Authentication

Pass your API key in the X-API-Key HTTP header on every request. Keys are not passed in query parameters, cookies, or request bodies.

X-API-Key: ei_your_key_here

Keys use the prefix ei_ followed by an opaque random string. Each key is scoped to one or more of: einvoice:convert, einvoice:validate, einvoice:parse. The scopes on your key determine which endpoints you can call.

If you call an endpoint your key lacks scope for, you'll get 403 SCOPE_DENIED with a pointer to the upgrade page.

401 MISSING_API_KEY — no X-API-Key header sent. Most common cause: you forgot the header on your curl.

401 INVALID_API_KEY — header present but value not recognised. Check for typos and make sure you copied the full key (no trailing whitespace).

403 SCOPE_DENIED — key is valid but doesn't have the scope needed for the endpoint. Upgrade your plan or generate a new key with broader scope.

Create a new key in the Console, update your application to use it, then revoke the old one. Revoked keys stop working immediately — no grace period.