> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.lucanto.eu/llms.txt. > For full documentation content, see https://docs.lucanto.eu/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.lucanto.eu/_mcp/server. # List the current user's workspaces GET https://app.lucanto.eu/api/v1/user/accounts Returns the workspaces the authenticated user has access to. Typical response is 1–3 accounts; users almost never belong to more than a handful, so this endpoint is not paginated. The response includes a `default` flag per account: clients building selector UIs can pre-select the user's last-used workspace. Reference: https://docs.lucanto.eu/api-reference/api-reference/accounts/list-accounts ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: lucanto version: 1.0.0 paths: /user/accounts: get: operationId: list-accounts summary: List the current user's workspaces description: | Returns the workspaces the authenticated user has access to. Typical response is 1–3 accounts; users almost never belong to more than a handful, so this endpoint is not paginated. The response includes a `default` flag per account: clients building selector UIs can pre-select the user's last-used workspace. tags: - subpackage_accounts parameters: - name: Authorization in: header description: | Devise JWT issued via POST /api/v1/auth/sign_in. Used by mobile and SPA clients. Revoked tokens are tracked in `api_jwt_denylists`. required: true schema: type: string responses: '200': description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/Account' '401': description: Missing or invalid authentication credentials. content: application/json: schema: $ref: '#/components/schemas/Error' '429': description: Rate limit exceeded. Retry after the window resets. content: application/json: schema: $ref: '#/components/schemas/Error' servers: - url: https://app.lucanto.eu/api/v1 components: schemas: AccountAccountingType: type: string enum: - simple - double_entry - flat_rate_expenses description: | The workspace's bookkeeping mode. Drives expense category options and tax/VAT logic. `simple` is single-entry bookkeeping; `double_entry` is full double-entry; and `flat_rate_expenses` is the SK/CZ "paušálne výdavky" simplified regime for sole proprietors. `null` when the workspace hasn't finished onboarding yet. title: AccountAccountingType AccountLegalIdentityVatPayerType: type: string enum: - standard - non_payer_vat - vat_registered_eu - vat_registered_oss description: | VAT registration status. `standard` for fully registered VAT payers; `non_payer_vat` for non-payers; `vat_registered_eu` for EU cross-border; `vat_registered_oss` for One-Stop Shop. title: AccountLegalIdentityVatPayerType AccountLegalAddress: type: object properties: name: type: - string - 'null' description: The company name on the address (often the legal entity name). street: type: - string - 'null' municipality: type: - string - 'null' postal_code: type: - string - 'null' country_alpha2: type: - string - 'null' description: | ISO 3166-1 alpha-2 country code. The DB stores lowercase (`sk`, `cz`, `ro`); responses surface what's stored. contact: type: - string - 'null' description: Optional secondary contact name on the address. description: | Address embedded inside the legal-identity facet. Uses `country_alpha2` (ISO 3166-1 two-letter code) for portability. title: AccountLegalAddress AccountLegalIdentity: type: object properties: registration_id: type: - string - 'null' description: Business registration ID (IČO in SK/CZ). tax_id: type: - string - 'null' description: Tax ID (DIČ in SK/CZ). vat_id: type: - string - 'null' description: VAT ID (IČ DPH in SK / DIČ DPH in CZ). Null for non-VAT-payers. vat_payer_type: oneOf: - $ref: '#/components/schemas/AccountLegalIdentityVatPayerType' - type: 'null' description: | VAT registration status. `standard` for fully registered VAT payers; `non_payer_vat` for non-payers; `vat_registered_eu` for EU cross-border; `vat_registered_oss` for One-Stop Shop. vat_period: type: - string - 'null' description: VAT filing period (typically `monthly` or `quarterly`). email: type: - string - 'null' format: email description: Contact email rendered on issued documents. phone_number: type: - string - 'null' description: Contact phone rendered on issued documents. web: type: - string - 'null' description: Company website URL rendered on issued documents. legal_form: type: - string - 'null' description: | Legal-form abbreviation rendered on documents (e.g. `s.r.o.`, `a.s.`, `živnosť`). Derived from `legal_form_id`. legal_form_id: type: - integer - 'null' format: int64 address: oneOf: - $ref: '#/components/schemas/AccountLegalAddress' - type: 'null' postal_address: oneOf: - $ref: '#/components/schemas/AccountLegalAddress' - type: 'null' description: | The legal-identity nested object embedded inside the Account response. Distinct from `InvoiceAccountEmbed` (used for counterparty embeds on documents) because this surface uses `country_alpha2` for portability instead of the internal `country_id`. title: AccountLegalIdentity Account: type: object properties: id: type: integer format: int64 description: Workspace ID. Use this in all account-scoped paths. name: type: string description: | Display name of the workspace. Computed from the linked InvoiceAccount's legal entity name when the workspace is named after a company, or from the owner's name for personal/freelancer workspaces. accounting_type: oneOf: - $ref: '#/components/schemas/AccountAccountingType' - type: 'null' description: | The workspace's bookkeeping mode. Drives expense category options and tax/VAT logic. `simple` is single-entry bookkeeping; `double_entry` is full double-entry; and `flat_rate_expenses` is the SK/CZ "paušálne výdavky" simplified regime for sole proprietors. `null` when the workspace hasn't finished onboarding yet. onboarding_step: type: - string - 'null' description: | Current step in the workspace onboarding wizard. `null` when onboarding is complete. Useful for clients that want to direct the user to finish setup before issuing invoices. vat_registration_alert: type: - boolean - 'null' description: | `true` when the workspace's recent revenue suggests they may have crossed the VAT registration threshold and should consult an accountant. Hint for client UI to show an in-app banner. default: type: boolean description: | `true` if this is the user's default workspace. Exactly one account per user is the default at any time. logo_url: type: - string - 'null' format: uri description: | Signed URL for the workspace logo (ActiveStorage blob URL). `null` when no logo is uploaded. URLs are time-limited — re-fetch the account record to get a fresh URL. legal_identity: oneOf: - $ref: '#/components/schemas/AccountLegalIdentity' - type: 'null' description: | The workspace's legal-identity facet — registered name, tax IDs, VAT registration, contact details, and addresses. This is the same data that appears as `supplier` on every document the workspace issues. Architecturally the legal identity is a *facet* of the workspace itself, not a separately-owned resource — the underlying record is the workspace's `InvoiceAccount`, which is also the model `Contact` points at for customer-side legal entities. Closer to Stripe's nested-fields pattern (`account.business_profile`, `account.individual`, `account.company`) than to a sub-resource shape. Write access via the public API is a future slice; for now, this surface is read-only. created_at: type: string format: date-time updated_at: type: string format: date-time required: - id - name - default - created_at - updated_at title: Account Error: type: object properties: error: type: string description: | Machine-readable error code. Stable across releases — clients should branch on this rather than the human-readable message. message: type: string description: | Human-readable error description, localized to `Accept-Language`. Subject to wording changes between releases. request_id: type: string description: | Server-side request identifier. Same value as the `X-Request-Id` response header. Quote this in support tickets so we can pull the matching server log line. docs_url: type: string format: uri description: | URL of the per-error-code documentation page. Useful for SDK error subclasses to deep-link from a stack trace to the docs explaining the cause + remediation. required: - error - message - request_id - docs_url title: Error securitySchemes: JwtBearer: type: http scheme: bearer description: | Devise JWT issued via POST /api/v1/auth/sign_in. Used by mobile and SPA clients. Revoked tokens are tracked in `api_jwt_denylists`. ApiKeyBearer: type: http scheme: bearer description: > Lucanto API key. Three prefixes: - `lct_pat_` — personal access token (owner: User) - `lct_live_` — workspace token, live data - `lct_test_` — workspace token, sandbox account (Phase 3) Issue keys at `/settings/api_keys` (personal) or `/:account_id/settings/api_keys` (workspace). Plaintext token is shown once and never again. ``` ## SDK Code Examples ```python import requests url = "https://app.lucanto.eu/api/v1/user/accounts" payload = {} headers = { "Authorization": "Bearer ", "Content-Type": "application/json" } response = requests.get(url, json=payload, headers=headers) print(response.json()) ``` ```javascript const url = 'https://app.lucanto.eu/api/v1/user/accounts'; const options = { method: 'GET', headers: {Authorization: 'Bearer ', 'Content-Type': 'application/json'}, body: '{}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://app.lucanto.eu/api/v1/user/accounts" payload := strings.NewReader("{}") req, _ := http.NewRequest("GET", url, payload) req.Header.Add("Authorization", "Bearer ") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby require 'uri' require 'net/http' url = URI("https://app.lucanto.eu/api/v1/user/accounts") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Get.new(url) request["Authorization"] = 'Bearer ' request["Content-Type"] = 'application/json' request.body = "{}" response = http.request(request) puts response.read_body ``` ```java import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.get("https://app.lucanto.eu/api/v1/user/accounts") .header("Authorization", "Bearer ") .header("Content-Type", "application/json") .body("{}") .asString(); ``` ```php request('GET', 'https://app.lucanto.eu/api/v1/user/accounts', [ 'body' => '{}', 'headers' => [ 'Authorization' => 'Bearer ', 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp using RestSharp; var client = new RestClient("https://app.lucanto.eu/api/v1/user/accounts"); var request = new RestRequest(Method.GET); request.AddHeader("Authorization", "Bearer "); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift import Foundation let headers = [ "Authorization": "Bearer ", "Content-Type": "application/json" ] let parameters = [] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://app.lucanto.eu/api/v1/user/accounts")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```