accounting-api (GraphQL + REST)
Accounting owns the ledger, chart of accounts, receivables, payables, banking, reconciliation, reporting, tax, payroll, fixed assets, audit, and accounting workflow contracts.
Runtime
| Property | Current contract |
|---|---|
| Production API origin | https://api.inblack.app |
| GraphQL | POST /graphql |
| GraphQL operations | 389: 167 queries, 218 mutations, 4 subscriptions |
| HTTP registrations | 68 total; 22 authenticated product routes and 6 provider callbacks are classified for public review |
accounting.inblack.app is the Accounting SPA origin, not the canonical production API origin.
GraphQL domains
The schema spans accounts, ledger entries, invoices and jobs, bills and vendors, bank feeds, reconciliation, reports, imports, 1099, sales tax, tax packets, payroll, fixed assets, loans, approvals, budgets, client portal, Stripe, pending actions, and agent/audit surfaces.
Example read:
curl https://api.inblack.app/graphql \ -H "Authorization: Bearer <token>" \ -H "X-Tenant-ID: <tenant-id>" \ -H "Content-Type: application/json" \ -d '{"query":"{ accounts { id code name type balance } }"}'The accounts field is @authenticated. Other operations can require a specific permission or role; inspect the GraphQL operation reference rather than assuming a uniform policy.
HTTP routes
Source also registers authenticated routes for agent policy, AuditCore, substrate query/update, entity schemas, reconciliation, billing handoff, invoice PDFs, and shared-report functions. Provider callbacks include Stripe, PayPal, Braintree, Plaid, and Avalara/1099.
Internal service, scheduler, archive, projection, and Connect routes are not external integration APIs and are omitted from the public HTTP route reference.
Writes and agents
GraphQL mutations execute through the product service authorization path. Customer-facing agent writes that mutate financial state remain MCP-first so they receive simulation, pending-action, provenance, and risk controls. Do not replace an MCP financial write with direct GraphQL merely because a mutation exists.
Idempotency is operation-specific. Use an idempotencyKey argument or header only where the checked-in schema or handler declares it.