Pass Through
Learn how to make a pass through request to call any endpoint in any connected system.
Overview
The Maesn API supports pass through requests, enabling you to call external system endpoints even if they haven’t been explicitly implemented in our API.
This feature allows you to send authenticated requests directly through our platform by specifying the target path and providing the necessary request data.
This section explains how to structure a pass through request and outlines all supported fields.
Endpoint
Send a POST request to:
Request Body
The body of your request should include the following fields:
path
- The relative path of the target endpoint (e.g.,
/employees,/units). - Do not include the full URL, only the endpoint path segment.
- If you’re unsure which portion of the URL to include, refer to the system-specific documentation below. It lists the baseUrl used for each system, allowing you to determine exactly what should be included in the path field.
method
- The HTTP method to use. Supported values are
GET,POST,PUT,PATCH, andDELETE.
body
- Required for
POST,PUT, andPATCHrequests. - For REST API systems: Add all relevant fields directly inside the body object.
- For GraphQL systems: The body object must include a field named query, containing your GraphQL query as a string.
- For SOAP systems: The body object must include a field named xml, containing your XML payload as a base64-encoded string.
Headers
Include the following headers in your request:
X-API-KEY: Your Maesn API key.
X-ACCOUNT-KEY: Your account-specific key.
Query Parameters
If you are not using the Interactive Authentication Flow, some systems may require additional parameters:
environmentName
companyId
Refer to the system-specific documentation below to confirm whether these are required for your request.
System specific information
abacus
abacus
Please ensure the query parameter environmentName is accurately populated with the appropriate environment.
You can obtain this value by using the GET Environments endpoint available under the Authentication section.
baseUrl: The base URL for Abacus depends on the server configuration and may vary depending on whether Abacus is installed locally or hosted via a cloud subscription.
This baseUrl must be provided by the user upon authentication. The base URL follows this structure:
https://{user-specific-baseurl}/api/entity/v1/mandants/{environmentName}/
Only include the part after this base in the path field.
bexio
bexio
baseUrl: Set to https://api.bexio.com/2.0/.
Only include the part after this base in the path field.
BuchhaltungsButler
BuchhaltungsButler
baseUrl: Set to https://webapp.buchhaltungsbutler.de/api/v1/.
Only include the part after this base in the path field.
Note - Please beware that BuchhaltungsButler’s API only supports POST requests, even if you’re retreiving data. The operation is reflected in the path.
Business Central
Business Central
If you’re not using the Interactive Authentication Flow, make sure the query parameters environmentName and companyId are correctly populated.
You can obtain these values by using the GET Environments and GET Companies endpoints available under the Authentication section.
baseUrl: Set to https://api.businesscentral.dynamics.com/v2.0/{environmentName}/api/v2.0/companies({companyId})/.
Only include the part after this base in the path field.
Exact
Exact
If you’re not using the Interactive Authentication Flow, make sure the query parameter companyId is correctly populated.
You can obtain this value by using the GET Companies endpoint available under the Authentication section.
baseUrl: Set to https://start.exactonline.nl/api/v1/{companyId}/.
Only include the part after this base in the path field.
fortnox
fortnox
baseUrl: Set to https://api.fortnox.se/3/.
Only include the part after this base in the path field.
FreeAgent
FreeAgent
baseUrl: Set to https://api.freeagent.com/v2/.
Only include the part after this base in the path field.
FreshBooks
FreshBooks
Ensure that the query parameter _companyId_ is correctly filled with the account ID associated with the contact.
This value can be retrieved by using the GET Companies endpoint in the Authentication section. Use the returned id as the value for _companyId_.
baseUrl: Set to https://api.freshbooks.com/accounting/account/${companyId}/.
Only include the part after this base in the path field.
Holded
Holded
baseUrl: Set to https://api.holded.com/api/.
Only include the part after this base in the path field.
Lexware Office
Lexware Office
baseUrl: Set to https://api.lexoffice.io/v1/.
Only include the part after this base in the path field.
Moneybird
Moneybird
If you’re not using the Interactive Authentication Flow, make sure the query parameter companyId is correctly populated.
You can obtain this value by using the GET Companies endpoint available under the Authentication section.
baseUrl: Set to https://moneybird.com/api/v2/{companyId}/.
Only include the part after this base in the path field with format : :resource_path.:format
QuickBooks
QuickBooks
baseUrl: Set to https://quickbooks.api.intuit.com/v3/company/{realmId}/.
Only include the part after this base in the path field.
The realmId is stored automatically after user authentication. You do not need to provide it manually.
Sage Accounting
Sage Accounting
baseUrl: Set to https://api.accounting.sage.com/v3.1/.
Only include the part after this base in the path field.
Sage Active
Sage Active
If you’re not using the Interactive Authentication Flow, make sure the query parameters environmentName and companyId are correctly populated.
You can obtain these values by using the GET Companies endpoint available under the Authentication section. Please use the id field as the companyId and the environmentId field as the environmentName.
baseUrl: Set to https://api.de.active.sage.com/graphql.
Sage Active uses GraphQL, so you should not provide a path.
Instead, include your GraphQL query in the body field of the request.
Below is an example request body:
sevdesk
sevdesk
baseUrl: Set to https://my.sevdesk.de/api/v1/.
Only include the part after this base in the path field.
Twinfield
Twinfield
If you’re not using the Interactive Authentication Flow, make sure the query parameter companyId is correctly populated.
You can obtain this value by using the GET Companies endpoint available under the Authentication section.
Twinfield uses a SOAP API, so you do not need to provide a path.
Instead, send only the contents of the <soapenv:Body> section from your XML request, base64 encoded.
We wrap your request using the following envelope and headers:
Send your request like this:
Visma eAccounting
Visma eAccounting
baseUrl: Set to https://eaccountingapi.vismaonline.com/v2/.
Only include the part after this base in the path field.
Visma e-conomic
Visma e-conomic
baseUrl: Set to https://restapi.e-conomic.com.
Only include the part after this base in the path field.
weclapp
weclapp
baseUrl: Set to https://{weclappId}.weclapp.com/webapp/api/v1/.
Only include the part after this base in the path field.
Note that the weclappId is stored by us upon authentication and does not need to be imcluded in the request.
Xentral
Xentral
baseUrl: Set to https://{xentralId}.xentral.biz/api/.
Only include the part after this base in the path field.
Note that the xentralId is stored by us upon authentication and does not need to be imcluded in the request.
Xero
Xero
baseUrl: Set to https://api.xero.com/api.xro/2.0/.
Only include the part after this base in the path field.