VeriFactuAPI uses token-based authentication. Every request to the API must carry a valid Bearer token in itsDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/NemonInvocash/verifactu-php/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header. verifactuPHP handles this for you — when you instantiate ClienteVerifactu, the constructor immediately calls the private logIn() method, exchanges your credentials for a token, and stores it internally. By the time the constructor returns your object is ready to make authenticated API calls without any extra steps.
How it works
The login flow consists of three steps that happen transparently inside the constructor:POST to /api/login
The constructor sends a JSON request to
https://app.verifactuapi.es/api/login containing your email and password.Token extracted and stored
The library reads the
token field from the JSON response and stores it in the private $token property.Instantiating the client
Pass your VeriFactuAPI account email and password directly to the constructor. Authentication happens immediately — there is no separateconnect() or authenticate() call to make.
You need a VeriFactuAPI account to obtain credentials. Register at https://verifactuapi.es/.
Error handling
If the login request fails — due to incorrect credentials, a network error, or an unexpected server response — the constructor throws a standard PHPException. Wrap instantiation in a try/catch block to handle failures gracefully.
"Error inesperado: No se ha recibido token"— the server responded with HTTP 200 but did not include atokenfield in the JSON body. Internally, the library throws a plainException("No se ha recibido token")inside thetryblock, which is immediately caught by the outercatch (Exception $e)handler and re-wrapped with the"Error inesperado: "prefix before being re-thrown."Error en la solicitud: ..."— a GuzzleRequestExceptionwas thrown (e.g. HTTP 401, network timeout)."Error inesperado: ..."— any other unexpected exception caught during the login attempt.
Token management
Once authenticated, you can read the stored token at any time usinggetToken(). This is useful if you need to inspect the token for debugging or pass it to another system.
$token property and is automatically included in the Authorization: Bearer header of every API request made by the client.
Updating credentials
If you need to switch the account credentials associated with an existing client instance — for example, to re-authenticate under a different user — use the setter methods. Note that calling these methods does not automatically trigger a new login; you would need to re-instantiate the client.SSL certificate verification is disabled by default (
'verify' => false) in all HTTP requests made by this library, including the login call. This is a library-level default intended to simplify local development and testing environments. In production, you should evaluate whether this setting is appropriate for your infrastructure and consider overriding the Guzzle client configuration if stricter TLS validation is required.
