Emburse Professional (Certify) offers a REST API at api.certify.com/v1 covering expense, employee, company, and AP data. Auth is a static key and secret pair generated by a tenant admin, with no OAuth. The main reference is login-gated and PUT/POST semantics invert REST norms.
Certify (Emburse Professional) scores D+ on the API Report Card. Emburse Professional (Certify) offers a REST API at api.certify.com/v1 covering expense, employee, company, and AP data. Auth is a static key and secret pair generated by a tenant admin, with no OAuth. The main reference is login-gated and PUT/POST semantics invert REST norms.
Without a usable official API, teams fall back on manual exports, file drops, or one-off vendor integrations. The other option is an unofficial API layer like Supergood that automates the authenticated web app directly.
Certify is a cloud-based travel, expense, and invoice (AP) management platform now sold under the brand Emburse Professional.
Vertical: Travel & Expense (with Accounts Payable via the Emburse Professional AP module). Mobile receipt capture via the Certify Mobile app with ReceiptParse OCR auto-extraction. Corporate card transaction feed ingestion (Amex, Visa, Mastercard) with auto-matching to receipts.
Strong mid-market presence; not market-dominant. Across the broader Emburse portfolio (Certify/Professional + Chrome River/Enterprise + Captio + Nexonia + Tallie + Abacus + Spring), Emburse reports serving more than 18,000 organizations and roughly 12 million users worldwide.
Expense reports: header (employee, report name, purpose, dates, currency, totals, status), line items (date, vendor, amount, category, payment type, GL code, department, project, attendees, allocations, notes), attached receipt images, policy violations, audit flags, approval history, reimbursement status.
Founded in 2008; ~18 years old as of 2026. Certify was an early SaaS-era T&E entrant, built later than Concur (1993) but earlier than Expensify (2008), Navan (2015), Ramp (2019), Brex (2017).
Grades measure one thing: can a customer's engineering team get their own data out programmatically? We check six things (whether a real API exists, how access is gated, data coverage, auth quality, docs and developer experience, and stability) and roll them into a letter grade. Grades get re-verified, and they only move on evidence.