๐Environments & Base URLs
Docs-Dispatcher operates across multiple environments with different base URLs for each service.
Production Environment
Dispatcher API
Base URL: https://api.docs-dispatcher.ioEndpoints:
Authentication:
POST /auth- Login and get JWTGET /auth/refresh- Refresh JWT token
Configuration & Templates:
GET /api/v1/my/config- Get user/company configurationsGET /api/v1/templates- List templatesGET /api/v1/templates/:id- Get template details
Service Dispatch:
POST /api/invoicing- Invoice/quote dispatchPOST /api/esign- eSign workflowsPOST /api/postal- Postal mail dispatchPOST /api/sms- SMS messagingPOST /api/email- Email dispatchPOST /api/file- Document generation onlyPOST /api/upload- File uploadPOST /api/:service/validate- Validation (all services)
Health:
GET /healthz- Health check
Sandbox Environment (Coming Soon)
Sandbox environment for testing without affecting production data.
Differences from production:
Isolated database (no production data)
Provider sandbox APIs used where available
No real emails/SMS/postal mail sent
No actual invoices created in accounting systems
Rate limits may differ
Provider Sandboxes: Some providers offer sandbox modes (e.g., Qonto). Use the useSandbox flag in provider configs to test with real provider APIs without creating actual invoices.
Common Headers
Required for All Dispatcher Requests
Example:
Basic Auth Encoding: The credentials format is email:password encoded as base64. Most HTTP clients handle this automatically. See Authentication for details.
Optional Headers
X-Request-ID: Track requests across services (generated if not provided)
X-Idempotency-Key: Prevent duplicate dispatches (recommended for production)
URL Patterns
Service Endpoints
All service endpoints follow this pattern:
Examples:
Validation Endpoints
Examples:
Webhook Endpoints
Webhook callbacks follow this pattern:
Examples:
Rate Limits
Production
Authentication: 10 requests/minute per IP
Dispatcher: 100 requests/minute per user
Validation: 20 requests/minute per user
Rate Limit Headers:
Rate Limit Exceeded (429):
Timeouts
Connection Timeouts
Dispatcher API: 30 seconds
Provider APIs: 60 seconds (varies by provider)
Request Timeouts
Sync requests: 120 seconds
Async requests: 5 seconds (queues immediately)
Validation: 10 seconds
Long-running operations: For operations that may take longer than 120 seconds (e.g., large PDF generation, postal dispatch), use ?async=true to avoid timeouts.
SSL/TLS
All endpoints require HTTPS with TLS 1.2 or higher.
Certificate Validation:
Production certificates are valid and trusted
Self-signed certificates are not supported
Certificate pinning is not required
Regional Availability
Currently, all services are hosted in:
Primary Region: Europe (France)
Failover: Europe (Ireland)
Latency Expectations:
Europe: < 50ms
North America: 100-150ms
Asia: 200-300ms
CORS
Dispatcher API
CORS is not enabled by default for security:
Security Warning: Do NOT call Dispatcher API directly from browser JavaScript. Use a backend proxy to protect your JWT tokens and prevent CSRF attacks.
Recommended Architecture:
Health Check
Check service availability:
Response:
IP Whitelisting
For enhanced security, you can restrict API access to specific IP addresses:
Contact support to enable IP whitelisting
Provide list of allowed IPs/CIDR ranges
Requests from other IPs will receive
403 Forbidden
Service Status
Monitor service status and incidents:
Status Page: https://status.docs-dispatcher.io (TBD)
Incidents: Subscribe to updates via email or RSS
Environment Variables
Recommended environment variables for your application:
Security: Never commit credentials to version control. Use environment variables or secret management services (AWS Secrets Manager, HashiCorp Vault, etc.).
Next Steps
Get a JWT - Authenticate with Dispatcher API
Quickstart - Send your first request
API Reference - Full OpenAPI specification
Last updated