惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
Malwarebytes
Malwarebytes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cybersecurity and Infrastructure Security Agency CISA
F
Future of Privacy Forum
C
Cisco Blogs
T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
S
Securelist
K
Kaspersky official blog
S
Schneier on Security
T
ThreatConnect
T
Tenable Blog
Spread Privacy
Spread Privacy
T
True Tiger Recordings
AWS News Blog
AWS News Blog
F
Fox-IT International blog
量子位
T
Threatpost
V
Vulnerabilities – Threatpost
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
宝玉的分享
宝玉的分享
腾讯CDC
G
Google Developers Blog
aimingoo的专栏
aimingoo的专栏
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
S
SegmentFault 最新的问题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
U
Unit 42
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
O
OpenAI News
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
The Register - Security
The Register - Security
MyScale Blog
MyScale Blog
小众软件
小众软件
A
About on SuperTechFans
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
美团技术团队
Google Online Security Blog
Google Online Security Blog
P
Proofpoint News Feed
MongoDB | Blog
MongoDB | Blog

DEV Community

How I Prepared for CKA: Resources, Labs, and Strategy That Worked for Me Stop Flying Blind: We Built an LLM Evaluation Framework That Works Across 17+ Agent Frameworks The Misleading "User is not authorized to access connection" Error in AWS CodeBuild — and Why Your IAM Policy Looks Fine I Resurrected a Dead F1 Project and Accidentally Built a Race Intelligence OS Remix Mini PC: After a Year of Dead Ends, the eMMC Finally Talks Not All Games Are Equal: The Real Difference Between a Trap and a Tool I Built a Hermes Agent to Tell Me Which Hackathons to Enter. It Told Me to Enter This One. The Five Hooks That Change How You Ship With Claude Code Powering Your Progress: Building Robust Solutions with Laravel I built a self-hosted CI/CD platform with persistent queue, encrypted secrets, and rollback UI — here's what I learned Antigravity 2.0 and the $1,000 OS: Why "Agent-First" Feels Like the Direction I've Been Building Toward Anyway I built an AI PR-triage agent in 30 lines of Markdown Core Web Vitals from 74 to 91: A Real Tax Practitioner Site Rebuild I Gave Gemma 4 150 Tools on Windows. Here's What Actually Happened. Beyond the Loop: Why Monolithic AI Agents Fail and How to Build a Microkernel Architecture The Hidden Tax of AI-Assisted Development (And How I Fixed It) I Ditched Cloud LLMs for Gemma 4 4B: A DevOps Engineer's 48-Hour Reality Check Building a Schema.org @graph That Validates on the First Try The "Lift and Shift" Trap: Why Your Integration Layer Needs More Than Just a Cloud Address All 7 OSI Layers Explained with Real-World Analogies Antigravity 2.0 in one day: the four shells and what each is good for Self-Hosting Google Fonts with size-adjust: Zero CLS Web Font Swap The Multi-Provider LLM Problem: Why “One API” Is Not Enough How I indexed 69,000 Claude Code skills (and what I learned doing it) RememberMe CareGrid: Local Gemma 4 for dementia memory and safety Google Is Killing Gemini CLI on June 18. Here Is What to Do Before Then Do Domínio ao Deploy: Hospedando Arquivos de Deep Links no Cloudflare Pages (Parte 7.1) Running Gemma 4 26B on an Old GTX 1080 with llama.cpp Devlog 1: I tried building an SNES game with the super FX chip Why Gemma 4 Feels Like an Important Moment for AI Developers✨ From Zero and Confused, This Is How I Started Learning to Code I Built a Local AI Gateway That Talks to Claude, ChatGPT, DeepSeek and Gemini — Without a Single API Key Bootstrapping with AI: Why Gemma 4 is the Micro-SaaS Founder’s Best Friend MyErp Architecture Series - #02 Cellular Architecture: Mapping Biology to Software Systems NodeJS vs Bun vs Go 🌍 RTL Arabic Style UI How Does an AI Agent Actually Buy Something? Google Just Published the Spec. Google I/O 2026 Is One Uncanny F.R.I.E.N.D.S Group Upgrade I Replaced 70MB Node.js Log Viewer with a 172KB Zig Binary The "MTTR Is All You Need" Trap The Quiet Revolution: How Firebase Became the First Agent-Native Backend at Google I/O 2026 I Built ResuMate! A 100% Private, Local AI Resume Optimizer with Google Gemma 4 Learning DirectX 12 - Part 2 Initialization Theory NeuralHats: I Put Edward de Bono’s Six Thinking Hats on Local LLMs Using Gemma 4 📝 Instant Auto Save Notes Engineering the "App-Like" Experience: A Deep Dive into PWA Architecture I built a local first AI CCTV assistant using Gemma 4 + Frigate CrowdShield AI — Smart Stadium Operating System & Crowd Intelligence Platform I built a free AI observability tool, prove your AI is useful, not just running Beyond Autocomplete: Why Google Antigravity 2.0 Changes the Rules for Indie Builders 터미널 AI 에이전트 구축 (v12) Building Instagram-Powered Apps with HikerAPI (Without Fighting Scrapers) Checkpoints, Not Transcripts: Rethinking AI Coding Agent Memory From Side Project to Student Savior: My AI PPT & Resume Tool Crossed 1.5K+ Users Why Story Points Don’t Work in the AI Era, And What Should Take Their Place Instead. Self-Hosted Document AI: How to Run Document Intelligence On Your Own Infrastructure (2026) How to Extract Tables from PDFs with AI: 4 Methods That Actually Work (2026) IDP vs OCR: What's the Difference — and Which Does Your Business Actually Need? Automated PII Detection and Redaction in Business Documents: A Practical Guide Human-in-the-Loop Document Review: When to Use It and How to Set It Up (2026) Document Processing Without RPA: A Modern Approach for Small Teams Reducto Alternative: When You Need More Than a Document Parser (2026) Hermes Agent vs LangChain vs CrewAI: When to Reach for Each SparshAI: I Built an Offline AI Tutor for Students Using Gemma 4 — Here's What Happened Building NeuroSense AI: A Human-Centered Stress Insight Assistant Powered by Gemma Why I Built a Privacy-First Dev Toolkit GAS Input Tags: Ability Activation Without Hardcoded Bindings AI Legal Document Advisor Supported By Gemm 4 Model Building Convertify in Public Week 10: PDF Cluster + Blog Launch CureNet AI: Decentralized Health Intelligence for India, Powered by Gemma 4 and ABHA Standardization When Open-Weights AI Meets a Broken Healthcare System: Deploying Gemma 4 in Rural India V.A.L.I.D. Google I/O 2026: The Year Google Stopped Building AI Assistants and Started Shipping AI Engineers Bondmap: AI-Powered Relationship Network That Maps How You're Connected to Everyone Using Gemma 4 Gemma 4 challenge inspired me to build my first app! 96. LoRA: Fine-Tune a Billion-Parameter Model on a Laptop From a Student Who Used CircuitVerse to a GSoC Contributor — My Community Bonding Story How Bf-Tree Keeps Mini-Pages Small, Hot, and Cheap to Evict I asked Claude to explain the chip war and ended up understanding modern geopolitics differently Stop Manually Checking for Server Updates: Automate With Email Notifications Nostalgia Meets Cybersecurity: Spotting Modern Scams in a Retro OS Simulator - Forward or Fraud CRACKING CODING INTERVIEW From Python to Production Pipeline :A Practical guide to Apache Airflow Antigravity 2.0: Google Just Changed What It Means to Be an Engineer I Built a Free Sticker Maker Because Every Other One Hid the Export How I bypassed Blazor WebAssembly's Virtual DOM using raw WASM pointers Distributed Tracing for LLM Agents: When MCP Makes Tool Calls Observable The Zero-Budget Memory Setup Behind My AI Agent Workflow No database. No framework. Just files, startup order, correction logs, and discipline. I Built an AI Second Brain with Gemma 4 The Most Exciting Google I/O 2026 Announcement for Me: HTML-in-Canvas CrisisLens: Compressing Disaster Scenes into 200-Byte Emergency Payloads with Gemma 4 I'm 15 and I built a todo app with Telegram Stars payments — only legal way for me to monetize before turning 18 Crypto Branding After the Token Launch Building an on-chain alerts bot in Python without any blockchain library FinePrint — An AI Pocket Lawyer That Decodes Predatory Contracts Using Gemma 4 How to Connect OpenAI with Supabase in 10 Minutes for a Lightning-Fast AI MVP One AI Gateway for AWS Bedrock, Google Vertex AI, Gemini, and Anthropic Reading Log #9 — Aoashi The Tacit Dimension Thinking, Fast and Slow Web3 Onboarding Is Not a Wallet Problem. It Is a Trust Problem. FHE Prompt Privacy: The Metadata Leak Your Demo Still Has
How to add Peppol e-invoicing to your SaaS without making it your team's problem
Zero Lopp La · 2026-05-25 · via DEV Community

If your SaaS already does B2B billing for customers in Europe, sooner or later one of them will ask: "Can you send my invoices through Peppol?"

Belgium has required structured domestic B2B e-invoicing since 1 January 2026. Germany has required businesses to be able to receive e-invoices since 1 January 2025, with issuing obligations phased in from 2027 to 2028. France starts its B2B e-invoicing rollout from 1 September 2026 through approved platforms. The EU ViDA package brings digital reporting for intra-EU B2B transactions from 1 July 2030.

The exact rails differ by country. Belgium is Peppol-first. Germany and France are not simply "Peppol only". But the direction is clear: structured e-invoicing is becoming part of the default B2B stack.

Your team has two options. Build it yourself — UBL templates, country variants, Peppol Access Point integration, retry semantics, status webhooks, compliance drift, the works. Or treat Peppol as infrastructure you call out to, the way you treat your card processor or your transactional email.

This is the second path: how to add Peppol to a SaaS product so that your devs stay focused on your product and Peppol becomes an API integration plus a webhook handler.

Why "build it yourself" turns into a tax

Peppol looks deceptively small. It's just an XML format, right?

It isn't. The standard you usually need to emit is UBL 2.1 conforming to Peppol BIS Billing 3.0, with country-specific rules layered on top. The XML has hundreds of optional fields and a non-trivial validation tree. You have to:

  • Generate UBL from your invoice data shape. Your model is not UBL's model, so there is mapping work.
  • Validate before sending, or the Access Point rejects the document.
  • Look up the recipient's Peppol identifier in the Peppol Directory.
  • Submit through a certified Peppol Access Point. You do not talk to recipients directly; you talk to an AP that talks to their AP.
  • Handle async delivery. "Accepted by Access Point" is not the same as "delivered to recipient".
  • Track failures. A recipient can reject a document later, and your tenant needs to see that state.

For a SaaS where invoicing is a feature and not the product, that is a tax. The framing I keep hearing from devs at billing, healthcare, and ERP SaaS companies is the same: Peppol is important, but it is not the core business.

First decision: who is the sender?

Before writing any code, draw this line. There are two different SaaS shapes that people often mix together.

Shape A: your SaaS sends invoices as your own legal entity.

Example: you run a B2B SaaS and invoice your customers. You have one verified sender identity. This is the simple integration path: one API key, one onboarding flow, one webhook endpoint, many recipients.

Shape B: your SaaS sends invoices on behalf of your customers.

Example: a healthcare, ERP, or marketplace SaaS where each customer is its own legal entity and needs to send invoices under its own Peppol participant identifier. That is a platform/delegated-sender model. It needs KYB, authorization, sender selection, audit trails, and often country-specific verification.

Do not fake Shape B by stuffing a tenant's Peppol ID into a random from field unless your provider explicitly supports delegated sender selection. A good provider should expose a real sender model, usually something like a legal entity ID or sub-account ID, plus authorization gates.

getpeppr's public API today is designed around the verified-account sender model. We are actively working through the delegated-sender pattern with platform customers, but this is not a "just pass from.peppolId and you're done" feature. If that is your use case, talk to us before making customer promises.

What your platform owns vs. what you delegate

Your platform should still own the product-specific parts:

  • Your tenant/account model
  • Your invoice rows, line items, tax decisions, and UI
  • Billing-side metering for how many Peppol sends happen
  • The UX where a user sees "queued", "sent", "accepted", "refused", or "failed"
  • For delegated-sender use cases: consent, KYB, and authorization UX for each sender

You delegate the Peppol-specific machinery:

  • UBL generation from a sane JSON shape
  • Validation against Peppol BIS 3.0 and relevant business rules
  • Access Point transmission
  • Peppol Directory lookups
  • Status webhooks
  • Compliance updates as mandates roll out

The rest of this article uses getpeppr as the provider because that's what we ship, but the principle applies to any decent Peppol-as-a-service API: keep tenancy and product logic in your platform, push Peppol-specific work out.

The TypeScript path, end to end

This is what a clean current getpeppr integration looks like for the verified-sender model.

1. Install and initialise 

npm install @getpeppr/sdk

Enter fullscreen mode Exit fullscreen mode 

import { Peppol } from "@getpeppr/sdk";

export const peppol = new Peppol({
  apiKey: process.env.GETPEPPR_API_KEY!, // sandbox or production key
});

Enter fullscreen mode Exit fullscreen mode

The sender identity is configured through getpeppr onboarding and tied to the account/API key. In production, that sender needs a verified Peppol identity before documents can be sent.

2. Send an invoice 

async function sendInvoice(invoice: YourInvoice) {
  return peppol.invoices.send({
    number: invoice.number,
    date: invoice.date,
    dueDate: invoice.dueDate,
    currency: invoice.currency ?? "EUR",
    buyerReference: invoice.buyerReference ?? invoice.recipient.reference,
    to: {
      name: invoice.recipient.legalName,
      peppolId: invoice.recipient.peppolId,
      street: invoice.recipient.street,
      city: invoice.recipient.city,
      postalCode: invoice.recipient.postalCode,
      country: invoice.recipient.country,
      vatNumber: invoice.recipient.vatNumber,
    },
    lines: invoice.lines.map((line) => ({
      description: line.description,
      quantity: line.quantity,
      unitPrice: line.unitPrice,
      vatRate: line.vatRate,
    })),
  });
}

Enter fullscreen mode Exit fullscreen mode

The important boundary: your product maps your invoice model to a provider JSON shape. Your product does not generate UBL XML directly.

3. Receive status updates

The Peppol pipeline is asynchronous. You do not want your UI to rely on a single success/failure boolean from send(). You want a local invoice state and a webhook handler.

Current getpeppr webhook events include invoice.sent, invoice.accepted, invoice.refused, invoice.error, invoice.registered, invoice.received, invoice.paid, and test.ping.

import express from "express";
import { webhooks } from "@getpeppr/sdk";

app.post(
  "/webhooks/getpeppr",
  express.raw({ type: "*/*" }),
  async (req, res) => {
    try {
      const event = await webhooks.constructEvent(
        req.body.toString("utf8"),
        req.headers["getpeppr-signature"] as string,
        process.env.GETPEPPR_WEBHOOK_SECRET!,
      );

      switch (event.type) {
        case "invoice.sent":
        case "invoice.accepted":
          markDeliveredInYourApp(event.data.invoiceId);
          break;

        case "invoice.refused":
        case "invoice.error":
          flagForReview(event.data.invoiceId, event);
          break;

        case "invoice.paid":
          markPaid(event.data.invoiceId);
          break;
      }

      res.sendStatus(200);
    } catch {
      res.sendStatus(400);
    }
  },
);

Enter fullscreen mode Exit fullscreen mode

The signature header is Getpeppr-Signature. Verify it on every request. Webhook URLs are public; they will be poked.

4. Validate offline before wiring the live API

The @getpeppr/cli package lets you generate, validate, and convert invoices locally.

npx @getpeppr/cli init my-invoice.json
npx @getpeppr/cli validate my-invoice.json
npx @getpeppr/cli convert my-invoice.json --validate -o invoice.xml

Enter fullscreen mode Exit fullscreen mode

This is useful before you connect your production invoice rows to a live Peppol send. Start with a representative sample: one normal invoice, one VAT exemption, one credit note, and one cross-border example.

If your SaaS needs delegated sending

If each of your customers needs to send under their own Peppol ID, ask your provider these questions before you commit to a rollout:

  • How do I create and verify a sender legal entity?
  • Is sender selection explicit in the API, or is it inferred from the API key?
  • How do you handle consent and KYB for each sender?
  • Can one platform account manage many sender legal entities?
  • Are sender events and invoice events scoped clearly enough for my tenant model?
  • What happens if a sender verification fails after the customer already started onboarding?
  • Which countries are actually supported for KYB today, not just "on the Peppol network"?

This distinction matters. Sending an invoice to a Peppol participant is one capability. Letting a SaaS platform onboard hundreds of legal senders is another.

What works country by country

Be explicit in customer conversations. "Peppol support" and "local e-invoicing compliance" are not always the same thing.

Region Practical status Notes
Belgium Domestic B2B structured e-invoicing live since 1 Jan 2026 Peppol is the main rail. Common scheme: 0208 for Belgian CBE/KBO.
Germany B2B e-invoice receiving obligation live since 1 Jan 2025; issuing phases in 2027-2028 Peppol can be part of the stack, but Germany is not Peppol-only. XRechnung/ZUGFeRD context matters.
France Rollout starts 1 Sept 2026 Requires approved platforms/PDP-style flows. Peppol alone is not the whole France compliance story.
Nordics Mature e-invoicing markets Strong Peppol usage, but sender onboarding and identifier schemes differ by country.
EU cross-border ViDA digital reporting from 1 July 2030 This is EU-wide digital reporting, not a blanket "Peppol mandate".

If you are scoping a customer migration, ask for two or three real invoice examples and the countries involved before estimating the work. The edge cases live in the invoice samples.

Migrating from in-house XML

If you already have an in-house UBL builder and an Access Point arrangement that you want to retire, keep the migration boring:

  1. Map your invoice model to the provider's JSON shape. Unit-test the mapper against representative invoices.
  2. Run offline validation and XML conversion in CI for a small fixture set.
  3. Send through sandbox first and compare the resulting XML with your current pipeline.
  4. Move read-only status display first, then flip sends for one low-volume customer.
  5. Keep the old path warm until you have enough successful production evidence to remove it safely.

You are not trying to make Peppol exciting. You are trying to make it disappear into infrastructure.

Next steps

If you are sizing this work for your SaaS:

  • Read the Belgium developer playbook for mandate context.
  • Spin up a sandbox key at getpeppr.dev and push a fake invoice through.
  • Validate one of your real invoices offline: npx @getpeppr/cli validate your-invoice.json.
  • If you are a platform that needs delegated sending for many customer legal entities, send us the countries and two or three real invoice examples. That is the fastest way to find the real integration shape.

No sales theatre. Just the actual invoice shape, the sender model, and the countries involved.

— Zero Loop Labs

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。