REST API Reference — DPP Automate Docs

The DPP Automate REST API issues, retrieves, mutates, and exports Digital Product Passports — plus all the surrounding primitives (API keys, organisation profile, integrations, billing). Every endpoint accepts and returns JSON. Every request carries a bearer token. There is no SDK — talk to the API directly from whatever HTTP client your stack already uses.

Base URL

All endpoints below are rooted at the production base URL. Sandbox and production share the same URL — environments are scoped by the key prefix (sk_test_… vs sk_live_…).

Base URL

https://api.dppautomate.com/v1

Authentication

DPP Automate uses bearer-token authentication. Every request must carry an Authorizationheader with your API key. Generate keys from the dashboard's API Keys page and export them as DPP_API_KEY in your shell so the snippets below pick them up automatically.

Header

Authorization: Bearer YOUR_API_KEY

Heads up — Never expose API keys in client-side code. Always issue calls from your server. If a key leaks, rotate it from the dashboard immediately — the old key is invalidated within a minute.

Endpoints

The full surface, grouped by resource. Every endpoint requires authentication. Path parameters are written as :id.

GET/passportsList, search, filter, and paginate passports.

POST/passportsCreate a full EU DPP passport or a simplified payload.

GET/passports/:idRetrieve one passport in raw JSON or JSON-LD.

PATCH/passports/:idUpdate any passport section or status.

DELETE/passports/:idDelete a passport.

POST/passports/:id/archiveArchive a passport.

POST/passports/:id/restoreRestore an archived passport.

POST/passports/:id/favoriteToggle the favourite flag.

GET/passports/:id/qrGenerate production QR codes as SVG, PNG, or JSON.

GET/passports/statsGet dashboard passport statistics.

POST/passports/importBulk import parsed passport rows.

GET/passports/exportExport passports as JSON, JSON-LD, or CSV.

GET/api-keysList API keys (secrets are never returned again).

POST/api-keysCreate an API key and receive the secret once.

POST/api-keys/:id/rotateRotate a key with a grace period.

GET/organizationRead organisation profile and stats.

PATCH/organizationUpdate organisation profile fields.

GET/integrationsList connected integrations.

POST/integrationsConnect or configure an integration.

GET/notificationsList, filter, mark, and delete notifications.

GET/settingsRead and update notification + regional settings.

GET/teamManage team members and invitations.

GET/billingRead subscription, usage, invoices, and checkout links.

POST/ai/chatAsk the DPP assistant with account context.

POST/ai/analyze-imageAnalyse a product image into a passport draft.

GET/deadlinesRead and manage manual compliance deadlines.

GET/activitiesRead the dashboard activity feed.

Examples

Three of the most common calls — list, fetch, and create — using cURL. Translate the headers and JSON body verbatim into any HTTP client; the wire format is identical.

List passports

Paginated, filterable index of passports owned by your organisation. Supports status, category, and per_page query parameters.

cURL

curl https://api.dppautomate.com/v1/passports?status=active&per_page=25 \
  -H "Authorization: Bearer $DPP_API_KEY" \
  -H "Content-Type: application/json"

A typical response — paginated under meta:

JSON

{
  "data": [
    {
      "id": "psp_01HQ7K9ZJX8N4MRB5VS0YQ2F3T",
      "object": "digital_product_passport",
      "status": "active",
      "identification": {
        "productName": "Sustainable Water Bottle",
        "productCategory": "Packaging",
        "gtin": "9876543210123"
      },
      "sustainability": {
        "sustainabilityScore": 85,
        "recyclabilityClass": "A"
      },
      "createdAt": "2026-05-06T10:30:00.000Z"
    }
  ],
  "meta": {
    "total": 42,
    "page": 1,
    "per_page": 20
  }
}

Create a passport

POST the minimum identification + materials payload to issue a passport. The response carries the canonical id, qrUrl, and publicUrlyou'll persist on your side.

cURL

curl https://api.dppautomate.com/v1/passports \
  -X POST \
  -H "Authorization: Bearer $DPP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "productName": "Sustainable Water Bottle",
    "productCategory": "Packaging",
    "gtin": "9876543210123",
    "description": "Reusable bottle made from recycled materials",
    "brandName": "Eco Bottle Co",
    "country": "Switzerland",
    "contactEmail": "compliance@example.com",
    "materials": [
      { "name": "Recycled Plastic", "percentage": 85 },
      { "name": "Stainless Steel",  "percentage": 15 }
    ],
    "certifications": ["EU Ecolabel", "Blue Angel"]
  }'

Rate limits

Rate limits depend on your subscription plan and apply per API key. Exceeding the limit returns a 429 Too Many Requests with a Retry-After header — back off and retry.

Plan	Requests / min	Requests / day
Free	10	100
Starter	60	5,000
Professional	300	50,000
Enterprise	Unlimited	Unlimited

Errors

The API uses conventional HTTP status codes. Successful responses live in the 2xx range. Client errors return 4xx with a JSON body carrying error.code and error.message. Server errors return 5xx — safe to retry with exponential backoff.

400Bad RequestInvalid request parameters.

401UnauthorizedMissing or invalid API key.

403ForbiddenInsufficient permissions for this scope.

404Not FoundResource does not exist or has been deleted.

429Too Many RequestsRate limit exceeded — back off and retry.

500Server ErrorUnexpected error on our side; please retry.

Need help integrating? Contact support and we'll get back within one business day. Sandbox-related questions are handled in < 4 h.