Launch

This is the initial launch of the Factuarea public platform. For the first time you can integrate Factuarea with any external system — by code, by SDK, or by AI agent — without scraping or macros. Everything below ships together.

REST API v1

The public REST API at https://api.factuarea.com/v1 exposes the full invoicing surface as plain JSON over HTTPS.

• Clients (/v1/clients) — full CRUD, search by tax ID (NIF/CIF).
• Products (/v1/products) — product catalog.
• Suppliers (/v1/suppliers) — full CRUD.
• Invoices (/v1/invoices) — CRUD + actions (send, mark-paid, annul, create-corrective, duplicate, generate-pdf).
• Quotes (/v1/quotes) — CRUD + accept, reject, convert-to-invoice.
• Pro-forma invoices (/v1/proformas) — CRUD + convert-to-invoice.
• Delivery notes (/v1/delivery_notes) — CRUD + sign, convert-to-invoice.
• Purchase invoices (/v1/purchase_invoices) — CRUD + mark-paid.
• Recurring invoices (/v1/recurring_invoices) — CRUD + pause/resume.
• VeriFactu (/v1/verifactu/*, /v1/invoices/{invoice}/verifactu) — billing records, SIF events, chain validation, subsanación, FNMT certificates and settings.
• FacturaE / FACe (/v1/invoices/{invoice}/facturae, /v1/face-submissions) — FacturaE 3.2.2 XML download and B2G submissions to FACe (submit, track, cancel).
• Tax reports (/v1/tax_reports/*) — Modelo 303/347 generation, preview and history.
• Account (/v1/account) — the authenticated account and AEAT census verification.
• Catalogs (/v1/taxes, /v1/series) — tax rates and numbering series.
• Webhooks (/v1/webhook_endpoints with nested deliveries) — subscribable events with HMAC SHA256 signing.
• Events (/v1/events, /v1/event-catalog) — historical events and the catalog of subscribable types.

Platform features:

• Authentication — API keys (Bearer or X-API-Key) in two environments, fact_live_* (production) and fact_test_* (test sandbox).
• Test mode — fact_test_* keys run against an isolated sandbox company; external effects (VeriFactu/AEAT, FACe, email, webhooks) are not executed, so you can build and test without touching production data.
• Opaque identifiers — every resource exposes an id key whose value is a UUID v7, with foreign keys as *_id.
• Cursor pagination — starting_after / ending_before, no ?page=.
• Idempotency — the Idempotency-Key header (max 64 chars) with a 24h TTL.
• Rate limits — per-tier quotas with X-RateLimit-* headers.
• Normalized errors — the { error: { type, code, message, request_id, doc_url } } envelope.
• Signed webhooks — HMAC SHA256 with ±5min tolerance and exponential retries up to 8 attempts.
• Docs portal — docs.factuarea.com, self-hosted with Next.js + Fumadocs and auto-rendered OpenAPI.

/v1 stays stable for at least 24 months; any breaking change lives in /v2 with a coexistence window of at least 12 months.

Official SDKs — TypeScript & PHP

Maintained SDKs wrap the full v1 REST API with a premium runtime, so you don't hand-roll HTTP. See the SDKs section.

• TypeScript / Node.js — @factuarea/sdk on npm. Dual ESM + CommonJS, full type declarations, Node 20+ (and Deno / Bun / Workers). Source: github.com/factuarea/factuarea-node.
• PHP — factuarea/factuarea-php on Packagist. PSR-4, Guzzle-based, PHP 8.2+. Source: github.com/factuarea/factuarea-php.

npm install @factuarea/sdk
composer require factuarea/factuarea-php

Both share the same runtime: automatic retries (with backoff, honouring Retry-After), automatic idempotency keys, cursor auto-pagination, a typed error hierarchy, constant-time webhook verification, and binary (PDF) downloads. Every page in the API reference shows a ready-to-copy TypeScript, PHP and cURL snippet. Each release pins one Factuarea-Version and sends it on every request.

MCP server for AI agents

The MCP server at https://mcp.factuarea.com exposes the public API as 218 Model Context Protocol tools, so AI agents (Claude and others) discover and call them without you wiring each endpoint.

• Two auth channels — an API key (fact_live_ / fact_test_) for the account owner (up to all 218 tools), or OAuth 2.1 for third-party apps (a curated 204-tool catalog). See Connecting a client.
• Full OAuth 2.1 — Dynamic Client Registration (RFC 7591), PKCE (S256), a consent screen with company and environment selection, refresh-token rotation with reuse detection, plus revocation and introspection.
• Scope-governed — every tool enforces a fine-grained scope; tools you can't reach are hidden from tools/list. See Scopes & permissions.
• v1-faithful errors — JSON-RPC errors preserve the same code and http_status as the REST API. See Errors & rate limits.
• Claude Code — the official factuarea-mcp plugin connects in two commands.
• Test mode — drive everything against the isolated sandbox. See Test mode.

Start in test mode

The golden rule across all three surfaces: start in test mode. Build against a fact_test_ key (or an OAuth consent with the Test environment), then switch to fact_live_ — no code changes. Welcome to the integrations era in Factuarea.