> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maesn.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Passthrough

> The Maesn Passthrough Feature enables access to APIs that are not part of Maesn.

## Overview

The Maesn API supports **Passthrough requests**, enabling you to call external system endpoints even if they haven’t been explicitly implemented in our API.\
This feature allows you to send authenticated requests directly through our platform by specifying the target path and providing the necessary request data.
This section explains how to structure a Passthrough request and outlines all supported fields.

## Endpoint

Send a `POST` request to:

```http theme={null}
https://api.maesn.dev/accounting/passThrough
```

## Request Body

The body of your request should include the following fields:

**`path`**

* The relative path of the target endpoint (e.g., `/employees`, `/units`).
* Do **not** include the full URL, only the endpoint path segment.
* If you’re unsure which part of the URL to include, refer to the system-specific documentation below. It shows the `baseUrl` we store for each system, this portion should **not** be included in the `path`.

**`method`**

* The HTTP method to use. Supported values are `GET`, `POST`, `PUT`, `PATCH`, and `DELETE`.

**`body`**

* Required for `POST`, `PUT`, and `PATCH` requests.
* For REST API systems: Add all relevant fields directly inside the body object.
* For GraphQL systems: The request body object must include a field named query, containing your GraphQL query as a string.
* For SOAP systems: The body object must include a field named xml, containing your XML payload as a base64-encoded string.

## Headers

Include the following headers in your request:

`X-API-KEY`: Your Maesn API key.\
`X-ACCOUNT-KEY`: Your account-specific key.

## Query Parameters

If you are **not** using the [Interactive Authentication Flow](/authentication#interactive-authentication-flow), some systems may require additional parameters:

`environmentName` <br />
`companyId`

Refer to the system-specific documentation below to confirm whether these are required for your request.

## System specific information

<AccordionGroup>
  <Accordion title="abacus" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/abacus.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=e1a1710b2ea6a968fe05f50e6add869c" width="180" height="120" data-path="logo/abacus.svg">
    <Note>
      Please ensure the query parameter `environmentName` is accurately populated with the appropriate environment.
      You can obtain this value by using the `GET Environments` endpoint available under the Authentication section.
    </Note>

    `baseUrl`: The base URL for Abacus depends on the server configuration and may vary depending on whether Abacus is installed locally or hosted via a cloud subscription.\
    This baseUrl must be provided by the user upon authentication. The base URL follows this structure:\
    `https://{user-specific-baseurl}/api/entity/v1/mandants/{environmentName}/`\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="bexio" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/bexio.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=1725cd998107a00ea8f7f9a83c250e29" width="24" height="24" data-path="logo/bexio.svg">
    `baseUrl`: Set to `https://api.bexio.com`.
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="BuchhaltungsButler" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/buchhaltungsbutler.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=3c7e3e932413af1baa050ec41ef97a10" width="24" height="24" data-path="logo/buchhaltungsbutler.svg">
    `baseUrl`: Set to `https://webapp.buchhaltungsbutler.de/api/v1`.\
    Only include the part **after** this base in the `path` field.\
    **Note** - Please beware that BuchhaltungsButler's API only supports POST requests, even if you're retreiving data. The operation is reflected in the path.
  </Accordion>

  <Accordion title="Business Central" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/businesscentral.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=9cdc50aa9f467133e9e9372eab83f38b" width="24" height="24" data-path="logo/businesscentral.svg">
    <Note>
      If you're not using the [Interactive Authentication Flow](/authentication#interactive-authentication-flow), make sure the query parameters `environmentName` and `companyId` are correctly populated.
      You can obtain these values by using the `GET Environments` and `GET Companies` endpoints available under the Authentication section.
    </Note>

    `baseUrl`: Set to `https://api.businesscentral.dynamics.com/v2.0/{environmentName}/api/v2.0/companies({companyId})/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Exact" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/exact.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=afa1af7a261b22f843ac73ee60896ede" width="24" height="24" data-path="logo/exact.svg">
    <Note>
      If you're not using the [Interactive Authentication Flow](/authentication#interactive-authentication-flow), make sure the query parameter `companyId` is correctly populated.
      You can obtain this value by using the `GET Companies` endpoint available under the Authentication section.
    </Note>

    `baseUrl`: Set to `https://start.exactonline.nl/api/v1/{companyId}/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="fortnox" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/fortnox.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=14025f10bb2d1afa587fa8447531a376" width="24" height="24" data-path="logo/fortnox.svg">
    `baseUrl`: Set to `https://api.fortnox.se/3/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="FreeAgent" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/freeagent.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=81e7e040725fa819fde811d75a529adf" width="400" height="400" data-path="logo/freeagent.svg">
    `baseUrl`: Set to `https://api.freeagent.com/v2/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="FreshBooks" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/freshbooks.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=5c854fbdda6618ad510ed264f6be68e6" width="24" height="24" data-path="logo/freshbooks.svg">
    <Note>
      Ensure that the query parameter `_companyId_` is correctly filled with the account ID associated with the contact.
      This value can be retrieved by using the `GET Companies` endpoint in the Authentication section. Use the returned `id` as the value for `_companyId_`.
    </Note>

    `baseUrl`: Set to `https://api.freshbooks.com/accounting/account/${companyId}/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Holded" icon="https://mintcdn.com/maesn/NQwZPkomn6wLid0x/logo/holded.svg?fit=max&auto=format&n=NQwZPkomn6wLid0x&q=85&s=002a6714822fbb50f154f7ab9dea2db4" width="519" height="519" data-path="logo/holded.svg">
    `baseUrl`: Set to `  https://api.holded.com/api/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Lexware Office" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/lexoffice.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=efe4da1d7b59a552d1938ec981ccbc1e" width="24" height="24" data-path="logo/lexoffice.svg">
    `baseUrl`: Set to `https://api.lexoffice.io/v1/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Moneybird" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/moneybird.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=4cf7d956fec579e320389df5b2a6c828" width="24" height="24" data-path="logo/moneybird.svg">
    <Note>
      If you're not using the [Interactive Authentication Flow](/authentication#interactive-authentication-flow), make sure the query parameter `companyId` is correctly populated.
      You can obtain this value by using the `GET Companies` endpoint available under the Authentication section.
    </Note>

    `baseUrl`: Set to `https://moneybird.com/api/v2/{companyId}/`.

    Only include the part **after** this base in the `path` field with format : `:resource_path.:format`
  </Accordion>

  <Accordion title="Pennylane" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/pennylane.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=a035961c0f2e7136c351b5f3c0a5430a" width="414" height="414" data-path="logo/pennylane.svg">
    `baseUrl`: Set to `https://app.pennylane.com/api/external/v2/`.

    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Qonto" icon={<svg width="24" height="24" transform="translate(-7,-4)" viewBox="200 700 1000 1100"> <g transform="scale(0.20, -0.20) translate(0, -10000)"><path d="M1990 6372 c0 -25 29 -217 40 -267 23 -101 83 -262 138 -370 217 -425 615 -740 1072 -848 121 -29 171 -37 230 -37 l60 0 0 33 c0 50 -31 216 -58 317 -96 353 -351 704 -668 919 -63 42 -253 143 -289 153 -11 3 -51 17 -88 31 -90 34 -170 53 -296 72 -133 19 -141 19 -141 -3z"/><path d="M5110 6375 c-94 -15 -203 -40 -265 -60 -270 -89 -526 -255 -709 -460 -224 -252 -356 -532 -411 -872 -23 -140 -25 -133 44 -133 104 0 360 62 481 116 324 146 539 325 728 604 89 132 154 270 208 440 27 85 64 285 64 342 0 44 0 44 -140 23z"/><path d="M3375 4659 c-373 -68 -668 -221 -917 -475 -43 -44 -98 -106 -123 -139 -24 -33 -49 -65 -54 -71 -58 -70 -169 -297 -216 -439 -31 -94 -73 -315 -75 -387 0 -23 41 -23 160 -4 416 69 765 272 1024 596 104 129 161 225 239 400 23 51 73 207 86 265 6 28 15 71 21 97 5 26 10 74 10 107 l0 61 -52 -1 c-29 -1 -75 -5 -103 -10z"/><path d="M3710 4648 c0 -32 25 -180 45 -263 105 -455 429 -871 841 -1078 104 -53 170 -80 274 -113 82 -26 288 -64 344 -64 35 0 36 1 36 36 0 53 -38 259 -61 334 -141 457 -446 814 -869 1017 -169 81 -432 153 -560 153 -45 0 -50 -2 -50 -22z"/><path d="M1830 2227 c-105 -32 -174 -72 -247 -145 -203 -203 -244 -515 -104 -789 65 -129 222 -248 377 -287 67 -17 233 -21 280 -7 16 5 49 15 74 22 25 7 60 21 78 31 l33 18 82 -39 c88 -42 175 -68 199 -58 26 10 40 164 16 171 -7 3 -34 10 -59 17 -26 7 -55 18 -64 25 -16 12 -15 17 21 70 21 32 51 92 67 133 26 65 30 93 34 196 4 90 1 138 -11 190 -52 220 -218 397 -426 454 -104 29 -248 28 -350 -2z m300 -169 c59 -18 104 -44 158 -93 95 -85 142 -200 142 -344 0 -92 -14 -152 -56 -237 -42 -86 -49 -87 -104 -26 -26 29 -69 91 -95 138 -26 46 -51 87 -55 89 -7 5 -35 -6 -132 -48 -16 -7 -28 -18 -28 -25 0 -33 101 -194 174 -276 14 -16 26 -33 26 -37 0 -18 -81 -31 -171 -27 -115 4 -182 32 -262 107 -96 91 -137 192 -137 341 0 146 34 233 127 331 105 110 265 151 413 107z"/><path d="M4466 2055 c-10 -26 -7 -743 3 -812 17 -118 76 -210 162 -253 29 -15 58 -20 123 -20 46 0 91 3 100 6 13 5 16 23 16 89 l0 83 -68 -1 c-83 -1 -129 21 -155 76 -15 33 -17 63 -15 240 l3 202 118 3 118 3 -3 82 -3 82 -115 5 -115 5 -5 110 -5 110 -76 3 c-63 2 -78 0 -83 -13z"/><path d="M3020 1839 c-213 -58 -357 -284 -319 -505 29 -172 140 -300 308 -353 59 -19 214 -14 283 10 98 33 177 96 230 184 41 69 53 122 52 240 0 101 -3 115 -31 175 -78 167 -225 261 -407 259 -45 0 -97 -5 -116 -10z m228 -192 c53 -24 96 -66 124 -121 32 -60 31 -185 -1 -241 -55 -96 -127 -138 -236 -139 -80 0 -130 21 -181 76 -56 59 -69 94 -69 188 0 75 3 91 27 131 73 124 207 166 336 106z"/><path d="M5226 1829 c-184 -63 -296 -224 -296 -424 0 -196 103 -347 283 -414 82 -30 232 -30 314 0 127 47 215 136 262 262 30 81 29 218 -2 304 -44 126 -144 226 -270 270 -83 30 -208 31 -291 2z m250 -179 c126 -54 188 -213 134 -345 -41 -102 -128 -158 -245 -158 -106 -1 -188 53 -232 151 -99 224 119 448 343 352z"/><path d="M3647 1813 c-4 -3 -7 -195 -7 -425 l0 -418 85 0 85 0 0 251 c0 152 4 268 11 295 43 169 314 196 388 38 20 -41 21 -62 21 -314 l0 -271 88 3 87 3 3 250 c3 264 -4 335 -40 413 -28 58 -91 119 -158 151 -47 22 -69 26 -150 26 -90 0 -99 -2 -166 -37 -40 -20 -75 -34 -78 -31 -3 4 -6 21 -6 40 l0 33 -78 0 c-43 0 -82 -3 -85 -7z"/></g></svg>}>
    `baseUrl`: Set to `https://thirdparty.qonto.com/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="QuickBooks" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/quickbooks.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=7733377805a0f59c4cdada5817544447" width="24" height="24" data-path="logo/quickbooks.svg">
    `baseUrl`: Set to `https://quickbooks.api.intuit.com/v3/company/{realmId}/`.\
    Only include the part **after** this base in the `path` field.
    The `realmId` is stored automatically after user authentication. You do not need to provide it manually.
  </Accordion>

  <Accordion title="Sage Accounting" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/sageactive.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=db4ef71b40820611bd17295476ff28f9" width="24" height="24" data-path="logo/sageactive.svg">
    `baseUrl`: Set to `https://api.accounting.sage.com/v3.1/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Sage Active" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/sageactive.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=db4ef71b40820611bd17295476ff28f9" width="24" height="24" data-path="logo/sageactive.svg">
    <Note>
      If you're not using the [Interactive Authentication Flow](/authentication#interactive-authentication-flow), make sure the query parameters `environmentName` and `companyId` are correctly populated.
      You can obtain these values by using the `GET Companies` endpoint available under the Authentication section. Please use the id field as the companyId and the environmentId field as the environmentName.
    </Note>

    `baseUrl`: Set to `https://api.de.active.sage.com/graphql`.\
    Sage Active uses **GraphQL**, so you should **not** provide a `path`.\
    Instead, include your GraphQL query in the request body.
    Below is an example request body:

    ```json theme={null}
    body: {
        "query": "query { accountingAccounts(where: { id: { eq: \"203661a0-83d8-458a-a9a2-51866acf42f9\" }}) { edges { node { id creationDate modificationDate code name description deactivated accountLevel subAccountType accountType } } } }"
    }
    ```
  </Accordion>

  <Accordion title="sevdesk" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/sevdesk.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=2b266052b2531cf2995f78c2aecf6019" width="24" height="24" data-path="logo/sevdesk.svg">
    `baseUrl`: Set to `https://my.sevdesk.de/api/v1/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Snelstart" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/snelstart.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=a18e70fedba8b4166ced134d0ad1b8e3" width="24" height="24" data-path="logo/snelstart.svg">
    `baseUrl`: Set to `https://b2bapi.snelstart.nl`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Twinfield" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/twinfield.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=aacf76ab75d30aabd615bc761d08f405" width="24" height="24" data-path="logo/twinfield.svg">
    <Note>
      If you're not using the [Interactive Authentication Flow](/authentication#interactive-authentication-flow), make sure the query parameter `companyId` is correctly populated.
      You can obtain this value by using the `GET Companies` endpoint available under the Authentication section.
    </Note>

    Twinfield uses a **SOAP API**, so you do **not** need to provide a `path`.\
    Instead, send only the contents of the `<soapenv:Body>` section from your XML request, base64 encoded.
    We wrap your request using the following envelope and headers:

    ```xml theme={null}
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:twin="http://www.twinfield.com/">
    <soapenv:Header>
        <twin:Header>
        <twin:AccessToken>{user accessToken}</twin:AccessToken>
        <twin:CompanyCode>{companyId}</twin:CompanyCode>
        </twin:Header>
    </soapenv:Header>
    <soapenv:Body>
        ${your XML body}
    </soapenv:Body>
    </soapenv:Envelope>
    ```

    Send your request like this:

    ```json theme={null}
    body: {
        "xml": "<base64-encoded content from the Body part of the XML>"
    }
    ```
  </Accordion>

  <Accordion title="Visma eAccounting" icon="https://mintcdn.com/maesn/NQwZPkomn6wLid0x/logo/vismaeaccounting.svg?fit=max&auto=format&n=NQwZPkomn6wLid0x&q=85&s=1c24e329e3e1934acd3cfb86b6ecb1c0" width="24" height="24" data-path="logo/vismaeaccounting.svg">
    `baseUrl`: Set to `https://eaccountingapi.vismaonline.com/v2/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="Visma e-conomic" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/vismaeconomic.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=4b629e8bc1bfd12c3bedaaaf9cc03ef3" width="20" height="24" data-path="logo/vismaeconomic.svg">
    `baseUrl`: Set to `https://restapi.e-conomic.com`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>

  <Accordion title="weclapp" icon="https://mintcdn.com/maesn/gCd41Ws3USFubam4/logo/weclapp.svg?fit=max&auto=format&n=gCd41Ws3USFubam4&q=85&s=6a1eb194f06b8ed5c6ebec41766aff4a" width="24" height="24" data-path="logo/weclapp.svg">
    `baseUrl`: Set to `https://{weclappId}.weclapp.com/webapp/api/v1/`.\
    Only include the part **after** this base in the `path` field.\
    Note that the *weclappId* is stored by us upon authentication and does not need to be imcluded in the request.
  </Accordion>

  <Accordion title="Xentral" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/xentral.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=178700a67ab1b51df03e62487907f0dd" width="24" height="24" data-path="logo/xentral.svg">
    `baseUrl`: Set to `https://{xentralId}.xentral.biz/api/`.\
    Only include the part **after** this base in the `path` field.
    Note that the *xentralId* is stored by us upon authentication and does not need to be imcluded in the request.
  </Accordion>

  <Accordion title="Xero" icon="https://mintcdn.com/maesn/51AaCYhZi3VILsjj/logo/xero.svg?fit=max&auto=format&n=51AaCYhZi3VILsjj&q=85&s=4496b21aab750469b3d5e96a1588d9f0" width="45" height="46" data-path="logo/xero.svg">
    `baseUrl`: Set to `https://api.xero.com/api.xro/2.0/`.\
    Only include the part **after** this base in the `path` field.
  </Accordion>
</AccordionGroup>