Skip to main content

Overview

The Maesn API supports pass through requests, enabling you to call external system endpoints even if they haven’t been explicitly implemented in our API.
This feature allows you to send authenticated requests directly through our platform by specifying the target path and providing the necessary request data. This section explains how to structure a pass through request and outlines all supported fields.

Endpoint

Send a POST request to: 
https://api.maesn.dev/accounting/passThrough

Request Body

The body of your request should include the following fields: path
  • The relative path of the target endpoint (e.g., /employees, /units).
  • Do not include the full URL, only the endpoint path segment.
  • If you’re unsure which part of the URL to include, refer to the system-specific documentation below. It shows the baseUrl we store for each system, this portion should not be included in the path.
method
  • The HTTP method to use. Supported values are GET, POST, PUT, PATCH, and DELETE.
body
  • Required for POST, PUT, and PATCH requests.
  • For REST API systems: Add all relevant fields directly inside the body object.
  • For GraphQL systems: The body object must include a field named query, containing your GraphQL query as a string.
  • For SOAP systems: The body object must include a field named xml, containing your XML payload as a base64-encoded string.

Headers

Include the following headers in your request: X-API-KEY: Your Maesn API key.
X-ACCOUNT-KEY: Your account-specific key.

Query Parameters

If you are not using the Interactive Authentication Flow, some systems may require additional parameters: environmentName
companyId Refer to the system-specific documentation below to confirm whether these are required for your request.

System specific information

Please ensure the query parameter environmentName is accurately populated with the appropriate environment. You can obtain this value by using the GET Environments endpoint available under the Authentication section.
baseUrl: The base URL for Abacus depends on the server configuration and may vary depending on whether Abacus is installed locally or hosted via a cloud subscription.
This baseUrl must be provided by the user upon authentication. The base URL follows this structure:
https://{user-specific-baseurl}/api/entity/v1/mandants/{environmentName}/
Only include the part after this base in the path field.
baseUrl: Set to https://api.bexio.com. Only include the part after this base in the path field.
baseUrl: Set to https://webapp.buchhaltungsbutler.de/api/v1/.
Only include the part after this base in the path field.
Note - Please beware that BuchhaltungsButler’s API only supports POST requests, even if you’re retreiving data. The operation is reflected in the path.
If you’re not using the Interactive Authentication Flow, make sure the query parameters environmentName and companyId are correctly populated. You can obtain these values by using the GET Environments and GET Companies endpoints available under the Authentication section.
baseUrl: Set to https://api.businesscentral.dynamics.com/v2.0/{environmentName}/api/v2.0/companies({companyId})/.
Only include the part after this base in the path field.
If you’re not using the Interactive Authentication Flow, make sure the query parameter companyId is correctly populated. You can obtain this value by using the GET Companies endpoint available under the Authentication section.
baseUrl: Set to https://start.exactonline.nl/api/v1/{companyId}/.
Only include the part after this base in the path field.
baseUrl: Set to https://api.fortnox.se/3/.
Only include the part after this base in the path field.
baseUrl: Set to https://api.freeagent.com/v2/.
Only include the part after this base in the path field.
Ensure that the query parameter _companyId_ is correctly filled with the account ID associated with the contact. This value can be retrieved by using the GET Companies endpoint in the Authentication section. Use the returned id as the value for _companyId_.
baseUrl: Set to https://api.freshbooks.com/accounting/account/${companyId}/.
Only include the part after this base in the path field.
baseUrl: Set to https://api.holded.com/api/.
Only include the part after this base in the path field.
baseUrl: Set to https://api.lexoffice.io/v1/.
Only include the part after this base in the path field.
If you’re not using the Interactive Authentication Flow, make sure the query parameter companyId is correctly populated. You can obtain this value by using the GET Companies endpoint available under the Authentication section.
baseUrl: Set to https://moneybird.com/api/v2/{companyId}/.Only include the part after this base in the path field with format : :resource_path.:format
baseUrl: Set to https://app.pennylane.com/api/external/v2/.Only include the part after this base in the path field.
baseUrl: Set to https://quickbooks.api.intuit.com/v3/company/{realmId}/.
Only include the part after this base in the path field. The realmId is stored automatically after user authentication. You do not need to provide it manually.
baseUrl: Set to https://api.accounting.sage.com/v3.1/.
Only include the part after this base in the path field.
If you’re not using the Interactive Authentication Flow, make sure the query parameters environmentName and companyId are correctly populated. You can obtain these values by using the GET Companies endpoint available under the Authentication section. Please use the id field as the companyId and the environmentId field as the environmentName.
baseUrl: Set to https://api.de.active.sage.com/graphql.
Sage Active uses GraphQL, so you should not provide a path.
Instead, include your GraphQL query in the body field of the request. Below is an example request body:
body: {
    "query": "query { accountingAccounts(where: { id: { eq: \"203661a0-83d8-458a-a9a2-51866acf42f9\" }}) { edges { node { id creationDate modificationDate code name description deactivated accountLevel subAccountType accountType } } } }"
}
baseUrl: Set to https://my.sevdesk.de/api/v1/.
Only include the part after this base in the path field.
If you’re not using the Interactive Authentication Flow, make sure the query parameter companyId is correctly populated. You can obtain this value by using the GET Companies endpoint available under the Authentication section.
Twinfield uses a SOAP API, so you do not need to provide a path.
Instead, send only the contents of the <soapenv:Body> section from your XML request, base64 encoded. We wrap your request using the following envelope and headers:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:twin="http://www.twinfield.com/">
<soapenv:Header>
    <twin:Header>
    <twin:AccessToken>{user accessToken}</twin:AccessToken>
    <twin:CompanyCode>{companyId}</twin:CompanyCode>
    </twin:Header>
</soapenv:Header>
<soapenv:Body>
    ${your XML body}
</soapenv:Body>
</soapenv:Envelope>
Send your request like this:
body: {
    "xml": "<base64-encoded content from the Body part of the XML>"
}
baseUrl: Set to https://eaccountingapi.vismaonline.com/v2/.
Only include the part after this base in the path field.
baseUrl: Set to https://restapi.e-conomic.com.
Only include the part after this base in the path field.
baseUrl: Set to https://{weclappId}.weclapp.com/webapp/api/v1/.
Only include the part after this base in the path field.
Note that the weclappId is stored by us upon authentication and does not need to be imcluded in the request.
baseUrl: Set to https://{xentralId}.xentral.biz/api/.
Only include the part after this base in the path field. Note that the xentralId is stored by us upon authentication and does not need to be imcluded in the request.
baseUrl: Set to https://api.xero.com/api.xro/2.0/.
Only include the part after this base in the path field.
I