Skip to content

PEPPOL API

The PEPPOL API Layer provides REST endpoints for sending and receiving PEPPOL invoices programmatically. It requires the Growth plan or higher and is configured through API key generation and webhook setup.

The system enables communication between your ERP, the PEPPOL API layer, and the PEPPOL network, supporting XML input/output, webhooks, 7 endpoints, authentication, and metering capabilities.

  1. Ensure your plan supports API access (Growth or Enterprise)
  2. Generate API keys in Settings → API Access → Generate Keys
  3. Keys are scoped to a user and inherit that user’s Legal Entity permissions

All API requests use token authentication with the format:

Authorization: token {api_key}:{api_secret}
EndpointMethodDescriptionMetered
send_invoicePOSTSend UBL/CII XML via PEPPOLYes
validate_xmlPOSTValidate against PEPPOL rulesYes
lookup_participantGETVerify a PEPPOL participantYes
check_statusGETCheck delivery status / MLRNo
get_received_invoicesGETList inbound invoicesNo
get_received_invoiceGETGet single invoice + raw XMLNo
configure_webhookPOSTSubscribe to PEPPOL eventsNo

Register webhooks to receive real-time notifications for PEPPOL events:

  • invoice_received: Fires when a new inbound PEPPOL invoice is processed
  • mlr_received: Fires when a Message Level Response arrives for a sent invoice

Configure via the configure_webhook endpoint or in Settings → Webhooks.

  • Webhook URLs must use HTTPS
  • Private IP ranges are blocked (SSRF protection)
  • HMAC-SHA256 signing is supported for payload verification
  • Authentication options: Bearer token, API key header, Basic auth
LimitValue
Requests per minute100 per API key
Burst rate20 requests/second
Quota exceededHTTP 429 with retry_after header