GET /api/agent/bank-accounts
Returns every active bank account for the caller's org with reconciled and statement balances.
Auth
- Required scope:
READ_BANK - Header:
Authorization: Bearer cr_live_<prefix>_<secret>
Responses
200 — Array of active bank accounts
Body:
| Field | Type | Required | Notes |
|---|---|---|---|
accounts | array of BankAccount | yes | |
redactedItemCount | integer | yes | Number of accounts that were OMITTED from accounts because the underlying Xero account is flagged sensitive and the caller's key does NOT carry the READ_SENSITIVE scope. List endpoints use the drop policy (the row is absent entirely); composite endpoints like /cash-position use the redact policy (the row stays, the name is rewritten). Always 0 when the key carries READ_SENSITIVE. |
billingAlert | BillingAlert | no | |
xeroAlert | XeroAlert | no |
401 — Missing / invalid bearer, wrong prefix, secret mismatch, or revoked key
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
403 — Key lacks the required scope
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
429 — Per-minute burst or daily quota exhausted
Body: ErrorResponse
| Field | Type | Required | Notes |
|---|---|---|---|
error | string | yes |
Response headers
Every successful response carries X-CashRunway-Subscription, X-CashRunway-Plan, X-CashRunway-Quota-Remaining, and X-CashRunway-Quota-Reset. Trialing subscriptions also include X-CashRunway-Trial-Days-Remaining. See the overview for details.