ProductKnowledgeDevelopers
Platform Control
SOAP API: authentication and App Keys

Create App Keys, retrieve a SecurityToken and make authenticated SOAP requests on the legacy eConnect API.

Before you can use the legacy SOAP API, you need App Keys and must retrieve a SecurityToken via the Login endpoint. This article explains step by step how this works.

Important: This is the legacy SOAP API. For new integrations we recommend the REST API, which uses OAuth 2.0.

Creating App Keys

App Keys consist of a Consumer Key and a Consumer Secret. You create them in the eConnect platform under the Connections menu. You need an administrator role for this.

There are two types of apps available:

TypeVisibilityNotesGeneric AppPublicName is pre-filled by eConnect. Suitable for standard integrations.Own AppPrivateYou choose your own name and optionally a logo. Suitable for custom connections.

For the accountant variant you use App Integration Requests: the client grants permission via the platform for access to their accounting records. This is relevant if you work as a software vendor on behalf of multiple clients.

Authentication flow

The authentication consists of two steps:

Step 1: Login

Call the Login endpoint with your Consumer Key and Consumer Secret. You receive a SecurityToken in return.

<Login>
  <ConsumerKey>jouw-consumer-key</ConsumerKey>
  <ConsumerSecret>jouw-consumer-secret</ConsumerSecret>
</Login>

Step 2: Include the SecurityToken

Include the SecurityToken in the SOAP header with all subsequent calls. The token is valid for 4 hours. You can also request a new token per session.

<soap:Header>
  <SecurityToken>ontvangen-security-token</SecurityToken>
</soap:Header>

Step 3: Retrieve account information

After a successful login, call GetAccountParties to retrieve your EConnectPartyId (XCNL number). You need this ID when sending and receiving documents.

Endpoint and WSDL
PropertyValueEndpointhttps://api.everbinding.nl/soap/v3.1?subscriptionKey={subscriptionKey}WSDLAvailable via [email protected]ProtocolSOAP 1.1 over HTTPS/SSL

The WSDL contains the full specification of all available endpoints, data types and error codes. You can import the WSDL into tools like SoapUI or Visual Studio to automatically generate client code.

Common mistakes

Transfer-Encoding=chunked: the SOAP API does not support chunked transfer encoding. Make sure your HTTP client sends the content-length header instead of using chunked encoding. This is one of the most common implementation mistakes.

Token expired: if your SecurityToken is older than 4 hours, you receive an authentication error (error code series 600). Request a new token via Login.

No subscriptionKey: without a valid subscriptionKey in the endpoint URL, all requests are rejected. Verify that the key is correct and still active.

Error handling

The SOAP API returns structured error codes in the format ERR + opcode + series + ID. The error code series indicate the type of error:

SeriesType100Warning200Functional300Permissions400Validation600Authentication800Communication900Unknown

Considering the switch to OAuth2 and the REST API? Check the PSB documentation at psb.econnect.eu for the modern authentication flow.

Switch to the REST API

PreviousSOAP overview
NextSOAP sending