BillingReconcileEffective Date: 2026-05-18
Last Updated: 2026-05-18
Provider: BillingReconcile
Website: www.BillingReconcile.com
Contact: support@billingreconcile.com
Overview
BillingReconcile uses integrations to compare PSA-side billed quantities against real usage data. The platform primarily reads billing, client, license, device, endpoint, subscription, and usage data for reconciliation. BillingReconcile does not modify customer billing systems unless a specific feature clearly says it will and the customer enables it.
How integrations are used
Integrations help BillingReconcile sync records from PSA systems and vendor tools, map clients and services, calculate expected quantities, show sync status, and produce discrepancy reports. The exact fields depend on the connected system and the permissions granted by the customer.
Read vs. write access
BillingReconcile is designed around reconciliation review. Most integrations are read-oriented. If a future or optional feature writes back to a third-party system, that behavior should be presented separately in the product before it is enabled.
Credential and token handling
BillingReconcile stores credentials or tokens only where needed to connect to enabled integrations. Customers should rotate or revoke credentials according to their own security procedures and disconnect integrations that are no longer needed.
Disconnecting integrations
Customers can disconnect an integration from BillingReconcile settings where supported. Customers may also revoke API keys, OAuth grants, or app access directly in the third-party system. Disconnecting an integration stops future syncs but does not automatically delete previously synced reconciliation data.
Least-privilege recommendations
Use dedicated integration accounts where possible. Prefer read-only, reporting, inventory, billing, or license roles over administrator roles when those roles provide the data required for reconciliation. Avoid granting mailbox, document, remote-control, or endpoint-management permissions unless a specific connector requires them for a clearly identified feature.
Integration permission table
| Integration type | Data used | Why it is used | Write access |
|---|---|---|---|
| PSA systems | Clients, agreements, services, invoices, products | Compare billed quantities against expected usage | No, unless explicitly enabled |
| Microsoft 365 | Customer, product, subscription, license, and quantity data from supported connected sources | Compare Microsoft 365 subscription quantities against billed quantities | No |
| RMM systems | Clients, devices, device status, metadata | Compare device counts against billed services | No |
| Security tools | Clients, endpoints, licenses, package metadata | Compare protected endpoints/licenses against billing | No |
| Backup platforms | Clients, protected devices/accounts, backup plan metadata | Compare backup usage against billing | No |
Integration-specific setup guides
The notes below describe common permission expectations. Actual fields may vary by account configuration, vendor API changes, and enabled BillingReconcile features.
Microsoft 365
- What BillingReconcile reads
- Customer, product, subscription, license, and quantity data from supported connected sources.
- Why this permission is needed
- To compare Microsoft 365 subscription quantities against PSA billing quantities.
- What BillingReconcile does not read
- Mailbox contents, message bodies, documents, Teams messages, or user passwords.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in Microsoft 365.
- Recommended permission level
- Use the narrowest source permissions that allow subscription and quantity reporting.
NinjaOne
- What BillingReconcile reads
- Organizations, devices, device status, device metadata, and related identifiers.
- Why this permission is needed
- To compare managed device counts against billed RMM or managed service line items.
- What BillingReconcile does not read
- Remote-control sessions, device passwords, or unrelated endpoint file contents.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in NinjaOne.
- Recommended permission level
- Use a reporting or read-only API role when available.
N-able N-central
- What BillingReconcile reads
- Customers, devices, device state, classes, and metadata used for count-based billing checks.
- Why this permission is needed
- To reconcile managed devices and device categories against PSA services.
- What BillingReconcile does not read
- Remote-control credentials, endpoint passwords, or unrelated endpoint files.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in N-able N-central.
- Recommended permission level
- Use a read-only API user limited to customer and device inventory data where possible.
N-sight
- What BillingReconcile reads
- Clients, sites, devices, device state, and inventory metadata.
- Why this permission is needed
- To compare protected or managed device counts against billed services.
- What BillingReconcile does not read
- Remote-control sessions, endpoint passwords, or unrelated endpoint files.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in N-sight.
- Recommended permission level
- Use a read-only or reporting role where available.
Bitdefender GravityZone
- What BillingReconcile reads
- Companies, endpoints, package or policy metadata, license-related counts, and endpoint status.
- Why this permission is needed
- To reconcile protected endpoint and security package usage against billing.
- What BillingReconcile does not read
- Endpoint passwords, file contents, or unrelated security event detail unless needed by a configured connector.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in Bitdefender GravityZone.
- Recommended permission level
- Use an API key scoped to inventory, company, package, and license reporting where possible.
SentinelOne
- What BillingReconcile reads
- Sites, agents/endpoints, package metadata, endpoint status, and license-relevant counts.
- Why this permission is needed
- To compare protected endpoints and package assignments against billed security services.
- What BillingReconcile does not read
- Endpoint passwords, remote shell sessions, file contents, or threat payload contents.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in SentinelOne.
- Recommended permission level
- Use a viewer or reporting role that can read site and endpoint inventory.
Webroot
- What BillingReconcile reads
- Sites, endpoints, product or license metadata, and protected device counts.
- Why this permission is needed
- To reconcile protected endpoint counts against billed security services.
- What BillingReconcile does not read
- Endpoint passwords, file contents, or unrelated user activity.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in Webroot.
- Recommended permission level
- Use a read-only console or API role where available.
Sherweb
- What BillingReconcile reads
- Customer, subscription, product, license, and quantity data.
- Why this permission is needed
- To compare vendor subscription usage against PSA billing quantities.
- What BillingReconcile does not read
- Mailbox contents, customer passwords, or unrelated customer documents.
- Whether BillingReconcile writes back
- No, unless a specific enabled feature clearly says otherwise.
- How to disconnect
- Disconnect the integration in BillingReconcile settings where supported, and revoke the API key, OAuth grant, or application access in Sherweb.
- Recommended permission level
- Use the least-privilege account or API access that supports subscription and quantity reporting.
Related pages
For more detail about synced data and retention, see Data Handling and the Privacy Policy. For help with an integration, contact support@billingreconcile.com.