The authentication is done through existing Billomat users.
A user, who wants to use billomat[API], must activate the API access under “Settings > employees“. Inject a personal API key will be generated.
This API key is the “password” for the use of the API.
API requests are stateless, i.e. that no sessions will be stored. Thus you must send the API key with each request,
The API key can be transmitted in two different ways:

via GET parameter

curl https://{billomatid}{apikey}

via HTTP header

curl -H 'X-BillomatApiKey: {apikey}'