Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Eseperio/verifactu-php/llms.txt

Use this file to discover all available pages before exploring further.

The Verifactu PHP library must be configured once before any operation. Configuration tells the library which digital certificate to use, whether you are targeting the AEAT production system or the homologation (sandbox) environment, and how to reach the correct SOAP endpoint.

The Verifactu::config() Method

The primary entry point for configuration is the static Verifactu::config() facade method. Call it at application bootstrap — before any invoice registration, cancellation, or query.
use eseperio\verifactu\Verifactu;

Verifactu::config(
    string $certPath,      // Absolute path to your PFX/P12 certificate file
    string $certPassword,  // Password protecting the certificate file
    string $certType,      // Verifactu::TYPE_CERTIFICATE or Verifactu::TYPE_SEAL
    string $environment    // Verifactu::ENVIRONMENT_PRODUCTION or Verifactu::ENVIRONMENT_SANDBOX
);
Internally Verifactu::config() resolves the correct SOAP endpoint URL and QR verification URL based on the $certType and $environment arguments, then delegates to VerifactuService::config().

Constants Reference

Certificate Type Constants

ConstantValueWhen to Use
Verifactu::TYPE_CERTIFICATE'certificate'Personal or company X.509 certificate
Verifactu::TYPE_SEAL'seal'Sello electrónico (seal certificate) issued to a legal entity

Environment Constants

ConstantValueWhen to Use
Verifactu::ENVIRONMENT_PRODUCTION'production'Live submissions to AEAT — real fiscal obligations
Verifactu::ENVIRONMENT_SANDBOX'sandbox'AEAT homologation environment — safe for testing

SOAP Endpoint URLs

The library automatically selects one of the four official AEAT endpoints based on your certificate type and environment. The raw URL constants are available on the Verifactu class if you ever need to reference them directly:
// Production — standard certificate
Verifactu::URL_PRODUCTION
// => 'https://www1.agenciatributaria.gob.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP'

// Production — seal certificate
Verifactu::URL_PRODUCTION_SEAL
// => 'https://www10.agenciatributaria.gob.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP'

// Sandbox (homologation) — standard certificate
Verifactu::URL_TEST
// => 'https://prewww1.aeat.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP'

// Sandbox (homologation) — seal certificate
Verifactu::URL_TEST_SEAL
// => 'https://prewww10.aeat.es/wlpl/TIKE-CONT/ws/SistemaFacturacion/VerifactuSOAP'

QR Verification URLs

QR codes embedded in invoices point to one of these AEAT validation portals. The library sets the correct base URL automatically when you call Verifactu::config():
// Production QR verification
Verifactu::QR_VERIFICATION_URL_PRODUCTION
// => 'https://www2.agenciatributaria.gob.es/wlpl/TIKE-CONT/ValidarQR'

// Sandbox QR verification
Verifactu::QR_VERIFICATION_URL_TEST
// => 'https://prewww2.aeat.es/wlpl/TIKE-CONT/ValidarQR'

Configuration Examples

The recommended approach for most applications — let the facade pick the right URLs automatically.
use eseperio\verifactu\Verifactu;

// Production with a standard certificate
Verifactu::config(
    '/var/secrets/company-certificate.p12',
    env('VERIFACTU_CERT_PASSWORD'),
    Verifactu::TYPE_CERTIFICATE,
    Verifactu::ENVIRONMENT_PRODUCTION
);

// --- or --- Sandbox with a seal certificate (e.g. during development)
Verifactu::config(
    '/var/secrets/test-seal.p12',
    env('VERIFACTU_CERT_PASSWORD'),
    Verifactu::TYPE_SEAL,
    Verifactu::ENVIRONMENT_SANDBOX
);
Once configured, every subsequent call to Verifactu::registerInvoice(), Verifactu::cancelInvoice(), Verifactu::queryInvoices(), and Verifactu::generateInvoiceQr() will use this configuration automatically.

Using a .env File for Credentials

Store sensitive certificate details in an environment file rather than in source code. The library ships with a .env.example template:
cp .env.example .env
Then populate .env:
#############################################
#          PRODUCTION CONFIG (AEAT)         #
#############################################

# Path to your certificate (P12/PFX)
VERIFACTU_CERT_PATH=/path/to/your/certificate.p12
# Certificate password
VERIFACTU_CERT_PASSWORD=your_certificate_password
# Certificate type: 'certificate' or 'seal'
VERIFACTU_CERT_TYPE=certificate
# Environment: 'production' or 'sandbox'
VERIFACTU_ENVIRONMENT=production
Load the values at application startup with vlucas/phpdotenv (already a library dependency) or your framework’s own env loader, then pass them to Verifactu::config():
use eseperio\verifactu\Verifactu;
use Dotenv\Dotenv;

$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->load();

Verifactu::config(
    $_ENV['VERIFACTU_CERT_PATH'],
    $_ENV['VERIFACTU_CERT_PASSWORD'],
    $_ENV['VERIFACTU_CERT_TYPE'],       // 'certificate' or 'seal'
    $_ENV['VERIFACTU_ENVIRONMENT']      // 'production' or 'sandbox'
);
Never hardcode certificate paths or passwords directly in PHP source files or commit them to version control. Use environment variables, a secrets manager, or a .env file that is excluded from Git via .gitignore.

Production vs Sandbox

Sandbox (ENVIRONMENT_SANDBOX)Production (ENVIRONMENT_PRODUCTION)
PurposeAEAT homologation — validate integrationSubmit real invoices with fiscal effect
CertificateTest or real certificate acceptedOnly valid AEAT-issued certificates
Data persisted?No — test data is discardedYes — permanent fiscal record
QR URLprewww2.aeat.es/…/ValidarQRwww2.agenciatributaria.gob.es/…/ValidarQR
SOAP hostprewww1.aeat.es / prewww10.aeat.eswww1.agenciatributaria.gob.es / www10.agenciatributaria.gob.es
Use the sandbox environment for all development, CI pipelines, and acceptance testing. Switch to ENVIRONMENT_PRODUCTION only once your integration is fully validated and you are ready to submit live invoices.
Invoices submitted to ENVIRONMENT_PRODUCTION create real, legally binding fiscal records with the AEAT. There is no undo — cancellations must be submitted as separate InvoiceCancellation records.

Build docs developers (and LLMs) love