✓ FTA-Compliant ✓ Peppol-Aligned
DocFlow E-Invoice API
Submit, validate, and manage Peppol-compliant UAE e-invoices programmatically. Integrate your ERP, accounting software, or custom application with the DocFlow external gateway with JWT management.

Base URL
https://api.docflow.ae
Endpoints
15
API REFERENCE
Getting Started
Complete these six steps to go from zero to your first API call in under 10 minutes.
1
Create Your DocFlow Account
Visit the Docflow platform and sign up for a new account. You will need a valid business email address.
1️⃣ Navigate to https://uat.docflow.ae and click Get Started.
2️⃣ Enter your full name, business email, and a secure password.
3️⃣ Verify your email address via the confirmation link sent to your inbox.
4️⃣ Log in with your credentials or Login with Google.
2
Submit Company Details
A Company represents the legal entity that issues or receives e-invoices (e.g. your UAE-registered company).
1️⃣ Navigate to Settings → Company.
2️⃣ Enter the company's registered name and legal details.
3️⃣ Click "Save".
API Reference
All 15 endpoints live under the external gateway and require the X-API-KEY header. Path parameters shown as {entryId} must be replaced with real values.
GET
POST
DELETE
PUT
1
POST
User account registration
Registers a new user account using the provided registration data. Accepts user credentials and profile information in the request body, validates the input, and creates a new user if the data is valid. Returns the result of the registration operation, including validation errors if applicable.
https://api.docflow.ae/api/auth/register
Request Body
Response Body
JSON
{
"firstName": "Shahzaib",
"lastName": "Subhani",
"email": "test@docflow.ae",
"phone": "+971525876854",
"password": "P@ssw0rd"
}
2
POST
User Login
Authenticates a user using the provided login credentials. Validates the submitted email/username and password, and if successful, generates and returns a JWT access token along with related authentication data. Returns an unauthorized response if the credentials are invalid.
https://api.docflow.ae/api/auth/login
Request Body
Response Body
JSON
{
"email": "shahzaib@docflow.ae",
"password": "$Docflow1"
}
3
GET
Current User information
Returns information about the currently authenticated user based on the provided JWT access token. Requires authorization. If the token is valid, returns the user profile and related context data; otherwise, returns an unauthorized response.
https://api.docflow.ae/api/auth/me
Authorization: Bearer Token (JWT)
Response Body
JSON
{
"success": true,
"message": "Request completed successfully.",
"data": {
"isAuthenticated": true,
"userId": "bb4jh6c1-93w8-4f08-9b9c-35c20e02540c",
"email": "test@docflow.ae",
"phoneNumber": "+971525246654",
"firstName": "Shahzaib",
"lastName": "Subhani",
"fullName": "Shahzaib Subhani",
"position": "Developer",
"roles": []
},
"errors": []
}
4
POST
Refresh JWT tokens
Refreshes the authentication tokens using a valid refresh token. Validates the provided refresh token and, if valid, issues a new JWT access token and a new refresh token. Returns an unauthorized response if the refresh token is invalid, expired, or revoked.
https://api.docflow.ae/api/auth/refresh
Request Body
Response Body
JSON
{
"refreshToken": "refreshToken"
}
5
POST
Revoke refresh toke
Revokes a specific refresh token to prevent further use. Accepts a refresh token in the request body and invalidates it if found and valid. Returns the result of the revocation operation or an appropriate error response if the token is invalid or not found.
https://api.docflow.ae/api/auth/revoke
Request Body
Response Body
JSON
{
"refreshToken": "refreshToken"
}
6
POST
Initiate password recovery
Initiates the password recovery process for a user account. If the provided email exists, generates a temporary verification code and sends it to the user's email address with an expiration time. Always returns a generic success response to prevent user enumeration, even if the email is not found.
https://api.docflow.ae/api/auth/forgot
Request Body
Response Body
JSON
{
"email": "test@docflow.ae"
}
7
POST
Verify recovery code
Verifies the password recovery confirmation code sent to the user's email. Validates the provided email and verification code, ensuring the code is correct and not expired. Returns the verification result or an appropriate error response if validation fails.
https://api.docflow.ae/api/auth/forgot/verify
Request Body
Response Body
JSON
{
"email": "test@docflow.ae",
"code": "82190"
}
8
POST
Change password after recovery
Changes the user's password after successful password recovery verification. Requires authorization. Accepts a new password in the request body, validates it according to security policies, and updates the user's credentials. Returns the result of the password change operation or an appropriate error response if validation fails
https://api.docflow.ae/api/auth/forgot/change
Authorization: Bearer Token (JWT)
Request Body
Response Body
JSON
}
"newPassword": "P@ssw0rd"
}
9
POST
Account Confirmation Email
Generates and sends a temporary verification code to the specified email address for email confirmation. If the email address exists and has not yet been confirmed, a verification code is generated, with an expiration time, and sent to the user's email. To prevent user enumeration, a generic success response is returned when the email address does not exist. If a code was recently sent, a message is returned indicating that the user should wait before requesting another code.
https://api.docflow.ae/api/auth/email/confirm/send
Request Body
Response Body
JSON
}
"newPassword": "P@ssw0rd"
}
10
GET
Paginated client list
Returns a paginated list of clients for the current company. Supports filtering, sorting, and paging parameters via query string.
https://api.docflow.ae/api/clients
Authorization: Bearer Token (JWT)
Query Params:
Name
Type
IsDraft
isPeppolEnabled
search
page
pageSize
Type
integer
boolean
boolean
string
integer
integer
required
no
no
no
no
no
no
description
Filters the client list by the specified client type.
If true, returns only draft clients. If false, returns active clients.
Filters the list based on whether Peppol integration is enabled.
A search term to filter clients by name or identifier.
The specific page number of results to retrieve (e.g., 1).
The number of records to return per page (e.g., 20).
Response Body
JSON
{
"success": true,
"message": "Request completed successfully.",
"data": {
"items": [
{
"id": "6a322d1c-ebc8-4df4-d233-08de6fc61983",
"name": "Test Client LLC",
"clientType": 0,
"trn": "100123456700003",
"contact": "info@testclient.com",
"isDraft": true,
"peppolParticipantId": "AE123456789"
}
],
"page": 1,
"pageSize": 25,
"total": 1
},
"errors": []
}
11
POST
Verify Email Confirmation Code
Validates the verification code previously sent to the user's email address. If the provided code is valid, has not expired, and matches the specified email, the user's email address is marked as confirmed. Returns an appropriate response if the verification code is invalid, expired, the email address does not exist, or the email has already been confirmed.
https://api.docflow.ae/api/auth/email/confirm/verify
Request Body
Response Body
JSON
{
"email": "test@docflow.ae",
"code": "09748"
}
12
POST
Create new client
Creates a new client for the current company using the provided data. Validates the request body and persists the new client record. Returns the created client information or validation errors.
https://api.docflow.ae/api/clients
Authorization: Bearer Token (JWT)
Request Body
Response Body
JSON
{
"name": "ABC Trading LLC",
"address": "Office 1205, Business Bay, Dubai, UAE",
"trn": "100123456700003",
"licenseNumber": "CN-2026-001245",
"licenseIssuingAuthority": "Dubai Department of Economy and Tourism",
"contact": "John Smith",
"isDraft": false,
"clientType": 0,
"peppolParticipantId": "0088:123456789",
"bank": {
"bankName": "Emirates NBD",
"bankAddress": "Sheikh Zayed Road, Dubai",
"accountNumber": "123456789012345",
"iban": "AE070331234567890123456",
"bankSWIFT": "EBILAEAD"
},
"postalAddress": {
"streetName": "Sheikh Zayed Road",
"additionalStreetName": "Business Bay",
"cityName": "Dubai",
"postalZone": "00000",
"countrySubentity": "Dubai",
"addressLine": "Office 1205, Bay Square",
"countryCode": "AE"
}
}
13
GET
Client details by id
Returns detailed information for a specific client by its identifier. Returns not found if the client does not exist or is not accessible.
https://api.docflow.ae/api/clients/{id}
Authorization: Bearer Token (JWT)
Path Variables:
Name
ID
Type
string
required
yes (in path)
description
The unique identifier of the client.
Response Body
JSON
{
"success": true,
"message": "Request completed successfully.",
"data": {
"id": "1a322ab2-ab3a-461c-b93e-08deddb8060c",
"companyId": "743a703f-67b6-4bab-4eca-08de3671287e",
"name": "ABC Trading LLC",
"address": "Office 1205, Business Bay, Dubai, UAE",
"trn": "100123456700003",
"licenseNumber": "CN-2026-001245",
"licenseIssuingAuthority": "Dubai Department of Economy and Tourism",
"contact": "John Smith",
"isDraft": false,
"clientType": 0,
"bank": {
"bankName": "Emirates NBD",
"bankAddress": "Sheikh Zayed Road, Dubai",
"accountNumber": "123456789012345",
"iban": "AE070331234567890123456",
"bankSWIFT": "EBILAEAD"
},
"peppolParticipantId": "0088:123456789",
"postalAddress": {
"streetName": "Sheikh Zayed Road",
"additionalStreetName": "Business Bay",
"cityName": "Dubai",
"postalZone": "00000",
"countrySubentity": "Dubai",
"addressLine": "Office 1205, Bay Square",
"countryCode": "AE"
}
},
"errors": []
}
14
PUT
Update existing client
Updates an existing client identified by the specified id using the provided data. Validates the request body and applies changes if the client exists and is accessible. Returns not found if the client does not exist
https://api.docflow.ae/api/clients/{id}
Authorization: Bearer Token (JWT)
Request Body
Response Body
JSON
{
"name": "ABC Trading LLC",
"address": "Office 1205, Business Bay, Dubai, UAE",
"trn": "100123456700003",
"licenseNumber": "CN-2026-001245",
"licenseIssuingAuthority": "Dubai Department of Economy and Tourism",
"contact": "John Smith",
"isDraft": false,
"clientType": 0,
"peppolParticipantId": "0088:123456789",
"bank": {
"bankName": "Emirates NBD",
"bankAddress": "Sheikh Zayed Road, Dubai",
"accountNumber": "123456789012345",
"iban": "AE070331234567890123456",
"bankSWIFT": "EBILAEAD"
},
"postalAddress": {
"streetName": "Sheikh Zayed Road",
"additionalStreetName": "Business Bay",
"cityName": "Dubai",
"postalZone": "00000",
"countrySubentity": "Dubai",
"addressLine": "Office 1205, Bay Square",
"countryCode": "AE"
}
}
15
DELETE
Delete client
Deletes a client identified by the specified id. Removes the client if it exists and is accessible to the current user/company. Returns not found if the client does not exist.
https://api.docflow.ae/api/clients/{id}
Authorization: Bearer Token (JWT)
Path Variables:
Name
ID
Type
string
required
yes (in path)
description
The unique identifier of the client.
Response Body
JSON
{
"success": true,
"message": "Record deleted successfully.",
"data": null
},
"errors": []
}