Developers
Frihet exposes a full REST API and a webhook system so you can integrate your ERP with any tool. Automate workflows, sync data with your existing systems, or build custom integrations.
Core resources
REST API
RESTful API with API key authentication. Access invoices, expenses, clients, products, and quotes programmatically.
- Full CRUD endpoints for 5 resources
- Pagination, filtering, and sorting
- 100 requests/minute limit per key
- Standardized JSON responses
Webhooks
Receive real-time notifications when events occur in your Frihet account. 14 event types with HMAC-SHA256 signatures to verify the authenticity of every payload.
- 14 event types (invoices, expenses, quotes, clients, products)
- Cryptographic signature on every delivery
- Automatic retries with exponential backoff
- Delivery logs accessible from the dashboard
Supported integrations
Frihet connects natively with the following tools. Each integration can be extended with the REST API and webhooks to cover advanced use cases.
| Category | Service | Description |
|---|---|---|
| Payments | Stripe | Subscriptions and client billing via Stripe Billing |
| Payments | Stripe Connect | Payment links for invoices with card, Apple Pay, and Google Pay |
| Payments | PayPal | Transaction and balance import via REST API v2 with OAuth2 |
| Payments | GoCardless | SEPA direct debit, mandates, and recurring payments |
| Banking | Revolut Business | Automatic transaction import via API key |
| Banking | Plaid | Direct bank connection via Plaid Link SDK for transactions and balances |
| Banking | Open Banking | PSD2 connection with Salt Edge for bank sync |
| E-commerce | Shopify | Order import and product sync via OAuth |
| E-commerce | WooCommerce | Bidirectional order and product sync via webhooks |
| E-commerce | Gumroad | Digital product sales import with GR- prefix and deduplication |
| E-commerce | Lemon Squeezy | Digital software order import via JSON:API |
| Time tracking | Toggl | Time entry import for hourly billing |
| Time tracking | Clockify | Project and time entry sync |
| Time tracking | Harvest | Hours import with Personal Access Token and Account ID |
| Productivity | Asana | Projects and tasks with automatic workspace detection |
| Productivity | Trello | Boards, lists, and cards for project context |
| Productivity | Notion | Pages, databases, and workspace records search |
| Calendar | Google Calendar | Due date reminders and billing events |
| Calendar | Outlook Calendar | Events and due dates via Microsoft Graph API with OAuth |
| Storage | Google Drive | Upload, download, and search files via OAuth |
| Communication | Slack | Notifications for paid invoices, logged expenses, and alerts |
| Resend | Transactional invoice delivery with email templates | |
| Automation | n8n | Webhook connection for custom automation flows |
| Automation | Zapier | Connect 6,000+ apps without code via webhooks |
| Automation | Make | Visual automation with hundreds of apps via webhooks |
MCP Server
Official MCP server published on npm as @frihet/mcp-server. Connect your AI assistant (Claude, Cursor, Windsurf, Cline) directly to your ERP.
- 31 tools for 6 resources (invoices, expenses, clients, products, quotes, webhooks)
- Local transport (stdio) and remote (mcp.frihet.io)
- Open source (MIT) on GitHub
- Automatic rate-limit retry with exponential backoff
Claude Code Skill
Official skill that adds business intelligence on top of the MCP server. Conversational commands, workflow recipes, and formatted financial reports.
- Commands:
/frihet invoice,/frihet expense,/frihet report,/frihet clients - Natural language workflows for monthly close, tax prep, and overdue follow-up
- Install:
git clone+ symlink to~/.claude/skills/frihet
Security
Security is a priority throughout Frihet's integration layer.
- AES-256-GCM encryption for sensitive stored data (integration tokens, webhook secrets)
- HMAC-SHA256 on every webhook delivery to verify payload authenticity
- SHA-256 hashing of API keys on the server — the plaintext key is shown only once at creation
- Rate limiting of 100 requests per minute per API key
- URL validation on webhooks: only HTTPS endpoints are allowed (except localhost in development)
- Private IP blocking to prevent SSRF attacks on webhook URLs
- Configurable key expiration — create keys with an expiry date
SDKs (coming soon)
We're working on official SDKs to simplify integration:
| SDK | Status |
|---|---|
| Node.js / TypeScript | In development |
| Python | In development |
In the meantime, the REST API is accessible from any language that supports HTTP requests. All examples in this documentation use curl and can be adapted directly.
Limits and quotas
| Resource | Limit |
|---|---|
| API requests | 100/minute per key |
| Request body size | 1 MB maximum |
| Webhook payload size | 100 KB maximum |
| Webhooks per account | 20 maximum |
| Webhook retries | 3 attempts per delivery |
| Results per page | 100 maximum (50 default) |
Getting started
- Go to Settings > API in your Frihet account
- Create a new API key and copy it (shown only once)
- Test the connection with a GET request to
/api/v1/clients - Configure webhooks to receive events in real time
curl -s https://api.frihet.io/v1/clients \
-H "X-API-Key: fri_your-key-here" | head -c 200
If the response includes your clients, the integration is working. See the REST API reference for all available endpoints.