Skip to main content

Overview

The e-invoice.be API uses Bearer Token Authentication for all endpoints. You’ll need to include your API key in the Authorization header of every request.

Getting Your API Key

If you haven’t already obtained your API key:
  1. Log in to app.e-invoice.be
  2. Go to SettingsAPI Keys
  3. Click Create API Key
  4. Copy and securely store your key
Your API key is sensitive. Never share it publicly, commit it to version control, or expose it in client-side code.

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer prefix: 
curl -X GET "https://api.e-invoice.be/api/me/" \
     -H "Authorization: Bearer YOUR_API_KEY"

Request Format

Authorization: Bearer YOUR_API_KEY
Replace YOUR_API_KEY with your actual API key.

Code Examples

const axios = require('axios');

const api = axios.create({
  baseURL: 'https://api.e-invoice.be',
  headers: {
    'Authorization': `Bearer ${process.env.E_INVOICE_API_KEY}`,
    'Content-Type': 'application/json'
  }
});

// Example: Get account info
async function getAccountInfo() {
  try {
    const response = await api.get('/api/me/');
    console.log(response.data);
  } catch (error) {
    console.error('Error:', error.response?.data);
  }
}

Best Practices

Store API Keys Securely

Use environment variables or secure credential management systems: 
# .env file (add to .gitignore!)
E_INVOICE_API_KEY=your_api_key_here

// Load from environment
require('dotenv').config();
const apiKey = process.env.E_INVOICE_API_KEY;

Never Hardcode Keys

Don’t do this:
const apiKey = 'sk_live_abc123...'; // Never hardcode!
Do this instead:
const apiKey = process.env.E_INVOICE_API_KEY;

Rotate Keys Regularly

For security best practices:
  1. Generate a new API key
  2. Update your applications to use the new key
  3. Delete the old key once migration is complete

Use Different Keys per Environment

Create separate API keys for:
  • Development/staging environments
  • Production environments
  • Different applications or services
This allows you to rotate or revoke keys without affecting all systems.

Error Responses

401 Unauthorized

If authentication fails, you’ll receive a 401 error: 
{
  "detail": "Invalid or missing API key"
}
Common causes:
  • Missing Authorization header
  • Invalid API key format
  • Expired or revoked API key
  • API key from staging used in production (or vice versa)

Troubleshooting

  1. Verify the header format: Ensure you’re using Bearer YOUR_API_KEY
  2. Check for whitespace: Trim any extra spaces from your API key
  3. Confirm environment: Make sure you’re using the correct API key for production/staging
  4. Test with curl: Verify your key works with a simple curl command
curl -X GET "https://api.e-invoice.be/api/me/" \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -v

Testing Your Authentication

Use the /api/me/ endpoint to verify your authentication is working: 
curl -X GET "https://api.e-invoice.be/api/me/" \
     -H "Authorization: Bearer YOUR_API_KEY"
Successful response: 
{
  "id": "ten_abc123",
  "name": "Your Company",
  "email": "[email protected]",
  "peppol_id": "0208:0123456789",
  "created_at": 1729468923
}

Next Steps

Create Your First Invoice

Learn how to create and send e-invoices

Validate During Development

Test your invoice data before sending