! This documentation will help you seamlessly integrate Brex's API with Payvy to manage your accounts payable and receivable processes efficiently and securely. Follow the steps below to get started.

Getting Started

To begin using Brex with Payvy, follow these simple steps:

  1. Log into Your Brex Account

  2. Generate a User Token

    • Go to the Developer section in your Brex dashboard.
    • Click on Settings and then Create Token.
    • Create a name for your token that helps you identify its purpose, such as "Payvy Integration".
    • Choose the appropriate Scopes to limit the token's permissions based on your integration needs.
    • Click Create Token and securely store your user token. Important: You won't be able to view it again after closing the dialog.

  3. Set Up the API Key in Payvy

    • In your Payvy application's settings, navigate to the API Integration section.
    • Enter the Brex user token you generated.
    • Note: Ensure that your API token is stored securely. Do not expose it in public repositories or client-side code.

Securing Your API Token

After generating your Brex user token, it's crucial to secure it to prevent unauthorized access:

  • Store Securely: Save your API token in a secure location. Do not expose it in source control or unsecured environments.
  • Treat Like a Password: API tokens can access your Brex account just like a real user. Handle them with the same level of security as passwords.
  • Revoke if Compromised: If you suspect that your token has been leaked or stolen, immediately revoke it from your Brex dashboard and generate a new one.

Token Permission Tiers

Brex offers different levels of access through API tokens, each with specific permission levels:

  1. Read Only

    • Permissions: Can fetch all available data on your Brex account.
    • Use Case: Ideal for applications that need to read data without making any changes.

  2. Read and Write

    • Permissions: Can initiate transactions and manage recipients.
    • Use Case: Suitable for applications that need to both read and modify data.

  3. Custom

    • Permissions: Limited to specific scopes as defined during token creation.
    • Use Case: Best for applications that require granular control over API access.

    Scopes allow you to specify the level of access an API token has. When creating a Custom token, select the fewest scopes needed to perform the required tasks.

    • Note: Scopes cannot be edited after creating a Custom token. If you need different scopes, create a new token with the necessary permissions.

Token Revocation and Expiration

Brex proactively manages API tokens to enhance security:

  • Token Expiration: User tokens will expire if they are not used to make an API call for 90 days.
  • Token Revocation: If your token is compromised or no longer needed, revoke it from the developer page in your Brex dashboard. Once revoked, any calls made with this token will immediately begin to fail.

Best Practices

  • Use Least Privilege: Assign the minimal required scopes to your Brex API tokens to reduce potential security risks.
  • Regularly Review Tokens: Periodically audit your Brex API tokens and their permissions to ensure they align with your current needs.
  • Secure Storage: Store Brex API tokens in secure environments and avoid exposing them in client-side code or public repositories.
  • Monitor Usage: Keep an eye on your Brex token usage and revoke any tokens that are no longer needed or show suspicious activity.

Happy transacting with Payvy!