Trupocket

Getting Started Guide

Last Updated: December 11, 2025

🚀 Quick Start

Base URL: https://api.trupocket.app/v1

Authentication: OAuth 2.0 Bearer tokens (1-hour expiration)

Response Format: JSON

Currency: Integers in cents (1234 = $12.34)

Timestamps: Unix timestamps (seconds since epoch)

Documentation: Full API Reference | Privacy Policy | Terms of Service

1. Introduction
2. Authentication
3. API Overview
4. Core Concepts
5. Quick Start Tutorial
6. Common Workflows
7. Error Handling
8. Code Examples
9. Webhooks
10. Best Practices
11. Testing & Development
12. API Limits & Quotas
13. Support & Resources

1. Introduction

Welcome developers! This guide will help you get started with the Trupocket API.

What is Trupocket?

API-first personal finance platform - Built for developers and fintech startups
RESTful API - Manage households, accounts, transactions, budgets, categories, payees, hashtags, and more
Three subscription plans - Free, Premium, and Developer with different rate limits and features
Comprehensive tracking - Full transaction register with budgeting, scheduled transactions, and detailed reporting

Quick Links

Full API Documentation: /docs (Swagger/OpenAPI)
Privacy Policy: /docs/privacy-policy
Terms of Service: /docs/terms-of-service
Support: support@trupocket.app

2. Authentication

Trupocket supports two authentication methods:

Personal Access Tokens (PATs) - Recommended for scripts, integrations, and programmatic access
OAuth Sign-In - For web and mobile apps with user sessions

Personal Access Tokens (Recommended)

PATs provide long-lived API access without requiring OAuth sign-in. Ideal for scripts, CI/CD, and server-to-server integrations.

Token Format

PATs start with tp_ prefix followed by 64 hexadecimal characters
Example: tp_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2
The full token is only shown once at creation - store it securely immediately

Plan Limits

Free: 1 access token
Premium: 3 access tokens
Developer: Unlimited
Enterprise: Unlimited

Creating a PAT

Create a PAT from the Trupocket web app settings, or via the API (requires OAuth authentication):

POST /v1/users/access-tokens
Authorization: Bearer YOUR_OAUTH_TOKEN
Content-Type: application/json

{
  "name": "My Integration",
  "expiresAt": 1767225600
}

# expiresAt is optional (Unix timestamp). Omit for tokens that never expire.

# Response (201):
{
  "tokenID": "2BKHGx7z0pFFRyqPqQqRbCPp9xI",
  "name": "My Integration",
  "token": "tp_a1b2c3d4e5f6...",
  "tokenPrefix": "tp_a1b2c3d4",
  "expiresAt": 1767225600,
  "createdAt": 1704067200
}

# IMPORTANT: The "token" field is only returned at creation!
# Copy and store it securely - you cannot retrieve it later.

Using a PAT

curl -X GET "https://api.trupocket.app/v1/households" \
  -H "Authorization: Bearer tp_your_personal_access_token_here"

Managing PATs

# List all PATs
GET /v1/users/access-tokens

# Response:
{
  "accessTokens": [
    {
      "tokenID": "2BKHGx7z0pFFRyqPqQqRbCPp9xI",
      "name": "My Integration",
      "tokenPrefix": "tp_a1b2c3d4",
      "isActive": true,
      "expiresAt": 1767225600,
      "lastUsedAt": 1704153600,
      "createdAt": 1704067200
    }
  ],
  "total": 1,
  "limit": 3
}

# Update a PAT (rename, deactivate, or change expiration)
PATCH /v1/users/access-tokens/{tokenID}
{
  "name": "Renamed Integration",
  "isActive": false
}

# Delete a PAT
DELETE /v1/users/access-tokens/{tokenID}

PAT Security Best Practices

Store PATs in environment variables, never in code or version control
Use descriptive names to identify each token's purpose
Set expiration dates for temporary integrations
Delete unused tokens immediately
Use separate tokens for different integrations
Regularly audit your tokens via GET /v1/users/access-tokens

OAuth Sign-In (For User Sessions)

OAuth authentication is designed for web and mobile apps where users sign in interactively. Tokens expire after 1 hour.

Authentication Flow

User registers via /v1/users/register endpoint
User verifies email address
User signs in via /v1/users/sign-in endpoint
API returns access token (expires in 1 hour)
Include access token in all API requests via Authorization header
If token expires, sign in again to get a new token

Example: Sign In

POST /v1/users/sign-in
Content-Type: application/json

{
  "email": "john@example.com",
  "password": "SecurePassword123!"
}

# Response:
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600
}

Handling Token Expiration

When your OAuth token expires (after 1 hour), you'll receive:

{
  "errorCode": "unauthorized",
  "errorMessage": "Token expired or invalid",
  "errorField": null
}

Simply sign in again to get a new token.

3. API Overview

Base URL: https://api.trupocket.app/v1

Response Format: JSON

Date/Time Format: Unix timestamps (seconds since epoch)

Currency Format: Integers in smallest denomination (cents for USD)

Example: $12.34 = 1234
Example: $100.00 = 10000

Rate Limits by Plan

Plan	API Calls/Day	Transactions/Month	Households	Data History	Webhooks
Free	20	60	1	90 days	No
Premium	1,000	Unlimited	Unlimited	2 years	No
Developer	10,000	Unlimited	Unlimited	Unlimited	Yes

Rate Limit Headers

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 847
X-RateLimit-Reset: 1699564800

4. Core Concepts

Hierarchy

User
└── Household(s)
    ├── Accounts (checking, savings, credit cards)
    ├── Categories (for budgeting)
    ├── Payees (merchants, employers)
    ├── Hashtags (custom tags)
    ├── Transactions
    │   ├── Transaction Categories (split transactions)
    │   └── Transaction Hashtags
    └── Scheduled Transactions (recurring transactions)

Household Styles

0 (Detailed Tracking) - Full transaction register with budgeting
Future: Simple Budgeting, Bill Reminder, Calculations

Household Purpose

0 (home) - Personal finances
1 (office) - Business finances
2 (home_office) - Mixed (sole proprietor, freelancer)

Account Types

chkg - Checking account
svgs - Savings account
cc - Credit card

Transaction Cashflow

expense - Money out
income - Money in
transfer - Between your accounts

💡 Hashtags: Dynamic Transaction Grouping

Hashtags are a powerful dynamic categorization tool that goes beyond traditional categories and budgets.

What are Hashtags?

Hashtags allow you to tag transactions with custom labels by including #hashtag in transaction memos. Unlike categories (which are budget-focused), hashtags provide flexible, cross-category grouping for analysis and reporting.

How Hashtags Work:

Add hashtags anywhere in transaction memos: "Dinner with clients #business #taxdeductible"
Hashtags are automatically extracted and indexed
Filter transactions by hashtags using the API
Track spending across multiple categories with a single tag
No pre-creation required - hashtags are created automatically when first used

Categories vs Hashtags:

Feature	Categories	Hashtags
Purpose	Budget tracking	Flexible grouping & analysis
Setup	Must create before use	Auto-created on first use
Per Transaction	1-5 categories (required)	Unlimited hashtags (optional)
Budget Impact	Affects budget calculations	No budget impact
Use Cases	Monthly budgets, spending limits	Projects, tax tracking, trips, clients

Common Use Cases:

Tax Tracking: #taxdeductible, #business, #charitable
Projects: #kitchen-remodel, #wedding, #vacation2024
Clients (Business): #client-acme, #client-techcorp
Events: #birthday, #conference, #holiday
Shared Expenses: #roommate, #reimbursable
Goals: #savingforhouse, #debtpayoff

Example Transaction with Hashtags:

{
  "payee": "Home Depot",
  "categories": [
    {
      "name": "Home Improvement",
      "amount": 25000,
      "memo": "Kitchen backsplash materials #kitchen-remodel #taxdeductible",
      "dontImpactBudget": false,
      "isCleared": true
    }
  ]
}

# This transaction:
# - Budgeted under "Home Improvement" category
# - Tagged for project tracking (#kitchen-remodel)
# - Tagged for tax purposes (#taxdeductible)
# - Can be filtered/reported on by either hashtag

Filtering by Hashtags:

# Get all transactions for kitchen remodel project
GET /v1/households/{householdID}/detailed-tracking/transactions?hashtags=kitchen-remodel

# Get all tax-deductible transactions
GET /v1/households/{householdID}/detailed-tracking/transactions?hashtags=taxdeductible

# Get transactions for multiple projects
GET /v1/households/{householdID}/detailed-tracking/transactions?hashtags=kitchen-remodel,vacation2024

Pro Tips:

Use descriptive hashtags: #vacation-hawaii-2024 instead of #trip
Combine with categories for powerful reporting: budget by category, analyze by hashtag
Hashtags persist across categories - track a project that spans multiple expense types
Use hashtags to mark transactions for later review: #needreceipt, #verify
No limit on hashtag count per transaction - tag as much as needed

5. Quick Start Tutorial

Step 1: Register a User

POST /v1/users/register
Content-Type: application/json

{
  "firstName": "John",
  "email": "john@example.com",
  "password": "SecurePassword123!",
  "agreeToTerms": true
}

# Response:
{
  "userID": "2BxFGhvDwSoabBEqf2V5ZgC3ifo"
}

# Note: Email verification required before sign-in

Step 2: Sign In

POST /v1/users/sign-in
Content-Type: application/json

{
  "email": "john@example.com",
  "password": "SecurePassword123!"
}

# Response:
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600
}

Step 3: Create a Household

POST /v1/households
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "name": "Personal Finances",
  "style": "dt",
  "purpose": "home"
}

# Response:
{
  "householdID": "2BKHJyVqwTkR1234567890ABCDE"
}

Step 4: Create a Checking Account

POST /v1/households/{householdID}/detailed-tracking/accounts
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "type": "chkg",
  "name": "Chase Checking",
  "balance": 500000
}

# balance: 500000 = $5,000.00
# Response:
{
  "accountID": "2BKHLmNpqRsTuvWxYzAbCdEfGhI"
}

Step 5: Create a Category

POST /v1/households/{householdID}/detailed-tracking/categories
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "name": "Groceries",
  "budgetAmount": 40000
}

# budgetAmount: 40000 = $400.00/month
# Response:
{
  "categoryID": "2BKHMnOpQrStUvWxYzAbCdEfGhI"
}

Step 6: Create a Payee

POST /v1/households/{householdID}/detailed-tracking/payees
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "name": "Whole Foods"
}

# Response:
{
  "payeeID": "2BKHOpQrStUvWxYzAbCdEfGhIjK"
}

Step 7: Create a Transaction

POST /v1/households/{householdID}/detailed-tracking/transactions
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "cashflow": "expense",
  "type": "debit_credit",
  "fromAccountID": "YOUR_ACCOUNT_ID",
  "payee": "Whole Foods",
  "date": 1699564800,
  "categories": [
    {
      "name": "Groceries",
      "amount": 8547,
      "memo": "Weekly groceries #organic",
      "dontImpactBudget": false,
      "isCleared": true
    }
  ]
}

# date: Unix timestamp for transaction date
# amount: 8547 = $85.47
# payee: Payee name (string, not ID)
# categories[].name: Category name (string, not ID)
# dontImpactBudget: false means this WILL impact the budget
# isCleared: true means this transaction has cleared the bank
# Transaction reduces account balance by $85.47
# Transaction reduces budget balance by $85.47
# Response:
{
  "transactionID": "2BKHPqRsTuVwXyZaBcDeFgHiJkL",
  "totalAmount": {
    "currency": "USD",
    "amount": 8547
  }
}

6. Common Workflows

Re-authenticate After Token Expiration

# When you receive 401 Unauthorized:
POST /v1/users/sign-in
Content-Type: application/json

{
  "email": "john@example.com",
  "password": "SecurePassword123!"
}

# Get new access_token and continue

Get Household Summary

GET /v1/households/{householdID}
Authorization: Bearer YOUR_ACCESS_TOKEN

# Returns household with accounts, budgets, etc.

List All Transactions

GET /v1/households/{householdID}/detailed-tracking/transactions
Authorization: Bearer YOUR_ACCESS_TOKEN

# Optional filters:
# ?accounts={accountID}
# ?categories={categoryID}
# ?fromDate={YYYY-MM-DD}
# ?toDate={YYYY-MM-DD}

Get Account Balance

GET /v1/households/{householdID}/detailed-tracking/accounts/{accountID}
Authorization: Bearer YOUR_ACCESS_TOKEN

# Returns account with current balance

Get Budget Status

GET /v1/households/{householdID}/detailed-tracking/categories
Authorization: Bearer YOUR_ACCESS_TOKEN

# Returns all categories with budget details:
# - budget.amount (allocated)
# - budget.balance (remaining)

Create Scheduled Transaction (Recurring Bill)

POST /v1/households/{householdID}/detailed-tracking/scheduled-transactions
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "cashflow": "expense",
  "type": "ach",
  "fromAccountID": "YOUR_ACCOUNT_ID",
  "payee": "Rent Company",
  "frequency": 4,
  "frequencyDay": 1,
  "startDate": 1699564800,
  "shouldAutoGenerate": true,
  "categories": [
    {
      "name": "Rent",
      "amount": 150000,
      "memo": "Monthly rent",
      "impactBudget": true
    }
  ]
}

# payee: Payee name (string, not ID)
# frequency: 4 = monthly
# frequencyDay: 1 = 1st of month
# startDate: Unix timestamp for when schedule begins
# shouldAutoGenerate: true = automatically create transactions
# categories[].name: Category name (string, not ID)
# amount: 150000 = $1,500.00
# impactBudget: true = this WILL impact the budget (scheduled uses impactBudget, not dontImpactBudget)

7. Error Handling

HTTP Status Codes

200 - Success
201 - Created
400 - Bad Request (validation error)
401 - Unauthorized (invalid/expired token)
403 - Forbidden (insufficient permissions)
404 - Not Found
429 - Too Many Requests (rate limit exceeded)
500 - Internal Server Error

Error Response Format

All API errors return a flat JSON structure with the following fields:

errorCode - Machine-readable error code (lowercase-kebab-case)
errorMessage - Human-readable error description
errorField - Field that caused the error (null if not field-specific)

{
  "errorCode": "validation-error",
  "errorMessage": "Invalid email format",
  "errorField": "email"
}

Common Errors

Error Code	Description	Solution
`unauthorized`	Invalid or expired token	Sign in again to get new token
`rate-limit-exceeded`	Too many API calls	Wait for rate limit reset or upgrade plan
`validation-error`	Invalid request data	Check field requirements
`not-found`	Resource doesn't exist	Verify IDs are correct
`plan-limit-exceeded`	Exceeded plan limits	Upgrade to higher plan

8. Code Examples

Quick Start with PATs (Recommended)

The simplest way to use the API is with Personal Access Tokens. No token refresh logic needed.

JavaScript/Node.js with PAT

const axios = require('axios');

const API_BASE = 'https://api.trupocket.app/v1';
const PAT = process.env.TRUPOCKET_PAT; // Store in environment variable

const client = axios.create({
  baseURL: API_BASE,
  headers: {
    'Authorization': `Bearer ${PAT}`,
    'Content-Type': 'application/json'
  }
});

// List households
const { data } = await client.get('/households');
console.log('Households:', data.households);

// Create a transaction
const transaction = await client.post(
  `/households/${householdId}/detailed-tracking/transactions`,
  {
    cashflow: 'expense',
    type: 'debit_credit',
    fromAccountID: accountId,
    payee: 'Coffee Shop',
    date: Math.floor(Date.now() / 1000),
    categories: [{ name: 'Food', amount: 500, memo: 'Morning coffee' }]
  }
);
console.log('Created:', transaction.data.transactionID);

Python with PAT

import os
import requests
import time

API_BASE = 'https://api.trupocket.app/v1'
PAT = os.environ['TRUPOCKET_PAT']  # Store in environment variable

headers = {
    'Authorization': f'Bearer {PAT}',
    'Content-Type': 'application/json'
}

# List households
response = requests.get(f'{API_BASE}/households', headers=headers)
print('Households:', response.json()['households'])

# Create a transaction
transaction = requests.post(
    f'{API_BASE}/households/{household_id}/detailed-tracking/transactions',
    headers=headers,
    json={
        'cashflow': 'expense',
        'type': 'debit_credit',
        'fromAccountID': account_id,
        'payee': 'Coffee Shop',
        'date': int(time.time()),
        'categories': [{'name': 'Food', 'amount': 500, 'memo': 'Morning coffee'}]
    }
)
print('Created:', transaction.json()['transactionID'])

OAuth Examples (For User Sessions)

Use these patterns when building apps where users sign in interactively and tokens need to be refreshed.

JavaScript/TypeScript (Node.js)

const axios = require('axios');

const API_BASE = 'https://api.trupocket.app/v1';
let accessToken = null;
const userEmail = 'john@example.com';
const userPassword = 'SecurePassword123!';

// Sign in and get access token
async function signIn() {
  try {
    const response = await axios.post(`${API_BASE}/users/sign-in`, {
      email: userEmail,
      password: userPassword
    });

    accessToken = response.data.token;
    console.log('Signed in successfully');
    return accessToken;
  } catch (error) {
    console.error('Sign in failed:', error.response?.data);
    throw error;
  }
}

// Create a transaction with automatic re-authentication
async function createTransaction(householdId, accountId, categoryName, payeeName) {
  try {
    const response = await axios.post(
      `${API_BASE}/households/${householdId}/detailed-tracking/transactions`,
      {
        cashflow: 'expense',
        type: 'debit_credit',
        fromAccountID: accountId,
        payee: payeeName,
        date: Math.floor(Date.now() / 1000),
        categories: [
          {
            name: categoryName,
            amount: 5000,
            memo: 'Lunch',
            dontImpactBudget: false,
            isCleared: true
          }
        ]
      },
      {
        headers: {
          'Authorization': `Bearer ${accessToken}`,
          'Content-Type': 'application/json'
        }
      }
    );

    console.log('Transaction created:', response.data);
    return response.data;
  } catch (error) {
    if (error.response?.status === 401) {
      // Token expired - sign in again and retry
      console.log('Token expired, re-authenticating...');
      await signIn();
      return createTransaction(householdId, accountId, categoryName, payeeName);
    } else if (error.response?.status === 429) {
      console.error('Rate limit exceeded');
    } else {
      console.error('Error:', error.response?.data);
    }
    throw error;
  }
}

// Initialize
signIn().then(() => {
  console.log('Ready to make API calls');
});

Python

import requests
import time

API_BASE = 'https://api.trupocket.app/v1'

class TrupocketClient:
    def __init__(self, email, password):
        self.email = email
        self.password = password
        self.access_token = None
        self.sign_in()

    def sign_in(self):
        """Sign in and get access token"""
        response = requests.post(
            f'{API_BASE}/users/sign-in',
            json={
                'email': self.email,
                'password': self.password
            }
        )

        if response.status_code == 200:
            self.access_token = response.json()['token']
            print('Signed in successfully')
        else:
            raise Exception(f'Sign in failed: {response.json()}')

    def _make_request(self, method, endpoint, **kwargs):
        """Make API request with automatic re-authentication"""
        headers = {
            'Authorization': f'Bearer {self.access_token}',
            'Content-Type': 'application/json'
        }

        response = requests.request(
            method,
            f'{API_BASE}{endpoint}',
            headers=headers,
            **kwargs
        )

        # If token expired, re-authenticate and retry
        if response.status_code == 401:
            print('Token expired, re-authenticating...')
            self.sign_in()
            headers['Authorization'] = f'Bearer {self.access_token}'
            response = requests.request(
                method,
                f'{API_BASE}{endpoint}',
                headers=headers,
                **kwargs
            )

        return response

    def create_transaction(self, household_id, account_id, category_name, payee_name):
        """Create a transaction"""
        payload = {
            'cashflow': 'expense',
            'type': 'debit_credit',
            'fromAccountID': account_id,
            'payee': payee_name,
            'date': int(time.time()),
            'categories': [
                {
                    'name': category_name,
                    'amount': 5000,
                    'memo': 'Lunch',
                    'dontImpactBudget': False,
                    'isCleared': True
                }
            ]
        }

        response = self._make_request('POST', f'/households/{household_id}/detailed-tracking/transactions', json=payload)

        if response.status_code == 201:
            print('Transaction created:', response.json())
            return response.json()
        elif response.status_code == 429:
            print('Rate limit exceeded')
        else:
            print('Error:', response.json())

        response.raise_for_status()

# Usage
client = TrupocketClient('john@example.com', 'SecurePassword123!')

Go

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "io"
    "net/http"
    "time"
)

const APIBase = "https://api.trupocket.app/v1"

type TrupocketClient struct {
    Email       string
    Password    string
    AccessToken string
}

type SignInRequest struct {
    Email    string `json:"email"`
    Password string `json:"password"`
}

type SignInResponse struct {
    Token     string `json:"token"`
    ExpiresIn int    `json:"expiresIn"`
}

type TransactionRequest struct {
    Cashflow      string               `json:"cashflow"`
    Type          string               `json:"type"`
    FromAccountID string               `json:"fromAccountID"`
    Payee         string               `json:"payee"`
    Date          int64                `json:"date"`
    Categories    []TransactionCategory `json:"categories"`
}

type TransactionCategory struct {
    Name             string `json:"name"`
    Amount           int64  `json:"amount"`
    Memo             string `json:"memo"`
    DontImpactBudget bool   `json:"dontImpactBudget"`
    IsCleared        bool   `json:"isCleared"`
}

func NewTrupocketClient(email, password string) (*TrupocketClient, error) {
    client := &TrupocketClient{
        Email:    email,
        Password: password,
    }

    if err := client.SignIn(); err != nil {
        return nil, err
    }

    return client, nil
}

func (c *TrupocketClient) SignIn() error {
    req := SignInRequest{
        Email:    c.Email,
        Password: c.Password,
    }

    body, _ := json.Marshal(req)

    resp, err := http.Post(
        APIBase+"/users/sign-in",
        "application/json",
        bytes.NewBuffer(body),
    )
    if err != nil {
        return err
    }
    defer resp.Body.Close()

    if resp.StatusCode != http.StatusOK {
        return fmt.Errorf("sign in failed: %d", resp.StatusCode)
    }

    var signInResp SignInResponse
    if err := json.NewDecoder(resp.Body).Decode(&signInResp); err != nil {
        return err
    }

    c.AccessToken = signInResp.Token
    fmt.Println("Signed in successfully")
    return nil
}

func (c *TrupocketClient) makeRequest(method, endpoint string, body io.Reader) (*http.Response, error) {
    req, err := http.NewRequest(method, APIBase+endpoint, body)
    if err != nil {
        return nil, err
    }

    req.Header.Set("Authorization", "Bearer "+c.AccessToken)
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        return nil, err
    }

    // If token expired, re-authenticate and retry
    if resp.StatusCode == http.StatusUnauthorized {
        resp.Body.Close()
        fmt.Println("Token expired, re-authenticating...")
        if err := c.SignIn(); err != nil {
            return nil, err
        }

        // Retry request with new token
        req.Header.Set("Authorization", "Bearer "+c.AccessToken)
        return client.Do(req)
    }

    return resp, nil
}

func (c *TrupocketClient) CreateTransaction(householdID, accountID, categoryName, payeeName string) error {
    req := TransactionRequest{
        Cashflow:      "expense",
        Type:          "debit_credit",
        FromAccountID: accountID,
        Payee:         payeeName,
        Date:          time.Now().Unix(),
        Categories: []TransactionCategory{
            {
                Name:             categoryName,
                Amount:           5000,
                Memo:             "Lunch",
                DontImpactBudget: false,
                IsCleared:        true,
            },
        },
    }

    body, _ := json.Marshal(req)

    resp, err := c.makeRequest("POST", fmt.Sprintf("/households/%s/detailed-tracking/transactions", householdID), bytes.NewBuffer(body))
    if err != nil {
        return err
    }
    defer resp.Body.Close()

    if resp.StatusCode == http.StatusTooManyRequests {
        return fmt.Errorf("rate limit exceeded")
    } else if resp.StatusCode != http.StatusCreated {
        return fmt.Errorf("unexpected status: %d", resp.StatusCode)
    }

    fmt.Println("Transaction created successfully")
    return nil
}

func main() {
    client, err := NewTrupocketClient("john@example.com", "SecurePassword123!")
    if err != nil {
        panic(err)
    }

    // Now ready to make API calls
    fmt.Println("Ready to make API calls")
}

9. Webhooks (Developer Plan)

Coming Soon: Webhooks will allow you to receive real-time notifications when events occur in Trupocket. The following shows the planned webhook format.

Planned Webhook Events

transaction.created
transaction.updated
transaction.deleted
account.updated
budget.exceeded
scheduled_transaction.generated

Planned Webhook Payload Format

When implemented, webhook payloads will follow this structure:

{
  "event": "transaction.created",
  "timestamp": 1699564800,
  "data": {
    "householdID": "2BxFGhvDwSoabBEqf2V5ZgC3ifo",
    "transactionID": "2BxFGi9K3xyMp6QwVN8ZjR4LaPn",
    "amount": 5000,
    "cashflow": "expense"
  }
}

10. Best Practices

1. Authentication & Token Management

Store credentials securely (environment variables, not in code)
Implement automatic re-authentication on 401 errors
Never expose access tokens in client-side code
Sign in once per session, re-authenticate only when needed

2. Currency Handling

Always use integers in smallest denomination (cents)
Never use floats for currency (precision errors)
Convert to cents: Math.floor(dollars * 100)
Convert to dollars: cents / 100

3. Timezone Handling

All API requests send times as Unix timestamps (UTC)
All times are interpreted using the household's timezone
Transaction dates, scheduled transaction dates, and reports all use household timezone
Set household timezone when creating a household (defaults to server timezone if not specified)
Changing household timezone affects how future dates are interpreted

4. Transaction Balancing

Always verify account balances after transactions
For transfers, ensure both accounts update correctly
Use isCleared field for tracking cleared/pending transactions

5. Rate Limiting

Check X-RateLimit-Remaining header before bulk operations
Implement exponential backoff for 429 responses
Cache responses when possible
Upgrade plan if consistently hitting limits

6. Error Recovery

Implement automatic re-authentication for 401 errors
Retry failed requests with exponential backoff
Log all API errors for debugging
Handle partial failures in bulk operations

7. Security

Never expose passwords or tokens in logs
Use HTTPS for all API requests
Validate all user input before sending to API
Store credentials in environment variables

8. Data Validation

Validate email format before registration
Ensure amounts are positive integers
Verify required fields before API calls
Check account/category existence before transactions

9. Performance

Batch operations when possible
Use filters to limit response size
Implement pagination for large datasets
Cache frequently accessed data (accounts, categories)

11. Testing & Development

Testing Checklist

Test sign-in flow
Test token expiration handling (wait 1 hour or simulate)
Test rate limit handling
Test error responses
Test transaction balance calculations
Test timezone conversions
Test currency conversions
Test webhook delivery (if using webhooks)

Debugging Tips

Use browser DevTools Network tab to inspect requests
Check response headers for rate limit info
Verify JSON payload format matches examples
Test with curl first before implementing in code
Check that IDs (householdID, accountID, etc.) are correct format (KSUID - 27 characters)
Verify access token is being sent in Authorization header

12. API Limits & Quotas

Free Plan

20 API calls per day
60 transactions per month
1 household
90-day data history
No webhooks

Premium Plan ($2.99/mo)

1,000 API calls per day
Unlimited transactions
Unlimited households
2-year data history
No webhooks

Developer Plan ($29.99/mo)

10,000 API calls per day
Unlimited transactions
Unlimited households
Unlimited data history
Webhooks enabled
Priority support

Exceeding Limits

API calls beyond limit: 429 error, wait for reset
Transactions beyond limit: 403 error, upgrade required
Households beyond limit: 403 error, upgrade required

13. Support & Resources

Documentation

Full API Reference: /docs (Swagger/OpenAPI)
Getting Started Guide: /docs/getting-started (this page)
Privacy Policy: /docs/privacy-policy
Terms of Service: /docs/terms-of-service

Support

Email: support@trupocket.app
For all inquiries: API questions, bug reports, feature requests, and general support
Priority support for Developer plan

Stay Updated

API Changelog: Coming soon
Developer Newsletter: Coming soon
Status Page: Coming soon

What's Next?

Recommended Next Steps:

Review full API documentation at /docs
Register a test account and experiment
Build a simple integration following the Quick Start Tutorial
Explore scheduled transactions for recurring bills
Implement webhooks (Developer plan)

Need Help?

Email: support@trupocket.app
We typically respond within 24 hours
Priority support for Developer plan