The API Report CardAPI Index
Brex

Brex API

Corporate Cards / Spend Management / AP & T&E · brex.com

A documented REST API at developer.brex.com covers expenses, payments, transactions, budgets, team, travel, and webhooks with OAuth 2.0 and granular scopes. User tokens work for in-house scripts, but production OAuth apps require partner registration, and there is no self-serve sandbox.

Last verified: July 2026Financial Services
API GRADE
C
VERIFIED JUL 2026

SCORECARD

ExistenceGOODA documented REST API at developer.brex.com spans expenses, payments, transactions, budgets, team, and travel.
AccessMIXEDUser tokens work for in-house scripts, but production OAuth credentials require Brex Partner registration and review.
CoverageGOODExpenses, payments, transactions, budgets, team, travel, and accounting sync, with per-surface OpenAPI specs.
AuthGOODOAuth 2.0 with granular resource.permission scopes (cards.readonly, payments.readwrite) plus user tokens.
Docs & DXMIXEDOpenAPI specs are published, but there is no self-serve sandbox; testing runs against live data with scoped tokens.
StabilityMIXED
MORE FROM THE REPORT CARD
Supergood: Brex has an API, with gaps. We cover what it's missing: stable endpoints, normalized JSON, managed auth.

Frequently asked questions

Brex scores C on the API Report Card. A documented REST API at developer.brex.com covers expenses, payments, transactions, budgets, team, travel, and webhooks with OAuth 2.0 and granular scopes. User tokens work for in-house scripts, but production OAuth apps require partner registration, and there is no self-serve sandbox.

Tried to integrate with Brex?
SOURCES
Production OAuth credentials require Brex Partner registration and review, slowing third-party integration ship cycles brex.com
Access tokens expire every 3600 seconds (1 hour) requiring refresh-token rotation logic on every partner integration apidog.com
Only one webhook endpoint can be registered per customer/client_id, forcing fan-out and routing logic on the partner side developer.brex.com
Webhook event taxonomy is narrower than mature fintech APIs (Stripe, Plaid), many product events (budget changes, travel booking lifecycle, onboarding state) are not surfaced as webhooks developer.brex.com
Sandbox environment is not self-serve; partners typically test against live data with scoped tokens or coordinate through account management developer.brex.com
Rate limit thresholds return HTTP 429 but specific per-second/per-minute numbers are not prominently documented per-endpoint developer.brex.com
Bill approval and certain procurement/Empower-tier workflow steps cannot be completed end-to-end via the API and require Brex dashboard interaction developer.brex.com
Sensitive card-PAN access (full card number) requires additional PCI qualification beyond standard scope grants, limiting what partner integrations can show developer.brex.com
Reimbursement and per-line-item receipt-image access is permissioned more tightly than transaction metadata, complicating compliance/audit pipelines developer.brex.com
Some Empower enterprise-only features (advanced multi-entity, budget hierarchies, intercompany) are not fully exposed via the public API brex.com
User-token access for first-party scripts is admin-gated in the Brex dashboard; finance/IT without admin rights cannot stand up integrations developer.brex.com
Post-Capital One acquisition uncertainty around long-term API stability, partner program changes, and possible re-platforming under Capital One commercial infrastructure siliconangle.com
Sudden, unexplained account closures and frozen funds, a recurring Trustpilot and Reddit complaint that drove Trustpilot rating to 1.7/5 by 2026 trustpilot.com
2022 pivot away from SMBs (off-boarding many sub-$1M-revenue customers) eroded trust with the startup base saastr.com
Customer support quality regressions, historically a strength, now criticized for AI-routing and slow human escalation for serious account issues g2.com
Stricter startup underwriting and unexplained rejections during onboarding, especially for early-stage and non-VC-backed companies trustpilot.com
Bill Pay module described as buggy with payment failures and reconciliation gaps versus Bill.com and Ramp g2.com
Virtual-card creation has become more restrictive, with category/merchant controls blocking legitimate purchases g2.com
Receipt scanning and OCR upload errors, especially for non-standard or international receipts g2.com
Card payment denials and spending-category limitations triggered without clear notification capterra.com
Rewards program changes and category-rate reductions communicated poorly trustpilot.com
Enterprise (Empower) pricing is seat-based and significantly more expensive than Ramp's freemium tier, eroding the original 'free' positioning ramp.com
Multi-entity, intercompany, and global consolidation workflows are rigid compared to Coupa/SAP Concur for true enterprise spend capterra.com
Uncertainty post-Capital One acquisition (closed April 7, 2026), customers worried about product roadmap, brand integration, pricing, and credit-risk policy changes airwallex.com