🎉 phase4-peppol-standalone — API Reference

Peppol AS4 Access Point • Running & connected to PostgreSQL • GitHub ↗

Utility

GET /phase4ping

Health-check ping. Returns the plain text string pong. No authentication required.

Response text/plainpong

Receiving Peppol Messages

POST /as4

Peppol AS4 inbound endpoint. Receives signed & encrypted AS4 messages from other Access Points. Handles MIME multipart AS4 envelopes, validates the Peppol certificate, runs PHIVE document validation, persists the message (incl. raw SBD payload) to PostgreSQL and stores a Peppol Reporting Item.

Body AS4 MIME multipart (sent by remote AP — not called directly)

Response AS4 receipt or AS4 error message

Sending Peppol Messages

All sending endpoints require the X-Token header matching the value configured in phase4.api.requiredtoken.

POST /sendas4/{senderId}/{receiverId}/{docTypeId}/{processId}/{countryC1}

Send a Peppol AS4 message. The application builds the SBDH automatically from the path parameters and looks up the receiver endpoint via SMP/SML.

Auth X-Token: <token> (required)

ParameterWhereDescription
senderIdpathC1 Peppol participant ID, URI-encoded (e.g. 0088:5790000123456)
receiverIdpathC4 Peppol participant ID, URI-encoded
docTypeIdpathPeppol document type identifier, URI-encoded
processIdpathPeppol process identifier, URI-encoded
countryC1pathISO 3166-1 alpha-2 country code of sender (e.g. DE)
bodybodyRaw XML business document bytes

Response application/json — sending report with success/failure details

POST /sendas4-facturx/{senderId}/{receiverId}/{countryC1}

Send a Peppol Factur-X (PDF/XML hybrid) message. The application wraps the payload in a binary SBDH and dispatches it over AS4.

Auth X-Token: <token> (required)

ParameterWhereDescription
senderIdpathC1 Peppol participant ID, URI-encoded
receiverIdpathC4 Peppol participant ID, URI-encoded
countryC1pathISO 3166-1 alpha-2 country code of sender
bodybodyFactur-X PDF bytes

Response application/json — sending report

POST /sendsbdh

Send a pre-built Standard Business Document (SBD). The sender/receiver/doctype/process are read directly from the SBDH envelope; no path parameters needed.

Auth X-Token: <token> (required)

Body Complete SBD XML document (with valid SBDH)

Response application/json — sending report

Peppol Reporting

All reporting endpoints require the X-Token header. {year} ≥ 2024, {month} 1–12.

GET /create-tsr/{year}/{month}

Generate a Transaction Statistics Report (TSR) for the given month from data stored in PostgreSQL. Returns the report XML without storing or sending it.

Auth X-Token: <token>

Path year / month — reporting period

Response application/xml — TSR XML

GET /create-eusr/{year}/{month}

Generate an End-User Statistics Report (EUSR) for the given month. Returns the report XML without storing or sending it.

Auth X-Token: <token>

Path year / month — reporting period

Response application/xml — EUSR XML

GET /do-peppol-reporting/{year}/{month}

Full reporting pipeline: creates both TSR and EUSR for the given month, validates them against OpenPeppol rules, stores them locally, and transmits them to the designated OpenPeppol reporting receiver via AS4.

Auth X-Token: <token>

Path year / month — reporting period

Response text/plain — status message

Outbound Retry Queue

All retry endpoints require the X-Token header. Failed outbound sends are automatically queued for retry with exponential backoff (configurable via retry.* properties).

GET /retry/status

Summary counts: pending, exhausted, and total retry entries.

Auth X-Token: <token>

Response application/json{"pending": N, "exhausted": N, "total": N}

GET /retry/list

List all retry entries (all statuses: PENDING, RETRYING, SUCCESS, EXHAUSTED, CANCELLED).

Auth X-Token: <token>

Response application/json — array of retry entries

GET /retry/pending

List only pending retry entries awaiting their next attempt.

Auth X-Token: <token>

Response application/json — array of pending entries

POST /retry/cancel/{id}

Cancel a pending retry entry (prevents further retry attempts).

Auth X-Token: <token>

Path id — UUID of the retry entry

Response application/json — confirmation

POST /retry/requeue/{id}

Re-queue an exhausted or cancelled retry entry (resets attempt count and reschedules).

Auth X-Token: <token>

Path id — UUID of the retry entry

Response application/json — confirmation

POST /retry/trigger

Manually trigger an immediate retry poll (for operator convenience, instead of waiting for the scheduler).

Auth X-Token: <token>

Response application/json{"retriesSucceeded": N}

Spring Boot Actuator

Exposed via /actuator/**. All 14 endpoints are active (see management.endpoints.web.exposure.include=*).

GET /actuator/health

Application health status including datasource and disk-space indicators.

GET /actuator/info

Build and version information.

GET /actuator/metrics

JVM, HTTP request and HikariCP connection pool metrics.

GET /actuator/flyway

Applied Flyway migration history (V1 initial schema, V2 payload column, …).

POST /actuator/shutdown

Gracefully shuts down the application. No body required.