Home / VAT API / Integrations / Cloudflare Workers
Cloudflare Workers EU VAT Validation API
Validate EU VAT numbers at the edge with Cloudflare Workers and the TaxID API. Store your key as a Worker secret, proxy validation requests globally with sub-50ms latency, and cache valid results at the Cloudflare edge to cut repeat round-trips to VIES.
Quick start
CURL
curl -H "Authorization: Bearer YOUR_API_KEY" \ https://www.taxid.dev/api/v1/validate/DE/DE123456789
Code example
Full integration example including error handling for service_unavailable responses from VIES.
Workers (JS)
// Store your API key as a Worker secret:
// $ wrangler secret put TAXID_API_KEY
export default {
async fetch(request, env) {
const { searchParams } = new URL(request.url);
const country = searchParams.get('country');
const vat = searchParams.get('vat');
if (!country || !vat) {
return Response.json({ error: 'country and vat required' }, { status: 400 });
}
const res = await fetch(
`https://www.taxid.dev/api/v1/validate/${country}/${vat}`,
{ headers: { 'Authorization': `Bearer ${env.TAXID_API_KEY}` } }
);
const result = await res.json();
// Cache valid results at the Cloudflare edge for 1 hour
const ttl = result.valid ? 3600 : 0;
return Response.json(result, {
headers: { 'Cache-Control': ttl ? `max-age=${ttl}` : 'no-store' }
});
}
};cURL
# Test locally with wrangler:
# wrangler dev — then curl "http://localhost:8787?country=DE&vat=DE123456789"
# Or call the TaxID API directly:
curl "https://www.taxid.dev/api/v1/validate/DE/DE123456789" \
-H "Authorization: Bearer $TAXID_API_KEY"
# {
# "valid": true,
# "status": "active",
# "company_name": "Example GmbH",
# "cached": false
# }API response
The TaxID API returns a consistent JSON response for every validation:
{
"valid": true,
"status": "active",
"country_code": "DE",
"vat_number": "DE123456789",
"company_name": "Example GmbH",
"company_address": "Musterstraße 1, 10115 Berlin",
"request_date": "2026-05-10T00:00:00.000Z",
"cached": false,
"request_id": "req_01j..."
}activeVAT number is valid and the business is registered
invalidVAT number format is wrong or not registered in VIES
service_unavailableVIES or the national authority is temporarily down — retry later, do not silently zero-rate
Implementation steps
- 1
Get a free TaxID API key
Sign up at taxid.dev/signup for a free key with 100 validations/month. Store it as a Worker secret with wrangler secret put TAXID_API_KEY so it is encrypted at rest and accessed through the env binding — never hard-coded in your Worker source or wrangler.toml.
- 2
Write the fetch handler
In your Worker's fetch(request, env) handler, read the country and number from the request URL, then call https://www.taxid.dev/api/v1/validate/{country}/{vat} with an Authorization header built from env.TAXID_API_KEY. Return Response.json(result) so any origin app can consume it.
- 3
Cache valid results at the edge
Use the Cache API or a Cache-Control header to store 'active' responses at the Cloudflare edge for up to an hour, and skip caching 'invalid' or 'service_unavailable' results. Edge caching means a repeat lookup for the same number is served from the nearest data center without touching VIES again.
- 4
Guard the endpoint
Because a Worker is publicly reachable, add a shared-secret header check or Cloudflare Access in front of it so only your own apps can call it. This prevents third parties from burning your TaxID quota through your Worker.
- 5
Return structured results to callers
Forward the valid, status, company_name, and company_address fields to the calling application, which decides whether to apply reverse-charge. Keep the tax-treatment decision in your origin app, not the Worker, so business logic stays in one place.
Frequently asked questions
How do I store the TaxID API key in a Cloudflare Worker?
Use wrangler secret put TAXID_API_KEY to add it as an encrypted secret, then read it from the env argument of your fetch handler (env.TAXID_API_KEY). Do not place the key in wrangler.toml vars or in the Worker source, since those are not encrypted.
Can I cache VIES lookups at the Cloudflare edge?
Yes. Use the Workers Cache API or set a Cache-Control header on 'active' responses so Cloudflare serves repeat checks of the same VAT number from the edge for up to an hour. Do not cache 'service_unavailable' responses, or you would pin a transient outage.
Should I put tax logic in the Worker or the origin app?
Keep the Worker thin: it should validate and return the result, while the decision to apply reverse-charge belongs in your origin application alongside the rest of your billing logic. This keeps business rules centralized and testable.
How do I stop others from abusing my validation Worker?
Protect it with a shared-secret header that your apps send and the Worker checks, or place it behind Cloudflare Access. Since Workers are deployed on public URLs, an unprotected endpoint would let anyone consume your TaxID quota.
Country-specific API docs:
In-depth integration guide:
EU VAT validation in Cloudflare Workers
Run EU VAT validation at the Cloudflare edge with Workers. Store your API key as a Worker secret, validate VAT numbers globally with no cold starts, and cache results at the edge.
Start validating EU VAT numbers in Cloudflare Workers
Free plan — 100 validations/month. No credit card required.