Yokoy API Integration Research

Date: 2026-05-13 Product: Yokoy (yokoy.io / yokoy.ai) -- AI-powered spend management suite, Zurich Purpose: Evaluate Yokoy's API capabilities for Orcha integration -- specifically for a German customer evaluating Yokoy as a Pleo alternative for employee credit cards while continuing to use Orcha for AP invoices and DATEV for accounting.

Important Context: What Yokoy Actually Is, and the TravelPerk (not Sage) Acquisition

Yokoy is NOT an ERP or accounting system. Like Pleo, Moss, Payhawk, and Spendesk, it is a spend management platform that handles:

Corporate credit cards (physical + virtual, Visa-issued via Transact Payments Malta/UK)
Supplier invoice capture & AP workflows ("Yokoy Invoice" module)
Employee expenses & per diems & mileage ("Yokoy Expense" module)
Pre-accounting (AI-powered expense categorization, in-house ML model)
Business payments ("Yokoy Pay") and FX

Yokoy sits upstream of the ERP -- it captures, codes, and approves expenses, then exports pre-accounted data to the customer's accounting/ERP system (DATEV, Business Central, Xero, NetSuite, SAP, etc.).

Correction on the customer brief: Yokoy was acquired by TravelPerk, not Sage

The original prompt described Yokoy as "acquired by Sage in 2024." That is incorrect. Yokoy was acquired by TravelPerk on 28 January 2025, as part of a $200M Series E that valued the combined company at ~$2.7B. The parent company has since rebranded from TravelPerk to "Perk" -- the domain yokoy.io now 301-redirects to perk.com for most marketing pages, while help.yokoy.ai, developer.yokoy.ai, app.yokoy.ai and api.yokoy.ai remain operational for product / API / customer surfaces. There is no Sage acquisition or partnership; Sage Intacct only appears in Yokoy's outbound ERP-integration list as a connector target, not as a corporate parent. Perk press release ; Speedinvest case study

Implication for Orcha: The acquisition is recent (15 months old) and the product is in an integration transition -- marketing pages and brand have moved to perk.com, but the product, developer portal, API, and DATEV integration remain branded "Yokoy" and operate from the yokoy.ai domains. There is no public indication that the API surface has changed materially since the acquisition; this should be re-checked at implementation time.

Implication for the customer scenario: Yokoy and Orcha overlap exactly as Pleo/Payhawk/Spendesk do -- both capture, code, and approve expenses, then push to the ERP. Yokoy is a peer (spend management) layer, not a target system to push invoices into. The integration question is narrower:

Can Orcha read card transaction data from Yokoy to provide unified spend analytics alongside its invoice corpus?
Can Orcha write reference data (chart of accounts, cost centers/objects, tax codes, suppliers) into Yokoy so the customer's card-coding stays consistent with the AP coding Orcha already drives?

Both directions are feasible -- with significant nuances around export cadence and DATEV depth. See sections 5 and 7.

1. Summary -- Capability Matrix

Capability	Public API	Via Workato	Via Zapier/Make/n8n	Via DATEV	Via CSV/SFTP	Verdict
Read expenses (card + reimbursable + per diem)	YES (`GET /expenses`)	NO	NO	N/A	YES	Available now
Read invoices	YES (`GET /invoices`)	NO	NO	N/A	YES	Available now
Read trips (T&E)	YES	NO	NO	N/A	YES	Available now
Read company card transactions	YES (Company Cards / Card Accounts resources in OpenAPI)	NO	NO	N/A	NO	Available now
Read individual expense / invoice detail	YES (GET by ID)	NO	NO	N/A	N/A	Available now
Realtime webhooks (`expense.status.changed`, etc.)	PARTIAL / UNCLEAR -- Business Central connector docs reference "Yokoy webhooks notify Business Central about changes in document status", but no public webhook subscription endpoint surfaced in the swagger excerpt	NO	NO	N/A	N/A	Limited -- batch export is the primary push mechanism
Scheduled/automatic export jobs (hourly / daily / weekly / monthly batches)	YES	NO	NO	YES (to DATEV)	YES (to file)	Available now
Read receipt/invoice documents	YES (Business Central connector confirms documents retrieved via Yokoy API)	NO	NO	YES (to DATEV Belege Online)	N/A	Available now -- URL TTL not publicly documented
Read suppliers / vendors	YES (Suppliers resource in OpenAPI; visible in UI under Invoice Processor)	NO	NO	N/A	YES (export)	Available now
Write suppliers / vendors	YES via API import (POST) / CSV / SFTP -- explicitly designed for ERP-as-source-of-truth pattern. Yokoy UI does NOT allow manual create/edit -- API/CSV only.	NO	NO	NO (DATEV side doesn't expose master data to Yokoy)	YES (up to 2,000/file)	Available now (write-only flow)
Read chart of accounts (Categories)	YES (Categories / Expense Categories)	NO	NO	N/A	YES	Available now
Write chart of accounts	YES (POST/PATCH Categories)	NO	NO	NO (DATEV doesn't expose master data)	YES	Available now
Read/write cost centers / projects (Cost Objects)	YES (full CRUD: GET / POST / PATCH/PUT / DELETE) -- maps to DATEV KOST1/KOST2 via "Code (ERP)" field	NO	NO	NO (must be set up in DATEV first)	YES (up to 2,000/file)	Available now
Read/write tax codes (Tax Rates)	YES (full CRUD; "VAT Code (ERP)" field for BU mapping; up to 150/CSV)	NO	NO	NO	YES	Available now
Read employees / users	YES (Users resource)	NO	NO	N/A	YES	Available now
Write employees	YES (Users POST/PATCH)	NO	NO	N/A	YES	Available now
Upload FX rates	YES	NO	NO	N/A	N/A	Available now
Mark expenses as exported (close the loop)	YES (via Export Job resource)	NO	NO	YES (auto)	YES	Available now
Push invoices into Yokoy	Email inbox / UI upload (POST invoice exists for "external invoices" but not the primary path)	NO	NO	NO	NO	Not the primary path; not relevant for this customer
Trigger / manage approvals	NO (read-only)	NO	NO	N/A	N/A	Not available

Overall assessment: Yokoy's API is technically broad -- it covers reference-data CRUD across the four objects we care about (suppliers, chart of accounts/categories, cost objects, tax rates) with OAuth 2.0 auth and an OpenAPI 3.0 spec -- and is free on all plans. But on the critical "realtime" axis that drove this customer's Pleo evaluation, Yokoy is closer to Pleo than to Payhawk: the primary push mechanism for outbound data is the scheduled Export Job (hourly / daily / weekly / monthly), not event-driven webhooks. Webhooks exist (the Business Central connector consumes them for document-status changes) but are not first-class in public documentation -- there is no published POST /webhooks/subscriptions endpoint and no enumerable event catalog. DATEV depth is the weakest area in the comparison: Yokoy's DATEV integration is one-way export-only (Yokoy -> DATEV Buchungsdatenservice + Belege Online), with explicit acknowledgement in Yokoy docs that "DATEV does not expose any endpoints to get master data for Yokoy" -- meaning chart of accounts, KOST1/2, and tax codes must be configured manually in Yokoy first, with no auto-sync from DATEV.

2. API Landscape

API Layers

API	Base URL	Purpose
Production API (v1)	`https://api.yokoy.ai/v1/`	Main REST API
Sandbox / test API	`https://test.yokoy.ai/` (referenced in third-party SDK)	Pre-production testing
OpenAPI 3.0 Spec	`https://api.yokoy.ai/v1/swagger.json`	Machine-readable spec
Developer Portal	`https://developer.yokoy.ai/`	Documentation hub, API reference, tutorials, release notes
Help Center (developer section)	`help.yokoy.ai/en/articles/213992-yokoy-api`	Conceptual overview
Partner Portal	`partners.yokoy.ai`	DACH-focused partner program

Note: The developer portal at developer.yokoy.ai is a JavaScript-rendered SPA. WebFetch returns the navigation hub but not the actual rendered endpoint detail pages. The swagger.json at api.yokoy.ai/v1/swagger.json is the authoritative machine-readable source.

Authentication

Method	Details
OAuth 2.0 (client credentials)	Primary auth method
Credential generation	Admin > Developer > Access credentials > Generate credentials -> "OAuth Credentials"
Credentials returned	Client ID + Client Secret (non-recoverable -- store safely)
Org ID	Required separately, found in Admin section
Token endpoint	Standard OAuth 2.0 client-credentials flow; specific endpoint URL not publicly surfaced (returned in dev portal after auth)
Header signal	`X-Yk-Auth-Method: yokoy` (per swagger), `X-Yk-Correlation-Id` for request tracing
Role requirement	Only users with a Developer role can issue API credentials. Developer role grants permissions to modify master data across legal entities.
Org scoping	Credentials are organization-scoped; multiple credential sets can coexist for different applications
Revocation	Available at any time via the same UI

This is the same security posture as Pleo (OAuth 2.0 client credentials) and stronger than Payhawk (static API keys). Help: Get access credentials

Rate Limits

Not publicly documented. The swagger.json defines an HTTP 429 response shape, confirming rate limiting exists, but no explicit per-second / per-minute ceiling is surfaced in public docs. For comparison: Pleo is 600/min, Payhawk is 15/s, Spendesk and Moss similarly publish their limits. Assume Yokoy enforces limits and plan with backoff; the actual ceiling will need to be confirmed during implementation via 429 testing or partner inquiry.

API Categories

Confirmed via the swagger.json sweep, help center articles, and the unofficial open-source dylanj/yokoy Postgres-sync tool (which targets every endpoint Yokoy exposes for one-way data extraction):

API Category	Read	Write	Notes
Expenses	GET (filterable via SCIM filter syntax, e.g. `created ge 2025-01-23 and facilityId eq expense`; paginated 100/page cursor)	POST (create), PATCH (update)	Both card + privately-paid + per-diem + mileage
Invoices	GET, GET by ID	POST (incl. "external invoice" upload), PATCH	Includes line items, suppliers, tax breakdown
Trips (T&E)	GET	POST/PATCH	Trip-level container for expenses
Company Cards / Card Accounts	GET	(managed via banking/issuing layer, not API)	Card master data
Card Transactions	GET	--	Raw transaction feed, matched/unmatched status
Suppliers	GET	POST (bulk import), PATCH	Org-level + per-legal-entity activation via `externalId`
Categories (Chart of Accounts)	GET	POST, PATCH, DELETE	Maps to GL accounts
Cost Objects (cost centers + projects + teams)	GET	POST, PATCH/PUT, DELETE	Hierarchical (parent-child), with `Code (ERP)` for KOST1/2 mapping
Tax Rates	GET	POST, PATCH, DELETE	Country-scoped, with `VAT Code (ERP)` field
Payment Terms	GET	POST/PATCH	Net 30 etc.
Users	GET	POST/PATCH	Employee directory
Legal Entities	GET	PATCH (limited)	Multi-entity scoping
FX Rates	GET	POST	Upload your own rates
Purchase Orders / Goods Receipts	GET, POST	POST	For procure-to-pay customers (likely not relevant to this customer scenario)
Export Jobs / Export Tasks	GET	POST (trigger), PATCH (mark exported)	Batch workflow for closing the loop with the ERP
Webhooks	NOT EXPOSED in public swagger excerpt seen	NOT EXPOSED in public swagger excerpt seen	Yokoy clearly DOES emit webhooks (Business Central connector consumes "document status changed" events), but the subscription-management endpoint is not visible in the publicly fetched swagger -- this needs verification via authenticated developer portal access or partner channel

Pagination

SCIM-style filter syntax (e.g. created ge 2025-01-23 and facilityId eq expense)
count + cursor parameters, max 100 items/page
Standard for bulk reads

Versioning / Deprecation

API is on v1. No public deprecation schedule. Third-party SDK (dylanj/yokoy) notes API inconsistencies (country code naming, status as int vs string) suggesting the v1 namespace has evolved without rev-bumps.

3. Write Capability Verification

Confidence: HIGH for reference data (suppliers, categories, cost objects, tax rates, users); LOWER for webhook subscriptions and approval triggers.

Yokoy's API is explicitly designed around an "ERP as source of truth, Yokoy as the consumer" pattern. The Yokoy help center is unambiguous about this:

"The source of truth for supplier data should always be the supplier master data in your company's ERP system. Therefore, it is not possible to manually create new suppliers or edit supplier data in Yokoy." -- Suppliers in Yokoy

This is the inverse of Pleo's design (where suppliers can be created freely in the Pleo UI). For Orcha-as-AP-authority, this is actually more aligned with how Orcha already operates -- write from the system of record, don't expect Yokoy to be the master.

Confirmed Write Endpoints / Operations

Operation	Method	Confidence	Source
Create / update / delete cost object	POST / PATCH / DELETE	HIGH	Help: Set up cost objects explicitly says "Yokoy API lets you manage cost objects in Yokoy via HTTP request. You can use a GET, POST, DEL and PATCH/PUT requests"
Create / update tax rate	POST / PATCH	HIGH	Help: VAT/Tax rates lists API as one of three setup methods alongside manual + CSV
Create / update supplier	POST / PATCH (bulk import semantics)	HIGH	Help: Suppliers in Yokoy lists API as one of three import methods (API, SFTP, CSV); explicitly no UI create path
Create / update category (CoA)	POST / PATCH	HIGH	Confirmed in Business Central connector article -- GL Accounts sync as invoice/expense categories via API
Create / update user	POST / PATCH	HIGH	Confirmed in Business Central connector article and partner program docs
Upload FX rate	POST	HIGH	Help: Yokoy API -- "upload your own foreign exchange rates"
Create expense / invoice	POST	MEDIUM-HIGH	Listed in swagger; not the primary inbound path for the customer's scenario (Orcha is the AP authority)
Trigger export job	POST	HIGH	Confirmed in Export setup article
Mark expense as exported	PATCH	HIGH	Implicit in export job lifecycle

Key Limitations

No documented webhook subscription create / update / delete via public API. The Business Central connector consumes Yokoy webhooks for document-status changes, confirming webhooks exist server-side, but the subscription endpoint is not visible in the public swagger excerpt we could fetch, and no help-center tutorial documents how to subscribe externally. This is the single biggest gap for an Orcha real-time read integration -- see Section 7.
No approval trigger / approve / reject via API. Read-only on workflow status.
No card issuance via API. Card lifecycle handled via UI / banking partner (Transact Payments).
No DATEV-side master data sync. Yokoy's DATEV integration runs Buchungsdatenservice only, which does not expose master data. Master data must be set up in Yokoy first (manually, via CSV, or via API from Orcha/the ERP); DATEV will not push down chart of accounts / KOST1/2 / tax codes to Yokoy.

4. iPaaS & Middleware Findings

Platform	Yokoy Connector?	Quality	Details
Zapier	NO	--	Direct site search returned only "YoCo Board" / unrelated apps. No Yokoy app in Zapier marketplace.
Make.com	NO	--	Direct site search returned "Yoobic" / unrelated apps. No Yokoy app published.
Workato	NO	--	No Yokoy entry surfaced in Workato's connector directory.
Celigo	NO	--	Not in marketplace.
n8n	NO native or community node	--	No published community node found; would have to use generic HTTP Request node + OAuth 2.0 credential.
Tray.io	NOT CONFIRMED	--	Not surfaced.
TravelPerk (now Perk -- the parent)	YES (native)	Production	Auto-import of trip data from TravelPerk into Yokoy, since the 2025 acquisition consolidated both products.
Personio (HRIS)	YES (native)	Production	Listed on Personio Marketplace; SCIM-style user sync.

No general-purpose iPaaS supports Yokoy. This is worse than Pleo (which has a Zapier app) and roughly equivalent to Payhawk before its Workato listing. The implication: any non-Orcha customer extension would have to be built directly against the Yokoy REST API or via SFTP/CSV. The single Yokoy partner-program perk is "access to API and sandbox tools to develop custom integrations" -- i.e. the API is the official integration path, not an iPaaS layer.

5. Alternative Channels

DATEV Integration (Native)

This is the most important channel for the customer scenario and the weakest area in the Yokoy vs Payhawk comparison.

Aspect	Detail
DATEV products supported	DATEV Buchungsdatenservice (booking data service) + DATEV Unternehmen Online (DUO) for document storage / Belege Online + DATEV Rechnungswesen (Kanzlei or Mittelstand Faktura) for posting
Direction	Outbound only (Yokoy -> DATEV). "DATEV does not expose any endpoints to get master data for Yokoy. Therefore, this integration covers the export of booking data only." -- Yokoy DATEV integration doc
Outbound (Yokoy -> DATEV) -- booking data	CSV-format journal entries posted to DATEV's Rechenzentrum via Buchungsdatenservice; converted into Buchungsstapel for the accountant to review/post in Kanzlei-Rechnungswesen or Mittelstand Faktura
Outbound (Yokoy -> DATEV) -- documents	Receipts (PNG/JPG/PDF) delivered to DATEV Belege Online (under DUO) in the folder structure `Belegablage/Yokoy/Spesen/YYYY/MM`. Standard Yokoy expense-summary PDFs can also be sent.
Inbound (DATEV -> Yokoy)	NONE. No chart of accounts pull, no KOST1/KOST2 pull, no tax-code pull, no supplier pull. All these must be configured in Yokoy first (manually, via CSV, or via Yokoy API from another system).
Setup	Wizard-driven inside Yokoy admin. Prerequisites: tax advisor enables Buchungsdatenservice in DATEV; OAuth flow against DATEV; SKR03/SKR04/SKR07 chart of accounts selected; G/L account length set; KOST1 + KOST2 configured manually; business year start configured; `Belegfeld 1` + cost center field mappings configured.
Authentication	Long-term token -- "Yokoy uses only a long-term token when connecting with DATEV, allowing the user to set up the connection once and then automatically export bookings thereafter."
Speed	Batch, not real-time. Triggered by either manual finance review/approval or by the configured Export Job schedule (hourly / daily / weekly / monthly).
Booking-date / locked-period handling	Posting-date control via "earliest posting date" parameter at export time; respects whether bookings are set as locked in Yokoy.
DATEV-listed?	Yes, via the DATEV Marketplace and DATEV Magazin coverage. Yokoy news release (now `perk.com/news/datev-yokoy/`).

Implication for Orcha-in-customer-stack: Because Yokoy's DATEV path is one-way, the customer cannot rely on DATEV-as-master to back-fill chart of accounts / cost objects / tax codes into Yokoy. Either:

The customer configures Yokoy's reference data manually (CSV imports of CoA, cost objects, tax rates) and accepts drift risk vs DATEV/Orcha; OR
Orcha becomes the sync authority for Yokoy reference data -- pushing chart of accounts, cost objects, tax rates, and suppliers into Yokoy via the Yokoy API, sourced from Orcha's own master / from DATEV (via Orcha's DATEV integration). This is the highest-value Orcha integration role in this scenario.

This is the opposite of how Payhawk handles DATEV (bidirectional via DATEV Cloud Services / RDS 1.0) and is materially weaker.

Native ERP/Accounting Integrations

Confirmed list (non-exhaustive):

System	Connection Type	Direction
DATEV (Buchungsdatenservice + DUO + Rechnungswesen)	API + CSV	Export only
Microsoft Dynamics 365 Business Central	API (Yokoy "Spend Management Connector" -- installed in BC, calls Yokoy API)	Bidirectional master data + bidirectional document sync; uses Yokoy webhooks for document-status notifications
SAP S/4HANA Cloud	API (pre-built connector)	Bidirectional
Oracle NetSuite	API (pre-built connector)	Bidirectional
Xero	API	Bidirectional
Sage 50	API/CSV	Export
Sage Intacct	API	Export (no Sage corporate relationship despite the connector)
Pagero	API (e-invoicing)	Bidirectional
TravelPerk / Perk	API	Trip import

HRIS Integrations

Personio (DACH), plus more via the Yokoy API. SCIM-style user sync.

Webhooks

Aspect	Detail
Available	YES (server-side) -- explicitly referenced in BC connector article: "Yokoy's webhooks notify Business Central about changes in document status"
Public subscription endpoint	NOT SURFACED in public swagger excerpt. Not surfaced in the dev portal landing pages (JS-rendered SPA blocks WebFetch from rendering subscriber pages). Not documented in any help-center article.
Event examples	"Document status changed" (per BC connector). Likely follow the status transitions enumerated in Different statuses in Yokoy: expense status (Draft -> In approval -> In review -> Ready for export -> Exported), invoice status, card transaction status (Matched / Not matched).
Signature verification	Not publicly documented
Real-time?	Unclear -- the BC connector pattern suggests yes for document-status notifications, but the primary outbound mechanism for full-fidelity data is the scheduled Export Job, not the webhook
Retries	Not publicly documented

This is the single biggest unverified question for Orcha read-side integration. If Yokoy webhooks are subscriber-managed (like Pleo via Svix or Payhawk's RSA-signed webhooks), Orcha can do real-time reads. If they are partner-only (configured for known ERP connectors via Yokoy's internal setup, with no public subscription API), Orcha will be limited to the Export Job batch cadence (best case: hourly). The Business Central case suggests the latter (Yokoy "notifies Business Central" -- implying a known target), but the answer needs verification with Yokoy/Perk partner-channel contact before committing engineering effort.

Scheduled Export Jobs (the documented primary push mechanism)

This is what Yokoy actually wants you to use for outbound data flows:

Aspect	Detail
Trigger frequencies	Hourly (top of hour) / Daily (02:00 CET) / Weekly (selected day, 02:00 CET) / Monthly (selected day-of-month, 02:00 CET)
Trigger type	Schedule-based, not event-driven
Spend types	Expenses, company card transactions, travel expenses, invoices (separate job config per type)
Output	Either CSV-style export file (for file-based facilities like DATEV) or API push (for API-integrated facilities)
Status filter	Only `Ready for export` items are picked up
Constraint	Only one automatic job per export facility + spend type

This is the same pattern as Pleo's Export Jobs API -- closing-the-loop batch -- and explicitly not the real-time event model that the customer wanted as a Pleo improvement.

CSV / SFTP Exports

All reference-data objects (suppliers, cost objects, tax rates) support standard CSV templates with UTF-8/UTF-16/Latin1 encoding
Supplier imports up to 2,000 records per file; tax rates 150 per file; cost objects 2,000 per file
SFTP option with SSH-key auth for automated transfers
Many ERP-specific export formats supported alongside the standard Yokoy format

6. Licensing & Access Requirements

API Access

Yokoy's Open API is free across all plans. Per Yokoy's marketing: "Yokoy offers all partners as well as consumers the free 'OpenAPI' platform." This positions Yokoy similarly to Payhawk (free on all plans) and unlike Pleo (Advanced tier $109/mo+ required).

There is no API-tier gating documented. Any paying Yokoy customer with a Developer-role user can issue OAuth credentials in Admin > Developer.

Plan Pricing (Quote-Only)

Yokoy does not publish pricing. Confirmed across G2, Capterra, GetApp, SaaSworthy, SoftwareAdvice, Gartner Peer Insights, Tekpon, SpotSaas -- every third-party listing reports "Contact vendor for pricing" or "No pricing info." There is no public per-user, per-card, or per-transaction-volume price card.

What is publicly known about the pricing structure:

Module-based: Yokoy Expense (incl. card transactions), Yokoy Invoice, Yokoy Pay are sold as separate modules
Yokoy Pay requires Yokoy Expense as a prerequisite
Custom-priced, sized by company size + module set + transaction volume
Free trial available
No published per-user rate; some third-party aggregators speculate "$10-$100" but this is unverified

For the customer scenario: Only Yokoy Expense (cards + card transactions + reimbursements) is relevant since Orcha covers AP and DATEV covers accounting. The customer should NOT need Yokoy Invoice or Yokoy Pay. The customer will need to request a quote -- expect a discovery + scoping call rather than a self-serve checkout flow.

Customer Setup Checklist

Customer purchases a paying Yokoy plan with Yokoy Expense module (quote-only)
Admin assigns a user the Developer role
Developer-role user goes to Admin > Developer > Access credentials > Generate credentials > OAuth Credentials
Capture Client ID + Client Secret + Organization ID
(For DATEV) Tax advisor enables Buchungsdatenservice in DATEV; finance team runs the Yokoy DATEV wizard to map CoA (SKR03/04/07), KOST1/2, tax codes, and booking parameters
(For Orcha read-side) Test the Yokoy API via swagger.json; specifically probe whether a public webhook subscription endpoint is exposed in the authenticated portal that wasn't visible in the public spec excerpt
If no public webhook endpoint: configure an automatic Export Job to the most frequent supported cadence (hourly) targeting an Orcha-accessible file/API facility; OR contact Perk partner channel to discuss webhook subscriber enablement
(For Orcha write-side) Use API or CSV/SFTP to push suppliers (with externalId = DATEV supplier code), categories (CoA), cost objects (with Code (ERP) = KOST1/2 codes), and tax rates (with VAT Code (ERP) = DATEV BU code) into Yokoy

7. Orcha-Specific Deep Dive

Critical Question Comparison: Yokoy vs Pleo on the Customer's Pain Points

Pain Point with Pleo	Yokoy Status	Source
Realtime transaction webhooks -- Pleo gates expense data behind customer-triggered Export Jobs (monthly cadence)	PARTIAL. Yokoy's primary outbound mechanism is its scheduled Export Job (hourly / daily / weekly / monthly) -- same architectural pattern as Pleo, but hourly is at least a viable cadence vs Pleo's typical monthly. Real-time webhooks exist server-side (BC connector consumes them) but no public subscription endpoint surfaced in fetched swagger. This is the most important verification item before committing.	Automatic Export Job for expenses ; BC connector article
Receipt URL longevity -- Pleo expires receipt URLs after 24h	NOT PUBLICLY DOCUMENTED. Yokoy makes receipts retrievable via the API (BC connector "retrieves receipts and attachments from the Yokoy API"); receipts are also persisted to DATEV Belege Online under `Belegablage/Yokoy/Spesen/YYYY/MM`. URL TTL policy not stated -- could be permanent (DATEV-backed), could be signed-with-TTL. Needs empirical probe in a Yokoy sandbox: fetch expense, capture receipt URL, attempt re-fetch at T+1h / T+6h / T+24h / T+7d.	BC connector article ; DATEV integration doc
Full CRUD on reference data (vendors, CoA, cost centers, tax codes)	YES, 4 of 4 -- but with the constraint that suppliers are API/CSV-only (no UI create/edit), reflecting Yokoy's ERP-as-source-of-truth philosophy. Cost objects: full CRUD via API (explicitly documented). Tax rates: API/CSV write. Categories (CoA): API write. Suppliers: API/CSV/SFTP write only. ERP-code mapping fields exist for all four (`externalId` for suppliers, `Code (ERP)` for cost objects, `VAT Code (ERP)` for tax rates).	Help: Set up cost objects ; Help: VAT/Tax rates ; Help: Suppliers ; Help: Upload suppliers via CSV
DATEV native integration depth	WEAK -- export-only, no master data inbound. Yokoy DATEV runs Buchungsdatenservice + Belege Online + Rechnungswesen export; one-way, batch, CSV journal format. Explicitly acknowledges DATEV doesn't expose master data endpoints to Yokoy. Wizard setup. Compare to Payhawk's bidirectional DATEV Cloud Services / RDS 1.0 integration which is materially deeper.	DATEV integration for expenses
API access pricing tier	API is free on ALL plans. Same as Payhawk; better than Pleo (which requires Advanced $109/mo+). Quote-only base pricing.	Yokoy API page (redirects to perk.com); Help: Yokoy API
Field completeness on transactions	LIKELY COMPLETE based on swagger schema (expense resource includes amount, currency, FX-related fields, merchant, category, cost objects, tax, employee, card metadata, document references, expense type, status) plus separate Card Transactions resource for raw card-tx feed. Exact JSON field names (last-4, virtual/physical flag, approver chain) require authenticated swagger inspection -- not viewable from public web.	api.yokoy.ai/v1/swagger.json ; dylanj/yokoy unofficial SDK
TravelPerk (originally cited as Sage) acquisition impact	No documented API breaking changes since Jan 2025 acquisition. Brand rebranded TravelPerk -> Perk; yokoy.io marketing pages 301 to perk.com; product surfaces (app.yokoy.ai, api.yokoy.ai, help.yokoy.ai, developer.yokoy.ai) remain operational under Yokoy branding. Integrated TravelPerk (now Perk core) is now a native trip-import source. No Sage involvement at all.	Perk press release ; Speedinvest case study

Critical Question: What Role Does Yokoy Play Relative to Orcha?

Yokoy and Orcha have overlapping functionality in the Yokoy Invoice module -- but the customer scenario in scope explicitly excludes Yokoy Invoice (and Yokoy Pay). The customer is buying Yokoy Expense only for cards + reimbursements. The split is:

Capability	Yokoy (Expense module only)	Orcha
Invoice capture (OCR)	(yes, but module not in use by this customer)	YES (core product)
Card transaction capture	YES	NO
Card transaction pre-accounting	YES (AI-powered, in-house ML)	NO
Reimbursements (mileage, per diem)	YES	NO
Cost center / project coding	YES (Cost Objects)	YES
DATEV push	YES (Buchungsdatenservice + Belege Online, batch)	YES (direct integration)
Approval workflows	YES (read-only via API)	Depends on customer

So with Yokoy Invoice off, Yokoy's responsibility is cards + reimbursements + their export to DATEV, and Orcha's responsibility is AP invoices + their export to DATEV. The two streams converge in DATEV, not in either spend tool -- but Orcha may also need to be the reference-data sync authority writing into Yokoy because DATEV doesn't push master data into Yokoy.

Integration Scenarios for the Customer

Scenario A: Orcha reads card transaction + expense data FROM Yokoy for unified spend analytics (PRIMARY USE CASE)

Feasibility: MEDIUM-HIGH, with the realtime caveat
Path 1 (preferred if webhooks accessible): Subscribe webhooks for expense.status.changed -> Orcha endpoint. Verify public webhook subscription endpoint exists via authenticated dev portal access; if not, escalate to Perk partner channel.
Path 2 (fallback, documented): Configure automatic Export Job at hourly cadence to push expense + card-tx data to an Orcha-side endpoint (API facility) or SFTP location. Orcha polls / consumes the drop.
For full-fidelity detail: GET /expenses/{id}, GET /invoices/{id}, GET /trips/{id} after notification.
For raw pre-review card tx: GET /card-transactions (catches transactions before user matching, useful for very-early-stage spend analytics).
For receipts: documents are retrievable via API (confirmed in BC connector docs). Mirror to Orcha S3 at retrieval time as a default-safe approach pending URL-TTL probe.

Scenario B: Orcha writes reference data INTO Yokoy for consistent coding (HIGH-VALUE SECONDARY USE CASE)

Feasibility: HIGH -- and arguably higher-value than in the Payhawk scenario because Yokoy DATEV doesn't auto-sync master data.
Suppliers: bulk import via API (POST suppliers) or CSV/SFTP. Set externalId = DATEV supplier code. Critical because Yokoy UI doesn't allow manual creation -- Orcha (or DATEV-aware tooling) MUST be the source.
Categories (CoA): POST/PATCH via API. Map to SKR03/04/07 GL accounts. Critical because DATEV doesn't push these to Yokoy.
Cost objects (cost centers / projects): POST/PATCH via API. Set Code (ERP) = KOST1/KOST2 code. Hierarchical supported.
Tax rates: POST/PATCH via API. Set VAT Code (ERP) = DATEV BU code (BU7/8/9 + custom). Country-scoped.
Users: POST/PATCH via API (or rely on Personio HRIS sync if customer is on Personio).

Scenario C: Customer migrates AP from Orcha to Yokoy Invoice

NOT relevant for this customer scenario. Customer keeps Orcha for AP.

Scenario D: Orcha pushes invoices into Yokoy

NOT NEEDED -- customer is not using Yokoy Invoice. Even if they were, the primary path is email-to-inbox / UI upload; a POST /invoices endpoint exists in swagger but is not the documented happy path.

Key API Differences vs Pleo and Payhawk

Dimension	Pleo	Yokoy	Payhawk	Winner for Orcha
Real-time webhooks	Partial (Svix-powered, export-job-gated)	Server-side YES (BC consumes them), but no documented public subscription endpoint	YES (`expense.*` events, RSA-signed)	Payhawk
Export cadence	Customer-triggered Export Jobs (monthly typical)	Scheduled hourly / daily / weekly / monthly	Auto on review (expenses) / settle (payments)	Payhawk, then Yokoy, then Pleo
API access tier	Advanced plan ($109/mo+)	All plans (no tier gating)	All plans (no tier gating)	Tie: Yokoy + Payhawk
Vendor / supplier CRUD	YES (full first-class API + UI create)	YES via API/CSV/SFTP; NO via UI (ERP-as-source-of-truth design)	NO (CSV import + External ID workaround)	Pleo for completeness; Yokoy for design alignment with Orcha's role
CoA CRUD	YES (first-class)	YES (Categories API)	YES (Categories API)	Tie
Cost center / project CRUD	YES (Tags API)	YES (Cost Objects API, full CRUD documented)	YES (Custom Fields API)	Tie
Tax code CRUD	YES (first-class)	YES (Tax Rates API)	YES (Custom Fields API)	Tie
Auth	OAuth 2.0 client credentials	OAuth 2.0 client credentials	Static API key (Bearer)	Tie: Pleo + Yokoy
Rate limit	600/min (10/s)	Not publicly documented (429 supported)	15/s	Pleo and Payhawk are knowable; Yokoy is opaque
DATEV depth	One-click export, less deep on master data	Export-only via Buchungsdatenservice + Belege Online; no master-data inbound	Native bidirectional via DATEV Cloud Services / RDS 1.0	Payhawk by a wide margin
Zapier connector	YES (4 triggers + 8 actions)	NO	NO	Pleo
Workato connector	NO	NO	YES (2 triggers + 3 actions)	Payhawk
iPaaS coverage broadly	Zapier only	None	Workato + Make community	Payhawk for iPaaS; Pleo for low-code
Approval via API	NO	NO	NO	Tie
Invoice push via API	NO (primary path)	POST endpoint exists but not the happy path	NO	Tie
Acquired by larger platform	No (independent)	Yes -- TravelPerk/Perk Jan 2025	No (independent)	Pleo + Payhawk slightly less acquisition-risk
German-market depth	Good (DATEV one-click, German UI)	Strong (Zurich-HQ, DACH partner program, German UI, DATEV-listed)	Strong (DATEV native bidirectional, German UI)	Tie

The Real-Time Verification Question -- Action Required

The single most important unverified question for the customer scenario is whether Yokoy exposes a public webhook subscription endpoint that Orcha can register against. Public docs do not surface one; the Business Central connector consumes Yokoy webhooks but is itself a Yokoy-built connector with potentially privileged access.

Recommended verification path before engineering commitment:

Authenticated dev portal probe. Get OAuth credentials in a Yokoy sandbox; load https://developer.yokoy.ai/api-reference/ in a browser (it is a JS-rendered SPA that WebFetch cannot read); search the rendered swagger for webhook, subscription, event, notification. Confirm presence/absence of POST /webhooks or similar.
Direct partner channel inquiry. Contact Perk partner-program team (partners.yokoy.ai) and ask: "Is your webhook subscription API available to external customer integrators (not only first-party connectors like Business Central), and if so, what is the event catalog and signature scheme?"
If no public webhook subscription endpoint exists: Plan the integration around the hourly Export Job as the primary push mechanism. This is materially worse than Payhawk's real-time, but materially better than Pleo's monthly customer-triggered export.

Receipt URL Longevity -- Action Required

Same probe pattern as Payhawk: in a Yokoy sandbox, fetch an expense via API, capture receipt URL from response, attempt re-fetch at T+1h / T+6h / T+24h / T+7d. If TTL is short, mirror documents to Orcha storage at retrieval time; if long, rely on Yokoy URLs.

Orcha Integration Capability Summary

Orcha Need	Yokoy Support	Endpoint(s)	Confidence	Notes
Real-time card-tx ingestion	PARTIAL	Webhooks (server-side) -- subscription endpoint unverified	LOW-MEDIUM	Fallback to hourly Export Job
Hourly batch card-tx ingestion	YES	Export Job (hourly schedule)	HIGH	Documented
Full expense detail pull	YES	`GET /expenses/{id}`	HIGH	Incl. document refs, cost objects, custom values
Approver chain	YES (read-only)	Workflow embedded on expense response (status only)	MEDIUM	Approver name field availability needs probe
Raw card-tx feed (pre-match)	YES	Card Transactions resource	HIGH	Match-status visible
Receipt document URLs	YES	Documents accessible via API	MEDIUM	TTL unverified
Sync chart of accounts (write)	YES	Categories API	HIGH	Critical because DATEV doesn't push master to Yokoy
Sync cost objects / cost centers (write)	YES	Cost Objects API (full CRUD documented)	HIGH	Critical same reason
Sync tax codes (write)	YES	Tax Rates API	HIGH	Critical same reason
Sync suppliers / vendors (write)	YES (API only -- no UI create)	Suppliers API / CSV / SFTP	HIGH	Critical -- Yokoy explicitly designed for Orcha-style upstream-master pattern
Mark expense as exported	YES	Export Job PATCH	HIGH	Closes the loop
Push invoices into Yokoy	NO (not the path)	N/A	HIGH	Not needed
Trigger approvals	NO	N/A	HIGH	Read-only
Read employees	YES	Users API	HIGH	Personio sync may fill role
Read company cards	YES	Company Cards / Card Accounts	HIGH	Card metadata

8. Recommended Path Forward

Assessment: Yokoy is a Reasonable Coexistence Partner for Orcha, with Two Important Caveats

Yokoy is broadly comparable to Pleo and somewhat weaker than Payhawk on the specific gaps that motivated this customer evaluation. The strengths are:

API is free on all plans -- no Advanced-tier gating like Pleo.
Reference-data write is complete -- 4 of 4 (suppliers, categories, cost objects, tax rates), all with ERP-mapping fields. The supplier flow is API/CSV only (no UI), which is more aligned with how Orcha already operates.
OAuth 2.0 client credentials auth -- secure, scoped, revocable.
DACH market focus and German DATEV listing -- the product is built for this customer's market.

The weaknesses are:

Real-time webhook subscription is undocumented publicly. Webhooks exist server-side (Business Central confirms), but there is no published POST /webhooks/subscriptions and no enumerable event catalog. The fallback (hourly Export Job) is workable but not real-time.
DATEV integration is one-way (Yokoy -> DATEV). No master-data inbound from DATEV. This increases the case for Orcha being the reference-data sync authority into Yokoy -- but it also means that without Orcha or another upstream tool, the customer would have to maintain Yokoy reference data manually.
No published rate limits, no published pricing, no iPaaS connectors. Three transparency gaps that complicate scoping.

Recommended Architecture

[Card transactions]            [Vendor invoices]
       |                              |
       v                              v
   Yokoy   <-- ref data sync ---  Orcha (write-side: suppliers, CoA, cost objects, tax rates)
       |                              |
       |  -- hourly export / webhook (TBD) ->  Orcha (read-side: unified spend analytics)
       |                              |
       v                              v
  DATEV (Buchungsdatenservice  <-- shared books ---  DATEV (Orcha direct push)
   + Belege Online, batch)

Write side (Orcha -> Yokoy) -- this is the highest-value Orcha role here:

Push suppliers via Yokoy Suppliers API (POST) with externalId = DATEV supplier code. Initial bulk via CSV/SFTP if record count > 2000 needs chunking.
Push chart of accounts via Categories API. Map to SKR03/04/07 GL accounts. Set Yokoy account field.
Push cost objects via Cost Objects API. Use Code (ERP) for KOST1/KOST2 mapping. Push hierarchies if customer uses parent-child cost centers.
Push tax rates via Tax Rates API. Use VAT Code (ERP) for DATEV BU code. Country-scope to DE.
Schedule periodic reconciliation sweep (daily) to catch drift.

Read side (Yokoy -> Orcha):

First, verify whether public webhook subscription endpoint exists (authenticated dev portal probe + partner channel inquiry).
If webhooks accessible: subscribe to status-change events. On event, GET /expenses/{id} for full detail.
If webhooks NOT accessible: configure automatic Export Job at hourly cadence to an Orcha-side facility (API endpoint or SFTP drop). Process the drop incrementally.
For each expense: pull amount + FX + merchant + category + cost objects + tax + employee + approver status + card metadata + receipt URLs.
Mirror documents to Orcha S3 at retrieval time (default-safe pending TTL probe).

When Yokoy Integration Makes Sense

Customer migrates off Pleo for cards/reimbursements onto Yokoy: Most Pleo gaps (API tier, partial real-time via hourly export) are improved. The DATEV gap is not improved (Yokoy is also batch-export, and Yokoy is actually one-way where Pleo at least has one-click DATEV with limited master data; Payhawk wins this lane).
Customer values the Yokoy AI model and German-market focus: Yokoy's in-house ML for VAT / category prediction is a real differentiator, especially for multi-country VAT.
Customer wants a Zurich-HQ vendor with DACH partner-network coverage: Yokoy's positioning is explicit here.
Customer already uses TravelPerk for travel: Now-native trip import from Perk into Yokoy is a meaningful adjacency.

When Yokoy Is NOT the Right Fit

Customer requires bidirectional DATEV master data sync. Yokoy explicitly doesn't do this; Payhawk does.
Customer requires real-time card-tx push with documented public webhook contract. Yokoy's webhook story is opaque; Payhawk's is documented.
Customer wants iPaaS-based low-code orchestration. No Zapier / Make / Workato / Celigo / n8n connector exists.

What NOT to Build

Invoice push to Yokoy: Not needed for this customer; not the documented happy path.
Approval workflow automation in Yokoy: Not API-accessible.
Replacing Yokoy's DATEV integration: It's the only DATEV path Yokoy offers; can't be swapped.

Architecture Decision

Approach	Cost	Complexity	Value	Verdict
Write reference data (suppliers, CoA, cost objects, tax rates) via Yokoy API	$0 marginal (API is free)	Medium	HIGH -- Yokoy can't get this from DATEV	STRONGLY RECOMMENDED if customer chooses Yokoy
Read card-tx via webhook	$0 marginal	Medium-High (pending verification)	High	Recommended IF webhook subscription confirmed available
Read card-tx via hourly Export Job	$0 marginal	Low	Medium	Recommended as fallback
Mirror documents to Orcha storage	$0 marginal	Low	Medium-High	Recommended (default-safe until TTL probed)
Use iPaaS instead of direct API	iPaaS license	N/A	N/A	Not viable -- no connector exists

Pre-Implementation Verification Needed

Before any engineering commitment:

Probe public webhook subscription endpoint in an authenticated Yokoy sandbox session (developer portal SPA + authenticated swagger). Search for webhook, subscription, event resources.
Probe receipt URL TTL in a Yokoy sandbox -- same pattern as Payhawk/Pleo probes.
Confirm rate limit ceiling by hitting 429 empirically in a sandbox.
Confirm expense response shape for the specific fields the customer cares about: card last-4, virtual/physical flag, approver name (vs just status), and per-expense externalId mapping.
Confirm pricing for the Yokoy Expense module only (not the full suite) with sales -- this is the customer's actual scope.
Confirm post-acquisition API stability commitment. With the TravelPerk/Perk acquisition still recent, confirm there is no plan to merge the Yokoy and Perk API surfaces or deprecate yokoy.ai endpoints in favor of a Perk-unified API.

Recommendation Summary

For the customer scenario (DATEV + Orcha + Pleo replacement with Yokoy for cards): CONDITIONALLY YES, but Payhawk is a stronger technical fit for the exact gaps that motivated the evaluation.

If the customer chooses Yokoy regardless (because of brand, sales relationship, German-market trust, AI model, or TravelPerk adjacency):

The write-side integration (Orcha -> Yokoy reference data) is clean, well-supported, and high-value because DATEV doesn't push master data to Yokoy. Orcha is the natural authority.
The read-side integration (Yokoy -> Orcha card-tx) is viable but capped at hourly unless public webhook subscriptions are confirmed available.
The DATEV integration (Yokoy -> DATEV) is one-way batch via Buchungsdatenservice and won't be improved by Orcha; the customer's accounts converge in DATEV as normal.

Yokoy compared to Pleo on the three critical customer gaps:

Realtime: Yokoy is better than Pleo (hourly export beats monthly customer-triggered export; webhooks possibly available pending probe) but not as good as Payhawk (which has documented real-time webhooks).
API pricing tier: Yokoy solved this -- free on all plans, same as Payhawk, better than Pleo's Advanced-tier gating.
Receipt URLs: TBD -- needs empirical verification, no public claim of a 24h expiry exists, and DATEV-Belege-Online persistence suggests longer durability than Pleo's 24h.

The customer brief mentioned a "Sage acquisition in 2024." That is not factual -- Yokoy was acquired by TravelPerk in January 2025, and the parent has since rebranded to Perk. There is no Sage corporate relationship. If the customer is choosing Yokoy partly because they assume Sage backing, that assumption should be corrected.

9. Sources

Partner & Developer Program

Status & Infrastructure

Yokoy Status Page -- Expenses / Invoices / Cards / Imports/Exports / API Availability / Mobile Apps operational components
Cloudflare Radar: Yokoy Group Webhooks Bot Information

Pricing & Reviews (all confirm quote-only)

Yokoy on Capterra -- no pricing published, free trial available, 4.5/5 from 50 reviews
Yokoy on GetApp -- "No pricing info"
Yokoy on G2
Yokoy on SaaSworthy
Yokoy on SaaSworthy Pricing
Yokoy on SoftwareAdvice
Yokoy on SourceForge
Yokoy on Gartner Peer Insights

Third-Party Tooling & References

GitHub: dylanj/yokoy (unofficial Postgres sync) -- confirms base URL api.yokoy.ai/v1/, OAuth client credentials, sandbox at test.yokoy.ai, swagger.json availability, resource list

Yokoy Product Context

Yokoy: AI-powered spend management suite (redirects to perk.com)
Yokoy spend management
Yokoy Procure-to-Pay
About Yokoy web and mobile apps

Addendum 2026-05-14 — Defense, Cannibalization, Funding Model

Context for this addendum: Supplementary research for a customer-facing assessment. The customer is a German defense-sector company using Pleo (employee cards, to be replaced), DATEV (accounting), and Orcha (AP invoices). Updated customer priorities: (1) the tool must handle employee credit cards very well as the core need, (2) a good mobile app for receipt capture, (3) a strong API that Orcha can both READ and WRITE, and (4) a non-prepaid card funding model — the customer wants a charge card or credit line, not a pre-funded wallet they must top up. This addendum aligns with the methodology and verdict format of the Qonto vs Pleo defense assessment §1.

A1. Defense-Sector Posture — Verdict: AMBER (leaning AMBER-minus)

Dimension	Finding	Source
Prohibited-business / AUP exclusion of defense, arms, weapons, military goods	No explicit exclusion found — in either the Yokoy-era terms or the post-acquisition Perk terms. The Perk Terms of Use §2.2 restricts only "unlawful" use, reverse-engineering, and (§11.2) use "from any Sanctioned Country" / by sanctioned parties. There is no enumerated prohibited-industry list at all — unlike Qonto, which explicitly names "military activities, including the sale of weapons, military vehicles, and their copies." Silence is not permission: onboarding is discretionary and sits with KYB + the card issuers' own policies + Visa scheme rules.	Perk Terms of Use ; Perk Cardholder Terms ; Yokoy/Perk legal hub
Card issuer / BIN sponsor — and the issuer's own defense policy	CHANGED since the main doc — and now a stacked, three-party structure. The current Perk Cardholder Terms state: for EU, Yokoy GmbH is a partner of Modulr Finance B.V. (Netherlands, DNB-regulated EMI, FRN R182870); for UK, Yokoy GmbH is a distributor of Modulr FS Limited (FCA-regulated EMI, FRN 900573); and Transact Payments Malta Ltd / Transact Payments Ltd issue the cards under Visa Europe licence. So the customer's card spend now passes through three discretionary policy gates — Perk/Yokoy KYB, Modulr (e-money/account provider), and Transact Payments (Visa issuer). Neither Modulr nor Transact Payments publishes a defense-specific exclusion, but neither publishes a defense-friendly one either; Modulr's terms reserve the right to decline anyone whose activity "may cause Modulr reputational, regulatory, financial or operational harm." This is more issuer-stack risk than Pleo (which issues Mastercard directly under its own licence — one gate, not three).	Perk Cardholder Terms ; Modulr Terms & Conditions ; Modulr Prohibited Jurisdictions
Data hosting	EU + Switzerland. Yokoy's TOMs / privacy materials state data storage is contractually assured in the EU (Frankfurt; St. Ghislain, Belgium) and Zurich, Switzerland, AES-256 at rest, encrypted in transit, keys held by Yokoy. Swiss + EU residency is a positive for a German customer vs. e.g. a US host — but it is not German-domiciled, and post-acquisition the parent (Perk) is Barcelona-HQ'd with stated US-expansion plans, so residency commitments should be re-confirmed in the DPA at contract time.	Yokoy TOMs 2024.09 ; Yokoy Privacy Policy
Security certifications	Strongest of the vendors compared so far. Yokoy holds ISO 27001 (first awarded Nov 2022, renewed — and, unlike Qonto, scoped to the platform, not just e-invoicing), plus ISO 9001, ISO 14001, and an eIDAS QSeal certificate. Yokoy materials also claim alignment with ISO 27017, ISO 27018, and SOC 1/2/3, and GoBD compliance is separately documented. PCI-DSS applies via the card-issuing stack. No BSI C5 — the German government cloud-security catalogue most relevant to defense buyers — could be found for Yokoy (only the underlying hyperscalers hold C5).	Yokoy ISO 27001 update ; m-q.ch certification notice ; Yokoy GoBD compliance
TravelPerk/Perk acquisition — does it complicate the policy picture?	Yes, mildly. The legal surface has fully migrated to perk.com (yokoy.io 301-redirects), and the cardholder terms were rewritten around the Modulr relationship — i.e. the issuing stack itself changed post-acquisition. The parent's stated strategy is aggressive US expansion + heavy product investment, which raises the odds of further terms/issuer churn. No defense-relevant exclusion was added, but the policy picture is now spread across Perk + Modulr + Transact Payments and is in active flux.	Perk press release

Verdict: AMBER. No published defense exclusion anywhere in the Yokoy/Perk stack (better than Qonto's explicit RED-triggering ban; comparable to Pleo's silence). Mitigants: platform-scoped ISO 27001 + EU/Swiss data residency are genuinely strong and the best in the comparison set. But the risk is the three-party discretionary issuer stack (Perk KYB → Modulr → Transact Payments), none of which publishes a defense-friendly policy — that is more offboarding surface than Pleo's single direct-issuance model. As with every vendor in this assessment, the gate is "can the customer hold the account at all," and that must be confirmed in writing with Perk and surfaced to Modulr/Transact before any recommendation. No BSI C5 — if the customer's security function mandates C5, Yokoy fails that bar (so do Pleo and Qonto).

A2. Cannibalization Risk vs Orcha — Rating: HIGH

The main doc treated Yokoy Invoice as out-of-scope because this customer would only buy Yokoy Expense. That keeps the integration scope narrow, but it does not lower the strategic cannibalization risk — and on re-examination that risk is HIGH, the highest of any vendor assessed (Pleo low-medium, Qonto medium-high, Payhawk medium).

Yokoy Invoice is a direct, full-stack AP competitor — not a shallow add-on. The Perk/Yokoy Invoice product page markets AI OCR header + line-item extraction, AI "smart coding" that learns how your people code invoices, GL coding, VAT/tax compliance checks against ERP and regulatory rules, PO/goods-receipt 2- and 3-way matching, approval-workflow routing, native e-invoice standards (ZUGFeRD, XRechnung, Factur-X, PEPPOL BIS), and DATEV + ERP export. That is a feature-by-feature description of Orcha's core product, including the GoBD/DATEV German-market specifics. This is far more encroaching than Qonto's "shallow Supplier Invoices" or Pleo's invoice OCR.
It is actively invested in, not dormant. Yokoy Invoice shipped material 2025–2026 updates (smart line-item extraction + PO payment terms Aug 2025; AI document classification Jul 2025; cost-object/category auto-assignment via regex + invoice-preview-URL controls Jan 2026). The roadmap is moving toward Orcha, not away.
The TravelPerk/Perk ownership makes the trajectory worse, not better. The $200M Series E is explicitly earmarked for "significant investments into product, technology and AI" and US/mid-market expansion, and Perk sells standalone Yokoy Expense, Invoice, and Pay modules under one "intelligent spend management" platform. A customer who adopts Yokoy for cards is one upsell conversation away from Yokoy Invoice — and the vendor is funded and motivated to have that conversation.
The consolidation pitch is structurally anti-Orcha. Perk's whole narrative is "travel + expense + invoice + cards in one platform." Every customer who buys that story is predisposed to ask "why do we run a separate AP tool?" — and unlike Qonto (a bank that acquired Regate), Yokoy built its AP module in-house and has been selling it for years.

Why HIGH, not MEDIUM: the overlap is not a future possibility (Qonto/Regate) or a static lane (Pleo) — it is a mature, in-market, German-tax-aware, actively-funded AP product sold by the same vendor under the same brand. Recommending Yokoy for cards plants a credible AP competitor directly inside the customer relationship. Mitigant for Orcha's positioning: Orcha's defensible edge remains extraction depth + tax-compliance rigor + GoBD-grade coding; but that is a "depth" argument a naïve buyer may discount when they already see Yokoy → DATEV working for card receipts.

A3. API Read/Write Refresh — Confirmed, with one update

Re-verification confirms the main doc's findings; one item to flag:

READ: Confirmed. GET across expenses, invoices, trips, company cards, card transactions (raw matched/unmatched feed), suppliers, categories, cost objects, tax rates, users, legal entities. SCIM-style filtering, 100/page cursor pagination. The help center reiterates the API is for "retrieving expenses, trips, and invoices" and exporting journal entries. The authoritative swagger.json sweep again shows the full schema set for these resources.
WRITE: Confirmed. Full reference-data CRUD (POST/PATCH/DELETE) on categories, cost objects, tax rates, users; POST/PATCH bulk import for suppliers (still API/CSV/SFTP only — no UI create, the ERP-as-source-of-truth pattern that suits Orcha). FX-rate upload, expense/invoice POST, export-job trigger + mark-exported all confirmed.
Webhooks — slight positive signal, still unconfirmed. The main doc flagged that no public webhook subscription endpoint surfaced. Re-checking: a third-party API directory (apitracker.io) now lists a "Webhooks management API" for Yokoy, and the help center confirms webhooks fire for document-status changes (still described only in the context of the Business Central connector — "Yokoy communicates changes in Yokoy invoice states to Business Central using webhooks"). However, the public swagger.json sweep still shows no webhook/subscription/event paths, and the JS-rendered developer portal still cannot be read by automated fetch. Net: unchanged from the main doc — Export Jobs (hourly minimum) remain the documented, confirmable push mechanism; a usable public webhook subscription API is plausible but still must be verified via an authenticated dev-portal session or Perk partner channel before any engineering commitment.
No other API changes detected post-acquisition; yokoy.ai API/developer surfaces remain operational and Yokoy-branded.

A4. Card Funding Model + Cards/App UX

Funding model — this is a hard mismatch with the customer's stated preference. Yokoy's cards are prepaid / pre-funded, full stop. The account-funding help article is explicit: the company must manually bank-transfer funds into a Modulr-provided account (IBAN/BIC) before cards can be used; "the Card allows Card Users to access available funds that have previously been credited to the Account"; transactions are declined without sufficient balance; funds cannot be withdrawn once transferred; the only "automation" is a low-balance notification, not auto-replenish. Perk's own "Prepaid, Debit or Credit" and corporate-cards guide describe the Yokoy product as prepaid/debit-style ("funds transferred onto the card prior to usage") and nowhere offer a charge-card or credit-line option. The customer explicitly does NOT want prepaid — they want a charge card or credit line. Yokoy cannot meet this requirement. (Note: in Switzerland a UBS co-branded corporate card appears as an option, but that is region-specific and not the standard German offering, which runs on the Modulr/Transact prepaid rails.)

Cards product UX — Verdict: AMBER. Capterra (4.5/5, ~50 reviews) and other review sites give a mixed-to-decent picture: automatic transaction matching and simplified card management are praised, but recurring complaints include the expense-to-card matching being "not intuitive for end users," physical-card delivery being slow / limited-country, cards "limited to the European market," credit-note handling problems, and broken third-party card feeds (a UBS feed "hasn't worked for months"). Trustpilot is harsher (constant bugs, slow/absent support, receipts spontaneously un-matching). Solid but not best-in-class.

Mobile receipt-capture app — Verdict: AMBER-to-GREEN. This is the relative bright spot. Reviewers consistently praise the receipt photo capture and the quality of automatic data recognition ("excellent," "minimal effort," "very easy for employees"). Negatives are real but secondary: occasional iOS crashes/glitches, an Android bug where the bottom line can't be selected, a clunky default login screen, and no email-forwarding option for receipts (users explicitly asked for it). For the customer's "good mobile app for receipt capture" priority, Yokoy is adequate-to-good — the core capture flow is well-regarded, the polish is uneven.

A5. Bottom Line for This Customer

Customer priority	Yokoy result
Handle employee credit cards very well (core need)	Partial. Functional card program, AMBER UX, but see funding model.
Non-prepaid funding (charge card / credit line)	FAIL. Yokoy cards are strictly prepaid/pre-funded via a Modulr account. No charge or credit option in the German offering.
Good mobile receipt-capture app	Adequate-to-good. Capture + OCR well-reviewed; polish/bugs uneven.
Strong API Orcha can READ and WRITE	Good. Read + reference-data write both confirmed and free on all plans; real-time webhook subscription still unverified, hourly Export Job is the safe assumption.
Defense-sector viability	AMBER. No published exclusion, strong certs + EU/Swiss residency, but a three-party discretionary issuer stack (Perk → Modulr → Transact Payments) and no BSI C5.
Cannibalization risk to Orcha	HIGH. Yokoy Invoice is a mature, funded, German-tax-aware AP product directly overlapping Orcha.

Recommendation: The prepaid funding model is, on its own, a likely disqualifier against the customer's explicit "not prepaid" requirement — this should be raised with the customer before anything else. Even setting that aside, Yokoy carries the highest cannibalization risk of any vendor assessed. If the customer still wants Yokoy for non-funding reasons (AI model, DACH focus, ISO 27001), proceed only with (a) written defense pre-clearance from Perk and visibility to Modulr/Transact Payments, and (b) eyes open that the write-side reference-data integration is the high-value, low-regret part while the read-side real-time path remains unverified. For a customer who wants a charge card specifically, Yokoy is not the answer — that points back toward Payhawk (charge-card model, pending its own defense check) or a true charge/credit product.

A6. Addendum Sources

Perk Terms of Use — no prohibited-industry list; sanctions clause only
Perk Cardholder Terms — Modulr (EU partner / UK distributor) + Transact Payments issuer stack
Yokoy/Perk Legal, Security & Compliance hub
Modulr Terms & Conditions ; Modulr Prohibited Jurisdictions
Yokoy ISO 27001 update ; m-q.ch — Yokoy receives ISO 27001/9001/14001/eIDAS-QSeal
Yokoy Technical & Organizational Measures (TOMs) 2024.09 — EU (Frankfurt; St. Ghislain) + Zurich data storage
Yokoy Privacy Policy ; Yokoy GoBD compliance
Perk/Yokoy Invoice Management product page — AI extraction, smart coding, VAT compliance, ZUGFeRD/XRechnung/Factur-X/PEPPOL, DATEV/ERP export
Perk blog — AI Invoice Management
Managing account funding for your Yokoy Platinum Visa cards — explicit prepaid/pre-funding model
Perk blog — Company Cards: Prepaid, Debit or Credit ; Perk — Guide to Corporate Cards
Yokoy on Capterra — reviews (4.5/5, ~50 reviews) ; Yokoy on Trustpilot ; Yokoy on G2
apitracker.io — Yokoy API — lists a "Webhooks management API"
Yokoy API help center article ; Yokoy swagger.json
Perk press release — TravelPerk raises $200M and acquires Yokoy ; Perk blog — acquisition / next chapter in spend management