Authentication Guide
This guide explains how to authenticate with the Recommand Peppol API using API keys.
Keep your API secret safe
Your API secret is shown only once in the dashboard. Store it securely. If you lose it, generate a new key pair and revoke the old one.
Creating API Keys
To interact with the Recommand Peppol API, you need an API key and secret:
- Log in to your Recommand dashboard
- Navigate to Account > API Keys
- Provide a descriptive name for your key (e.g., "Production Integration")
- Click Create API Key
The system will display your API key and secret. Your secret is displayed only once so store it securely as you won't be able to retrieve the secret again.
API Key: key_aBcDeFgHiJkLmNoPqRsT123456
API Secret: secret_7uVwXyZ1234567890AbCdEfGhIjUsing API Keys
The Recommand Peppol API uses HTTP Basic Authentication. Your API key serves as the username and your API secret as the password.
HTTP Header Construction
For each request, include an Authorization header with the value Basic followed by the Base64-encoded string of your key and secret joined by a colon:
Authorization: Basic <Base64(API_KEY:API_SECRET)>Examples
Use the tabs to view your preferred language.
curl -X GET https://app.recommand.eu/api/peppol/companies \
-u key_aBcDeFgHiJkLmNoPqRsT123456:secret_7uVwXyZ1234567890AbCdEfGhIjconst fetch = require("node-fetch");
const API_KEY = "key_aBcDeFgHiJkLmNoPqRsT123456";
const API_SECRET = "secret_7uVwXyZ1234567890AbCdEfGhIj";
// Create Base64 encoded credentials
const credentials = Buffer.from(`${API_KEY}:${API_SECRET}`).toString("base64");
async function fetchCompanies() {
const response = await fetch(
`https://app.recommand.eu/api/peppol/companies`,
{
headers: {
Authorization: `Basic ${credentials}`,
},
}
);
return response.json();
}import requests
import base64
API_KEY = 'key_aBcDeFgHiJkLmNoPqRsT123456'
API_SECRET = 'secret_7uVwXyZ1234567890AbCdEfGhIj'
# Create Base64 encoded credentials
credentials = base64.b64encode(f"{API_KEY}:{API_SECRET}".encode()).decode()
def fetch_companies(team_id):
response = requests.get(
f"https://app.recommand.eu/api/peppol/companies",
headers={"Authorization": f"Basic {credentials}"}
)
return response.json()<?php
$apiKey = 'key_aBcDeFgHiJkLmNoPqRsT123456';
$apiSecret = 'secret_7uVwXyZ1234567890AbCdEfGhIj';
// Create Base64 encoded credentials
$credentials = base64_encode($apiKey . ':' . $apiSecret);
$ch = curl_init("https://app.recommand.eu/api/peppol/companies");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic {$credentials}"
]);
$response = curl_exec($ch);
$companies = json_decode($response, true);
curl_close($ch);
?>Security Best Practices
- Environment variables: Store keys as environment variables or in a secure vault.
- Separate keys: Use different keys for development, testing, and production.
- Rotate regularly: Generate new keys periodically and revoke old ones.
Troubleshooting
Authentication errors
If you receive a 401 Unauthorized response:
- Verify your API key and secret are correct
- Check if the key has been revoked
- Ensure the Base64 encoding is correct
- Make sure the team ID you are using is correct, all API keys are team-specific