Authentication
Manage API keys, switch between environments, and understand rate limits.
API Keys
Create and manage API keys from the getpeppr console. Keys are scoped by environment — sandbox keys can only access the test network, and production keys are for live Peppol delivery.
Environments
sk_sandbox_...— sandbox mode, no real invoices sentsk_live_...— production mode, live Peppol network
The SDK automatically detects the environment from the key prefix — no need to
set environment manually.
API keys are shown only once at creation time. Store them securely
in environment variables — if you lose a key, revoke it and create a new one.
Use separate keys for different services or environments. If a key is compromised,
you can revoke it without affecting your other integrations.
import { Peppol } from "@getpeppr/sdk";
// Sandbox key — for testing (no real invoices sent)
const sandbox = new Peppol({
apiKey: "sk_sandbox_abc123...",
});
// Production key — live Peppol network
const production = new Peppol({
apiKey: "sk_live_xyz789...",
});
// The SDK detects the environment from the key prefix:
// sk_sandbox_... → sandbox mode
// sk_live_... → production modeRate Limits
Limits
- 5 active keys per environment per account
- 10 key creations per hour per account
- 300 API requests per minute per account (across all keys)
If you reach the 5-key limit, revoke an existing key from the console to create a new one. The per-account rate limit of 300 req/min applies across all your keys combined.
Rate Limit Response
When you exceed rate limits, the API returns a 429 Too Many Requests response
with a retryAfter field indicating how long to wait (in seconds).
The SDK automatically handles rate limiting with exponential backoff.
Manual retry logic is only needed for direct API calls.
{
"error": "rate_limit_exceeded",
"message": "Too many requests. Retry after 42 seconds.",
"retryAfter": 42
}