Saltar al contenido principal
The EasyVerifactu API authenticates every request with an API key. There are no unauthenticated endpoints.

Send your key as a bearer token

Pass the key in the Authorization header on every request: 
Authorization: Bearer <your-api-key>
A request without a valid key is rejected with a 401 and the unauthorized error code. See Errors.

Keys are scoped to one environment

Each key belongs to a single environment:
  • A test key only reads and writes test data.
  • A live key only reads and writes real data.
The two never mix. A test key cannot see an invoice created with a live key, and the reverse is also true. This lets you build and test against the same API surface without touching real fiscal data.

Keep keys secret

Treat an API key like a password:
  • Send it only over HTTPS, which the API requires.
  • Store it as a server-side secret, never in client-side code or a public repository.
  • Rotate a key if it may have been exposed.

Where to get a key

Create and revoke keys from your EasyVerifactu account:
  1. Go to Settings → API Keys.
  2. Click New key and give it a descriptive name.
  3. Copy the key when it is shown. It is displayed only once.
The key prefix tells you its environment: ev_test_ for test, ev_live_ for live.