This guide provides a comprehensive overview of the Reach Reporting integration. It is intended for both technical teams and business stakeholders, outlining:
- What the integration enables for partners and their customers
- How the integration works at a high level
- The full Reach API specification for implementation
By covering both technical and business perspectives, this guide ensures all stakeholders understand the integration and its benefits.
The Reach API Specification allows your platform to expose structured financial data in a lightweight, standardized format.
Once integrated, your customers will have full access to Reach’s dashboards, reporting, forecasting, and AI-driven insights — all powered by your data.
This approach provides a scalable, consistent experience for both partners and customers, without requiring custom development per client.
For a concise overview of the benefits, see the Benefits Summary document.
A customer using your platform initiates the connection from within Reach Reporting. They authenticate using credentials you provide (via OAuth 2.0), which grants Reach permission to access their data through your API.
Your team builds and hosts a set of API endpoints that conform to the Reach Spec. These endpoints expose structured data — such as company information, chart of accounts, and financial actuals — in a standardized JSON format. The API is read-only from Reach's perspective.
Once connected, Reach calls your API to fetch the customer's data. Requests include a customer-specific access token in the Authorization header. Syncs occur automatically during off-hours and can also be triggered manually by the customer.
Reach stores the fetched data securely and maps it to internal data models. This enables the data to power dashboards, reports, forecasts, and AI-driven insights — all without additional work on your end.
Customers access their data through the Reach platform. They can build custom dashboards, generate financial reports, create budgets and forecasts, and leverage AI-powered analysis — all using the data synced from your system.
Begin by reviewing the Reach API Specification.
It defines the required endpoints, request and response formats, and expected behavior needed to integrate with Reach.
Contact Arthur at arthur@reachreporting.com to request approval. The approval process includes:
- Company Information: Provide details about your organization and platform.
- Use Case Overview: Describe how you plan to use the integration and who your target customers are.
- Technical Readiness: Confirm your team has the resources to implement and maintain the API.
- Partnership Terms: Review and agree to the Terms of Service.
Once approved, Reach will provide any additional onboarding materials and coordinate next steps with your team.
Build the API using your preferred language and framework.
The specification is language-agnostic and requires only a small set of read-only endpoints.
Because the Reach API is defined using the OpenAPI (formerly Swagger) standard, you can use common tooling to speed up development and testing, such as:
- OpenAPI Generator or Swagger Codegen to scaffold servers or client SDKs
- Linters and schema validators to verify conformance
- Swagger UI to view and interact with the API
These tools are optional but can significantly reduce development time and catch issues early.
Deploy the API to a publicly accessible environment secured with HTTPS (TLS 1.2 or higher).
Authentication Requirements (OAuth 2.0):
Your API must implement OAuth 2.0 for authentication. Here's how it works:
Token Endpoint: You provide Reach with a client ID and client secret. Reach uses these to request access tokens from your OAuth token endpoint.
Customer-Scoped Tokens: Each access token is scoped to a specific customer, ensuring Reach can only access data for customers who have authorized the connection.
Token Usage: Reach includes the access token in every API request using the
Authorization: Bearer <token>header.Token Lifecycle: Tokens should be long-lived or automatically renewable. Reach handles token refresh transparently if your OAuth implementation supports refresh tokens.
Validation: Your API must validate the token on each request and return
401 Unauthorizedif the token is missing, expired, or invalid.
Once your API is live and internally tested, provide Reach with your API’s base URL along with the OAuth 2.0 client credentials (client ID and client secret).
The partner team is responsible for performing full testing of their API to ensure it meets the specification and behaves correctly in all scenarios.
Once the API is ready, Reach will perform basic validation checks to confirm that the API is reachable and responding as expected.
For full implementation details, see the Implementation Process document.