Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Eseperio/verifactu-php/llms.txt

Use this file to discover all available pages before exploring further.

What Is VERI*FACTU?

VERI*FACTU is Spain’s mandatory digital invoice control system, established by Real Decreto 1007/2023. It requires businesses and self-employed individuals using invoicing software to submit cryptographically signed, hash-chained invoice records to the Spanish Tax Agency (AEAT — Agencia Estatal de Administración Tributaria) in real time. The regulation is part of Spain’s broader effort to combat tax fraud by creating an auditable, tamper-evident chain of all invoices generated by a computer system. The name itself — VERI*FACTU — is derived from verificable factura (“verifiable invoice”).
The VERI*FACTU obligation has been delayed. The current timeline is 2027 for companies and 1 July 2027 for self-employed individuals. Despite the delay, integrators building invoicing software should prepare now, as the homologation process with AEAT takes time.

Who Is Affected?

The regulation applies to:
  • Spanish companies (sociedades) that use computer systems to issue invoices
  • Self-employed individuals (autónomos) who use invoicing software
  • Software providers who develop or distribute invoicing applications used in Spain (they must register their system with AEAT)
If you are building or maintaining an invoicing system used by Spanish businesses, you are responsible for ensuring that the system complies with the VERI*FACTU technical specification.
Understanding these terms from the regulation will help you work with the library correctly.
TermDescription
RegistroAltaAn invoice registration record. Submitted when a new invoice is issued.
RegistroAnulaciónAn invoice cancellation record. Submitted when a previously registered invoice is cancelled.
SistemaFacturacionThe computer invoicing system — the software that generates invoices. Each system must be registered with AEAT.
HuellaThe SHA-256 hash of an invoice record. Each record includes the hash of the previous one, forming a chain.
CSVCódigo Seguro de Verificación — a verification code returned by AEAT after a successful submission. Printed on the invoice.
QR CodeA QR code printed on every invoice, encoding a URL that allows recipients to verify the invoice on the AEAT portal.
EncadenamientoThe chaining block inside each record that links it to the previous invoice via its hash.

What This Library Handles

The eseperio/verifactu-php library covers the full submission lifecycle:
  • Invoice registration (RegistroAlta) — submitting new invoices to AEAT
  • Invoice cancellation (RegistroAnulación) — cancelling previously registered invoices
  • Querying submitted invoices from the AEAT registry
  • Hash (huella) generation — calculating the SHA-256 hash using the official AEAT field ordering
  • XML serialisation — building the XML structures that strictly match the AEAT XSDs
  • Digital signing — XAdES Enveloped signature using your PFX/P12 certificate
  • SOAP transport — communicating with AEAT’s SOAP web service with certificate-based authentication
  • QR code generation — producing AEAT-compliant QR codes for printing on invoices
  • Error translation — mapping AEAT numeric error codes to human-readable messages
This library is not an invoicing system. It does not generate invoices, calculate taxes, or manage invoice numbering. You are responsible for building the InvoiceSubmission model with correct data before calling the library. Use of this library in production is at your own risk — always verify correct operation against the official AEAT technical specification and test in the sandbox environment first.

What It Does Not Handle

  • Non-VERI*FACTU signed transactions (e.g. invoices issued outside of invoicing software)
  • SII (Suministro Inmediato de Información) — a separate VAT reporting obligation
  • Invoice PDF generation or printing
This library supports verifactu transactions only. For non-verifactu signed transactions, such as those required when not using invoicing software, you will need a different library.

Environments

AEAT provides two environments for VERI*FACTU:
EnvironmentPurpose
ProductionReal submissions to AEAT. CSVs returned are legally valid.
Sandbox (Homologation)Testing and certification. Submissions are not legally binding.
During development and integration testing you must use the sandbox. Before going live, your software system must pass AEAT’s homologation process.

SOAP Endpoints

The library automatically selects the correct SOAP endpoint based on your certificate type and environment. The four endpoint constants defined in Verifactu.php are:
ConstantURL
Verifactu::URL_PRODUCTIONhttps://www1.agenciatributaria.gob.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP
Verifactu::URL_PRODUCTION_SEALhttps://www10.agenciatributaria.gob.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP
Verifactu::URL_TESThttps://prewww1.aeat.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP
Verifactu::URL_TEST_SEALhttps://prewww10.aeat.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP
You do not need to specify these URLs directly — they are resolved automatically when you call Verifactu::config(). See Certificates for details on certificate types and how they affect endpoint selection.

Quick Start: Configuring the Library

use eseperio\verifactu\Verifactu;

Verifactu::config(
    '/path/to/your-certificate.pfx', // Path to your PFX/P12 certificate
    'your-certificate-password',      // Certificate password
    Verifactu::TYPE_CERTIFICATE,      // TYPE_CERTIFICATE or TYPE_SEAL
    Verifactu::ENVIRONMENT_SANDBOX    // ENVIRONMENT_PRODUCTION or ENVIRONMENT_SANDBOX
);
This single call configures the SOAP endpoint, certificate credentials, and QR verification URL for all subsequent operations. See the Workflow page for what happens next.

Build docs developers (and LLMs) love