We have changed our API in an important way in order to prevent Cross Site Request Forgery attacks. APIs which use implicit authentication - e.g., HTTP Basic authentication or cookies - are vulnerable to such attacks.

What’s the change?

1. We have added an explicit ‘login’ command which returns a “token” for the session if the login is successful.
2. Subsequent commands in the session must all include this token in order to be processed.
3. The token expires after a “reasonable” time-out — on the order of 10 minutes or so.

I hope it will not be too much of a hassle for you to adapt your scripts. Security is paramount when it comes to handling finances.

We are very pleased to announce that you can now access your Buxfer data and analytics programatically with our REST API.

So, what can you do with the API?

• You can create a widget to automatically update your account balances on your desktop every 15 minutes. Simply send the following request periodically and you are done!
  

  https://www.buxfer.com/api/accounts.xml

• Perhaps, you want to look at your analysis pie chart, but you want to restrict analysis to your credit card account. Just type in the following and out comes a pie-chart! Tweak the URL to your heart’s wish, and get near-instanteneous analytics!
  

  https://www.buxfer.com/api/analysis.html?accountName=Mastercard

  

• Mash up your financial data with other services out there on the web! In the previous example, we used Google’s Chart API to produce compelling visualizations. You can do so with tons of other services to create useful tools.

So get creative and start hacking!

Need more info?

• Read the API overview
• Understand the security issues
• Dig into the complete documentation
• Get started with sample clients in Perl, Python, Ruby and PHP.

Like all things, we think this is only a first step; please let us know whether you can build interesting applications using the API. If not, let us know which API calls you would like to be added, and which cut out to keep the API lean.