FTA-Compliant Peppol-Aligned

DocFlow E-Invoice API

Submit, validate, and manage Peppol-compliant UAE e-invoices programmatically. Integrate your ERP, accounting software, or custom application with the DocFlow external gateway with JWT management.

Base URL

https://api.docflow.ae

Endpoints

15

Getting Started

Complete these six steps to go from zero to your first API call in under 10 minutes.

1

Create Your DocFlow Account

Visit the Docflow platform and sign up for a new account. You will need a valid business email address.

1️⃣ Navigate to https://uat.docflow.ae and click Get Started.

2️⃣ Enter your full name, business email, and a secure password.

3️⃣ Verify your email address via the confirmation link sent to your inbox.

4️⃣ Log in with your credentials or Login with Google.

2

Submit Company Details

A Company represents the legal entity that issues or receives e-invoices (e.g. your UAE-registered company).

1️⃣ Navigate to Settings → Company.

2️⃣ Enter the company's registered name and legal details.

3️⃣ Click "Save".

API Reference

All 15 endpoints live under the external gateway and require the X-API-KEY header. Path parameters shown as {entryId} must be replaced with real values.

GET

POST

DELETE

PUT

1

POST

User account registration 

Registers a new user account using the provided registration data. Accepts user credentials and profile information in the request body, validates the input, and creates a new user if the data is valid. Returns the result of the registration operation, including validation errors if applicable. 

https://api.docflow.ae/api/auth/register

Request Body

Response Body

JSON

  "firstName": "Shahzaib", 

  "lastName": "Subhani", 

  "email": "test@docflow.ae", 

  "phone": "+971525876854", 

  "password": "P@ssw0rd" 

}

2

POST

User Login

Authenticates a user using the provided login credentials. Validates the submitted email/username and password, and if successful, generates and returns a JWT access token along with related authentication data. Returns an unauthorized response if the credentials are invalid.

https://api.docflow.ae/api/auth/login

Request Body

Response Body

JSON

    "email": "shahzaib@docflow.ae", 

    "password": "$Docflow1" 

}

3

GET

Current User information

Returns information about the currently authenticated user based on the provided JWT access token. Requires authorization. If the token is valid, returns the user profile and related context data; otherwise, returns an unauthorized response. 

https://api.docflow.ae/api/auth/me 
Authorization: Bearer Token (JWT) 

Response Body

JSON

    "success": true, 

    "message": "Request completed successfully.", 

    "data": { 

        "isAuthenticated": true, 

        "userId": "bb4jh6c1-93w8-4f08-9b9c-35c20e02540c", 

        "email": "test@docflow.ae", 

        "phoneNumber": "+971525246654", 

        "firstName": "Shahzaib", 

        "lastName": "Subhani", 

        "fullName": "Shahzaib Subhani", 

        "position": "Developer", 

        "roles": [] 

    }, 

    "errors": [] 

4

POST

Refresh JWT tokens 

Refreshes the authentication tokens using a valid refresh token. Validates the provided refresh token and, if valid, issues a new JWT access token and a new refresh token. Returns an unauthorized response if the refresh token is invalid, expired, or revoked. 

https://api.docflow.ae/api/auth/refresh 

Request Body

Response Body

JSON

  "refreshToken": "refreshToken" 

5

POST

 Revoke refresh toke

Revokes a specific refresh token to prevent further use. Accepts a refresh token in the request body and invalidates it if found and valid. Returns the result of the revocation operation or an appropriate error response if the token is invalid or not found. 

https://api.docflow.ae/api/auth/revoke

Request Body

Response Body

JSON

  "refreshToken": "refreshToken" 

6

POST

Initiate password recovery 

Initiates the password recovery process for a user account. If the provided email exists, generates a temporary verification code and sends it to the user's email address with an expiration time. Always returns a generic success response to prevent user enumeration, even if the email is not found. 

https://api.docflow.ae/api/auth/forgot

Request Body

Response Body

JSON

  "email": "test@docflow.ae" 

7

POST

Verify recovery code 

Verifies the password recovery confirmation code sent to the user's email. Validates the provided email and verification code, ensuring the code is correct and not expired. Returns the verification result or an appropriate error response if validation fails. 

https://api.docflow.ae/api/auth/forgot/verify

Request Body

Response Body

JSON

  "email": "test@docflow.ae", 

  "code": "82190" 

8

POST

Change password after recovery

Changes the user's password after successful password recovery verification. Requires authorization. Accepts a new password in the request body, validates it according to security policies, and updates the user's credentials. Returns the result of the password change operation or an appropriate error response if validation fails

https://api.docflow.ae/api/auth/forgot/change 
Authorization: Bearer Token (JWT)

Request Body

Response Body

JSON

}

  "newPassword": "P@ssw0rd" 

9

POST

Account Confirmation Email 

Generates and sends a temporary verification code to the specified email address for email confirmation. If the email address exists and has not yet been confirmed, a verification code is generated, with an expiration time, and sent to the user's email. To prevent user enumeration, a generic success response is returned when the email address does not exist. If a code was recently sent, a message is returned indicating that the user should wait before requesting another code. 

https://api.docflow.ae/api/auth/email/confirm/send 

Request Body

Response Body

JSON

}

  "newPassword": "P@ssw0rd" 

10

GET

Paginated client list

Returns a paginated list of clients for the current company. Supports filtering, sorting, and paging parameters via query string. 

https://api.docflow.ae/api/clients 
Authorization: Bearer Token (JWT)

Query Params:

Name

Type

IsDraft

isPeppolEnabled

search

page

pageSize

Type

integer

boolean

boolean

string

integer

integer

required

no

no

no

no

no

no

description

Filters the client list by the specified client type.

If true, returns only draft clients. If false, returns active clients.

Filters the list based on whether Peppol integration is enabled.

A search term to filter clients by name or identifier.

The specific page number of results to retrieve (e.g., 1).

The number of records to return per page (e.g., 20).

Response Body

JSON

    "success": true, 

    "message": "Request completed successfully.", 

    "data": { 

        "items": [ 

            { 

                "id": "6a322d1c-ebc8-4df4-d233-08de6fc61983", 

                "name": "Test Client LLC", 

                "clientType": 0, 

                "trn": "100123456700003", 

                "contact": "info@testclient.com", 

                "isDraft": true, 

                "peppolParticipantId": "AE123456789" 

            } 

        ], 

        "page": 1, 

        "pageSize": 25, 

        "total": 1 

    }, 

    "errors": [] 

11

POST

Verify Email Confirmation Code 

Validates the verification code previously sent to the user's email address. If the provided code is valid, has not expired, and matches the specified email, the user's email address is marked as confirmed.  Returns an appropriate response if the verification code is invalid, expired, the email address does not exist, or the email has already been confirmed. 

https://api.docflow.ae/api/auth/email/confirm/verify  

Request Body

Response Body

JSON

 { 

    "email": "test@docflow.ae", 

    "code": "09748" 

12

POST

Create new client 

Creates a new client for the current company using the provided data. Validates the request body and persists the new client record. Returns the created client information or validation errors. 

https://api.docflow.ae/api/clients  
Authorization: Bearer Token (JWT)

Request Body

Response Body

JSON

 {

    "name": "ABC Trading LLC", 

    "address": "Office 1205, Business Bay, Dubai, UAE", 

    "trn": "100123456700003", 

    "licenseNumber": "CN-2026-001245", 

    "licenseIssuingAuthority": "Dubai Department of Economy and Tourism", 

    "contact": "John Smith", 

    "isDraft": false, 

    "clientType": 0, 

    "peppolParticipantId": "0088:123456789", 

    "bank": { 

        "bankName": "Emirates NBD", 

        "bankAddress": "Sheikh Zayed Road, Dubai", 

        "accountNumber": "123456789012345", 

        "iban": "AE070331234567890123456", 

        "bankSWIFT": "EBILAEAD" 

    }, 

    "postalAddress": { 

        "streetName": "Sheikh Zayed Road", 

        "additionalStreetName": "Business Bay", 

        "cityName": "Dubai", 

        "postalZone": "00000", 

        "countrySubentity": "Dubai", 

        "addressLine": "Office 1205, Bay Square", 

        "countryCode": "AE" 

    } 

13

GET

Client details by id

Returns detailed information for a specific client by its identifier. Returns not found if the client does not exist or is not accessible. 

https://api.docflow.ae/api/clients/{id} 
Authorization: Bearer Token (JWT) 

Path Variables:

Name

ID

Type

string

required

yes (in path)

description

The unique identifier of the client.

Response Body

JSON

    "success": true, 

    "message": "Request completed successfully.", 

    "data": { 

        "id": "1a322ab2-ab3a-461c-b93e-08deddb8060c", 

        "companyId": "743a703f-67b6-4bab-4eca-08de3671287e", 

        "name": "ABC Trading LLC", 

        "address": "Office 1205, Business Bay, Dubai, UAE", 

        "trn": "100123456700003", 

        "licenseNumber": "CN-2026-001245", 

        "licenseIssuingAuthority": "Dubai Department of Economy and Tourism", 

        "contact": "John Smith", 

        "isDraft": false, 

        "clientType": 0, 

        "bank": { 

            "bankName": "Emirates NBD", 

            "bankAddress": "Sheikh Zayed Road, Dubai", 

            "accountNumber": "123456789012345", 

            "iban": "AE070331234567890123456", 

            "bankSWIFT": "EBILAEAD" 

        }, 

        "peppolParticipantId": "0088:123456789", 

        "postalAddress": { 

            "streetName": "Sheikh Zayed Road", 

            "additionalStreetName": "Business Bay", 

            "cityName": "Dubai", 

            "postalZone": "00000", 

            "countrySubentity": "Dubai", 

            "addressLine": "Office 1205, Bay Square", 

            "countryCode": "AE" 

        } 

    }, 

    "errors": [] 

14

PUT

Update existing client 

Updates an existing client identified by the specified id using the provided data. Validates the request body and applies changes if the client exists and is accessible. Returns not found if the client does not exist

https://api.docflow.ae/api/clients/{id}  
Authorization: Bearer Token (JWT)

Request Body

Response Body

JSON

    "name": "ABC Trading LLC", 

    "address": "Office 1205, Business Bay, Dubai, UAE", 

    "trn": "100123456700003", 

    "licenseNumber": "CN-2026-001245", 

    "licenseIssuingAuthority": "Dubai Department of Economy and Tourism", 

    "contact": "John Smith", 

    "isDraft": false, 

    "clientType": 0, 

    "peppolParticipantId": "0088:123456789", 

    "bank": { 

        "bankName": "Emirates NBD", 

        "bankAddress": "Sheikh Zayed Road, Dubai", 

        "accountNumber": "123456789012345", 

        "iban": "AE070331234567890123456", 

        "bankSWIFT": "EBILAEAD" 

    }, 

    "postalAddress": { 

        "streetName": "Sheikh Zayed Road", 

        "additionalStreetName": "Business Bay", 

        "cityName": "Dubai", 

        "postalZone": "00000", 

        "countrySubentity": "Dubai", 

        "addressLine": "Office 1205, Bay Square", 

        "countryCode": "AE" 

    } 

15

DELETE

Delete client 

Deletes a client identified by the specified id. Removes the client if it exists and is accessible to the current user/company. Returns not found if the client does not exist. 

https://api.docflow.ae/api/clients/{id} 
Authorization: Bearer Token (JWT) 

Path Variables:

Name

ID

Type

string

required

yes (in path)

description

The unique identifier of the client.

Response Body

JSON

{

    "success": true, 

    "message": "Record deleted successfully.", 

    "data": null 

    }, 

    "errors": []