The Company API is the control plane for every tenant-level setting in Eme2App. A singleDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/eme2dev/Eme2App/llms.txt
Use this file to discover all available pages before exploring further.
empresa record holds the company’s legal identity (name, NIF, address), outbound email configuration (SMTP provider and credentials), the company logo stored as a base64 string, fiscal advisory details, arbitrary key/value parameters, numeric counters used for invoice and document numbering, and the AEAT digital certificate required for electronic VAT submissions. Most write endpoints are restricted to users with role admin; read endpoints are available to any authenticated user belonging to the company.
Authentication
All endpoints require a JWT in theAuthorization header. Admin-only endpoints are noted in the table below.
Endpoints
| Method | Path | Role | Description |
|---|---|---|---|
GET | /api/empresa | any | Get current company profile |
POST | /api/empresa | admin | Create or update company |
PUT | /api/empresa | admin | Update company |
PUT | /api/empresa/logo/upload | admin | Upload company logo (base64) |
POST | /api/empresa/probar-email | admin | Test SMTP configuration |
GET | /api/empresa/paises | any | Country catalog |
GET | /api/empresa/asesoria | any | Get fiscal advisory data |
PUT | /api/empresa/asesoria | admin | Save fiscal advisory data |
GET | /api/empresa/parametros | any | List company parameters |
POST | /api/empresa/parametros | admin | Save a parameter |
DELETE | /api/empresa/parametros/:parametro | admin | Delete a parameter |
GET | /api/empresa/contadores | any | List counters |
POST | /api/empresa/contadores | admin | Save a counter |
DELETE | /api/empresa/contadores/:campo | admin | Delete a counter |
POST | /api/empresa/recalcular-cuentas-contables | admin | Recalculate accounting codes |
POST | /api/empresa/exportar-cuentas-contables/excel | admin | Export accounting codes to Excel |
POST | /api/empresa/enviar-resumen-cuentas | admin | Email accounting code summary |
GET | /api/empresa/aplicaciones-asesoria | any | List fiscal advisory applications |
GET | /api/empresa/certificado | admin | Get AEAT certificate info |
POST | /api/empresa/certificado | admin | Upload AEAT PFX/P12 certificate |
DELETE | /api/empresa/certificado | admin | Remove AEAT certificate |
GET /api/empresa
Returns the full company profile for the authenticated user’sempresa_id (read from the JWT). The smtp_pass field is never included in any response.
Response 200
UUID of the company record.
Legal company name.
Trading name / brand name. Appears on invoices when set.
Company tax identification number (NIF/CIF).
Primary contact email address.
Contact phone number.
Company logo encoded as a base64 data URI. Included directly in PDF generation — no separate asset URL is needed.
Configured SMTP provider. One of
gmail, outlook, brevo, custom, or null when not configured.Whether invoice series numbering is enabled for this company.
Default number of rows per page in data tables (stored as
pagesize_default; normalised to pageSize_default in API responses).Number of digits used in the chart of accounts codes (default 8).
POST /api/empresa
Creates the company record if none exists, or updates the existing one. BothPOST and PUT call the same underlying guardarEmpresa function.
Body parameters
Legal company name. Cannot be an empty string if provided.
Trading name. Pass
null to clear.Company NIF/CIF. Unique across all companies in the database.
Primary contact email. Must be a valid email format.
Contact phone number.
Street address.
Postal code.
City / municipality.
Province.
Company website URL.
Enable invoice series numbering.
One of
gmail, outlook, brevo, or custom.SMTP server hostname. Required when
smtp_provider is custom.SMTP port (1–65535). Required when
smtp_provider is custom.Use TLS/SSL on the SMTP connection.
SMTP authentication username.
SMTP authentication password. Stored encrypted; never returned in API responses. If omitted or blank on an update, the existing stored password is preserved.
Sender address shown in the
From: header of outbound emails.Default rows per page for data tables. Stored as an integer; defaults to
25.Response 201
PUT /api/empresa
Identical toPOST /api/empresa in behaviour (same controller function). Returns HTTP 200 instead of 201. Use this when you know the company record already exists.
PUT /api/empresa/logo/upload
Replaces the company logo with a new base64-encoded image. The image is stored directly in thelogo column of the empresa table and returned in all company profile responses as logo_base64.
Body parameters
Base64-encoded image string, typically prefixed with a data URI scheme (
data:image/png;base64,...). Missing or empty value returns a 400 error.Response 200
POST /api/empresa/probar-email
Sends a test email using the SMTP settings in the request body. You can pass settings before saving them to verify the configuration is working. Ifsmtp_pass is blank, the currently stored password is used — useful for testing after an update where only non-credential fields changed.
Body parameters
Recipient email address for the test message. Must be a valid email format.
One of
gmail, outlook, brevo, or custom.SMTP host (required for
custom provider).SMTP port (1–65535).
Use TLS/SSL.
SMTP username.
SMTP password. If blank, the saved company password is used automatically.
Sender address.
Response 200
Response 400
GET /api/empresa/paises
Returns the global read-only country catalog. Values are shared across all companies and are not filterable. Use theid to populate the pais_id field on client and supplier records.
Response 200
Fiscal advisory (asesoría)
GET /api/empresa/asesoria
Returns the fiscal advisory contact and configuration stored for the authenticated company.Response 200
PUT /api/empresa/asesoria
Saves or replaces the fiscal advisory data. Requiresadmin role.
Advisory contact email. Must be a valid email format if provided.
Response 200
Parameters
Company parameters are free-form key/value pairs used to store configuration flags, integration tokens, or any per-company settings that do not have a dedicated column.GET /api/empresa/parametros
Returns all parameters for the authenticated company.Response 200
POST /api/empresa/parametros
Creates or updates a parameter (upsert). Requiresadmin role.
Unique key name for the parameter. Whitespace-trimmed; cannot be blank.
Human-readable description of what this parameter controls.
Value to store. Always coerced to a string.
Response 200
DELETE /api/empresa/parametros/:parametro
Removes a parameter by its key name. Requiresadmin role.
Key name of the parameter to delete.
Response 200
Counters
Counters drive the automatic numbering of invoices, budgets, clients, suppliers, and other sequential documents. Each counter is identified by acampo name and holds an integer valor.
GET /api/empresa/contadores
Returns all counters for the authenticated company.Response 200
POST /api/empresa/contadores
Creates or updates a counter (upsert). Requiresadmin role.
Name of the counter (e.g.
facturas, clientes, proveedores). Whitespace-trimmed; cannot be blank.New integer value for the counter. Must be zero or a positive integer.
Response 200
DELETE /api/empresa/contadores/:campo
Removes a counter record. Requiresadmin role.
Name of the counter to delete.
Response 200
Accounting codes
POST /api/empresa/recalcular-cuentas-contables
Recalculates all client and supplier sub-ledger account codes using a given number of digits for the chart of accounts. The operation updatescuenta_contable_ventas on all clients and cuenta_contable_compras on all suppliers in the company. Requires admin role.
Number of digits for sub-ledger account codes. Must be an integer between
6 and 12 inclusive. Values outside this range return a 400 error.Response 200
POST /api/empresa/exportar-cuentas-contables/excel
Generates and downloads an XLSX file summarising the current accounting code assignments. The response is a binaryapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheet file, not a JSON envelope. Requires admin role.
Array of accounting row objects to include in the export. Pass an empty array
[] to produce an empty template.Number of digits used in the account codes, shown in the file header.
Content-Disposition: attachment; filename="cuentas_contables_YYYY-MM-DD.xlsx".
POST /api/empresa/enviar-resumen-cuentas
Sends the accounting code recalculation summary to an email address. The email is delivered using the company’s own SMTP configuration and contains a plain-text report listing each client and supplier row with its old and new account code (or any error that occurred during recalculation). Requiresadmin role.
Recipient email address for the summary report. Returns
400 when omitted or blank.Array of accounting row objects produced by
POST /api/empresa/recalcular-cuentas-contables. Each row should include tipo, codigo_numerico, nombre, nif, cuenta_anterior, cuenta_nueva, and optionally error. Defaults to an empty array when omitted.Number of digits used in the account codes; shown in the email subject line.
Response 200
Response 400 — missing destination
Fiscal advisory applications
GET /api/empresa/aplicaciones-asesoria
Returns the global list of registered fiscal advisory application integrations. This is a read-only catalog shared across all companies — it is not filtered byempresa_id. Use the returned id values to populate the aplicacion_id field when saving advisory data via PUT /api/empresa/asesoria. Available to any authenticated user.
Response 200
Array of fiscal advisory application objects. Each entry includes
id, nombre, and clave_exportacion.AEAT Certificate
The AEAT certificate section manages the X.509 digital certificate (PFX/P12 format) used for Spanish tax authority electronic submissions. The certificate is converted to PEM internally, stored encrypted, and only metadata is returned — the private key and PEM bytes are never exposed through the API.GET /api/empresa/certificado
Returns metadata about the currently stored AEAT certificate. Returnsdatos: null if no certificate has been uploaded. Requires admin role.
Response 200 — certificate present
Full subject distinguished name from the certificate.
Organisation name extracted from the certificate subject.
NIF extracted from the certificate’s
serialNumber field. Compare with empresa_nif to verify the certificate belongs to the correct company.NIF stored on the company profile, for easy comparison.
Certificate validity start date (ISO 8601).
Certificate expiry date (ISO 8601).
Certificate serial number in hex.
Response 200 — no certificate
POST /api/empresa/certificado
Uploads a new AEAT digital certificate. The file must be in PFX or P12 format and must not exceed 5 MB. The server converts the PFX to PEM using the provided passphrase and stores the result encrypted. Any previously stored certificate is replaced. Requiresadmin role.
The request must use multipart/form-data encoding.
The PFX or P12 certificate file. Maximum size: 5 MB. File extension must be
.pfx or .p12; any other extension returns a 400 error.Passphrase used to decrypt the PFX container. Leave empty if the certificate has no passphrase.
Response 200
Response 400 — wrong file type
Response 400 — wrong passphrase / corrupt file
After uploading, verify that
datos.nif matches datos.empresa_nif. A mismatch means the certificate was issued for a different tax number than the one configured on the company profile, which will cause AEAT submissions to be rejected.DELETE /api/empresa/certificado
Permanently removes the stored AEAT certificate and all associated data. Requiresadmin role.
Response 200
Error reference
| HTTP status | estado | Typical mensaje |
|---|---|---|
400 | error | "Logo base64 requerido" |
400 | error | "Dígitos inválidos (6-12)" |
400 | error | "El archivo debe tener extensión .pfx o .p12" |
400 | error | "El valor debe ser un número positivo" |
400 | error | "Debes indicar un email de destino valido" |
400 | error | Validation error details from express-validator |
404 | error | "Empresa no encontrada" |
500 | error | Internal server error message |