VERI*FACTU - Spain Electronic Invoicing (Royal Decree 1007/2023)

VERI*FACTU for Dolibarr — Electronic Invoicing compliant with Spanish Royal Decree 1007/2023

VERI*FACTU is the professional Dolibarr module that implements the invoice verification and validation system required by Spanish tax regulations. It fully complies with Royal Decree 1007/2023 on Computerized Invoicing Systems (SIF), enabling automatic telematic submission of invoices to the Spanish Tax Agency (AEAT), automatic QR code generation, digital certificate signing, and complete fiscal traceability for every issued invoice.

Developed by EasySoft Tech S.L., a registered software producer under anti-fraud regulations, the module ensures your business meets all legal obligations for electronic invoicing in Spain — whether you are a company (mandatory from January 1, 2027) or a self-employed professional (mandatory from July 1, 2027).

⚖️ What is VERI*FACTU and why do you need it?

The VERI*FACTU system, established by Royal Decree 1007/2023, requires all Spanish entrepreneurs and professionals to use Computerized Invoicing Systems (SIF) that guarantee the integrity, conservation, accessibility, legibility, traceability and immutability of invoicing records. This module turns your Dolibarr into a compliant SIF that automatically submits each invoice to AEAT at the moment of validation.

📋 Feature Overview

🚀 Automatic Submission to AEAT

When you validate an invoice in Dolibarr, the module intercepts the process through triggers and:

1. 📋 Validates fiscal data: Issuer and recipient NIF/CIF, invoice type, tax regime key, operation qualification and applied taxes.
2. 🔏 Generates digital signature: Builds signed SOAP XML with your digital certificate (FNMT, AEAT or compatible).
3. 🔗 Chains with previous invoice: Computes SHA-256 linked hash ensuring traceability and immutability.
4. 📡 Submits to AEAT: Secure SOAP/TLS transmission to the Spanish Tax Agency web service (test or production).
5. 📥 Processes response: Stores status (Correct, Partially Correct, Incorrect), response CSV and submission details.
6. 📊 Generates QR code: AEAT-compliant QR with verification URL, issuer NIF, invoice number and total amount.

The entire process is transparent to the user: just validate the invoice as usual and VERI*FACTU handles the rest.

📱 QR Code on PDF and ODT Invoices

• ✅ Automatic generation: QR code generated upon AEAT submission, no user intervention needed.
• ✅ 3 available sizes: 30mm, 35mm and 40mm, compliant with official AEAT specification (30-40mm).
• ✅ Configurable position: Custom X/Y position or predefined positions (left, center, right).
• ✅ Compatible with ANY PDF template: The QR is automatically injected into all Dolibarr PDF templates (not just the built-in one), thanks to the afterPDFCreation hook. Also compatible with ODT.
• ✅ Verifiable text below QR: Optional visible verification URL for manual validation.
• ✅ TakePos (POS) support: QR code also on point-of-sale tickets.
• ✅ Transparent image on drafts: Unsent invoices show clean space instead of placeholders.

🔐 Digital Certificate and Signing

• ✅ PKCS#12 certificates: Full support for .pfx and .p12 files (FNMT, AEAT, certificate authorities).
• ✅ Automatic extraction: Module extracts private key and public certificate automatically.
• ✅ Native PHP method: Uses openssl_pkcs12_read() as primary method, with OpenSSL external fallback.
• ✅ Works without exec(): Functions on servers with exec() disabled (shared hosting).
• ✅ Protected fields: Passwords and private keys masked with show/hide toggle.
• ✅ Remote certificate server: Option to host certificate on external server via secure API (Cloudflare Tunnel).
• ✅ SSL verification enabled: AEAT communications with verify_peer active preventing MITM attacks.
• ✅ Encrypted storage: Private keys stored encrypted in database with dolEncrypt()/dolDecrypt().
• ✅ Visual certificate card: Selector with detailed information: subject, issuer, validity dates, expiration countdown and components.
• ✅ Certificate cache: Cache system with manual purge option to optimize performance.
• ✅ Multi-platform support: Compatible with Windows and Linux, automatically detecting system capabilities.

✅ NIF/CIF Verification against AEAT

• 🔍 Individual and bulk verification: Query NIF/CIF against AEAT's VNifV2 service.
• 🟢 Automatic badge on third-party card: Shows verification status when opening customer/supplier card.
  • 🟢 Green: NIF verified and name correct
  • 🟡 Yellow: Valid NIF but different name in census
  • 🟠 Orange: Entity deregistered
  • 🔴 Red: NIF revoked or not identified
• 🔧 "Correct" button: Updates third-party name with the one registered in AEAT census.
• 📋 Bulk mode: Verify multiple NIFs at once with NIF;Name format.

🇪🇺 VIES and ROI Verification (Intra-Community)

• 🌍 VIES: Intra-community VAT number verification against the European Commission VIES system (27 EU countries).
• 🏭 ROI: Spanish Intra-Community Operators Registry query (requires digital certificate).
• 🔵 Automatic VIES badge on foreign third parties: Automatically verifies tva_intra against VIES.
• 📋 Individual and bulk mode: Unified interface with standard Dolibarr tabs.

📊 Simplified Invoices (POS / TakePos)

• ✅ Native TakePos integration: POS-generated invoices automatically sent as simplified invoices (F2).
• ✅ Dedicated numbering mask: Independent series for simplified invoices.
• ✅ Foreign customers: Simplified invoices without recipient identification (as per regulations).
• ✅ Simplified credit notes: Automatic detection of corrective type (normal vs. simplified), even in older Dolibarr versions.
• ✅ QR on tickets: Configurable QR for POS tickets.

🔄 Bulk Validation and Robustness

• 🛡️ Isolated transactions: Each validated invoice has its own BEGIN/COMMIT/ROLLBACK. If one fails, others are not affected.
• 🔄 Retry cronjob: Scheduled task that automatically resubmits invoices with connection errors.
• 🏭 Safe recurring invoices cronjob: Replaces standard Dolibarr task with individual transactions per step (create, validate, PDF, triggers).
• 📋 Typed exception hierarchy: AeatConnectionException, AeatResponseException, CertificateException, ValidationException with clear user messages.
• ⏱️ Timeouts and WSDL cache: 30s timeout connections and disk+memory WSDL cache to avoid redundant downloads.

� Notification and Alert System

• 🔔 Bell icon in top bar: Permanent indicator in the Dolibarr menu bar with direct access to module status.
• 📢 Server push alerts: Real-time notifications with 3 priority levels (normal, high, critical), each with differentiated colors.
• 🆕 Available update notification: The module automatically checks for new versions and alerts the administrator.
• 🌡️ Environment indicator: Clearly shows whether you are in TEST or PRODUCTION mode, with a countdown to the mandatory date.
• 📊 Visible module version: Tooltip with version info, environment and direct links to configuration.
• 🔗 Direct download link: Administrators can access update downloads directly from the notification.

📥 Integrated Module Updater

• 🔄 Remote version check: Checks the latest available version against EasySoft's update server.
• 📥 Direct download from Dolibarr: Downloads the update package without leaving the ERP interface.
• 🔐 Integrity verification: Compares the downloaded package hash to ensure it has not been tampered with.
• 💾 Automatic backup: Before applying the update, an automatic backup of the current module is created.
• 📋 Download file management: View with date, size and available actions for each download.
• ⚠️ Error handling: Descriptive messages for HTTP errors (200/400/403) during download.

📊 Dashboard / Control Panel

• 🎨 Modern design with animated cards: Main panel with CSS animations (fadeInUp) and professional gradients.
• 📋 3 main navigation cards: Issued Invoices, AEAT Query and FAQ, with direct access to each section.
• 🔑 License status: Prominent display of activation status with clear messages.
• 🔐 Digital certificate status: Certificate validation information with expiration countdown.
• 🖥️ Certificate server status: Local/remote certificate server indicator.
• 📱 Responsive design: Grid layout adaptable to any screen resolution.

👻 Phantom Invoice Detector

• 🔍 Dedicated admin tool: Exclusive page for detecting "phantom" invoices (sent to AEAT but not properly validated in the ERP).
• 📅 Month and year filter: Period-scoped search to facilitate detection.
• 🔄 Individual sync: Repairs a specific invoice using its ExternalRef as a unique identifier with AEAT.
• 🔄 Bulk sync: "Repair Phantom Invoices" action available from Dolibarr's standard invoice list.
• ⚠️ Confirmation dialogs: Mandatory confirmation before each sync operation.

🔌 REST API

• 📡 GET /verifactu/integrity: Public endpoint (protected by API-KEY) that returns the module's integrity hash.
• 🔄 POST /verifactu/toProduction: Remotely switches the module to production environment.
• 🔄 POST /verifactu/toTest: Remotely switches the module to test environment.
• 📋 Structured response: Returns integrity hash, version, configuration status and environment information.

�🔬 Submission Simulation (Dry Run)

• 🧪 Simulate Creation and Modification: Buttons to generate full JSON payload without submitting to AEAT.
• 📋 Dual JSON view: Raw JSON with copy button + interactive hierarchical view.
• 🔮 Simulated reference: On drafts, calculates and shows the next reference that would be assigned on validation.
• 📄 Available in any state: Works even with draft invoices, ideal for pre-validation checks.

🎨 User Interface

• 📌 VERI*FACTU tab on each invoice: Complete submission info, AEAT response, QR code and simulation options.
• 📊 VERI*FACTU invoice list: Centralized view with filters by submission status (Pending, Correct, Partial, Incorrect).
• 🔍 Direct AEAT query: Verify an invoice's status directly against Tax Agency records.
• 💡 Smart tooltip: Verifactu fields only appear in the tooltip if the invoice has been processed.
• 📊 Icon in top menu: Module status visible with dynamically positioned tooltip compatible with all themes.
• 🏷️ CSV status icon on references: Each invoice reference in the interface shows an AEAT response status icon (Correct, Partial, Incorrect).
• ⚙️ Admin panel with 9 tabs: General, Certificates, Downloads, License Agreement, Changelog, Telemetry, About, Phantom Invoices and Documentation.
• 📐 Progressive staged configuration: Fields are gradually revealed — Basic → Additional → QR → Advanced — avoiding overwhelming the user.
• 👤 Permission system: Dedicated verifactu->manage permission for granular access control to module features.
• 📋 20 tax regime keys: General regime, export, second-hand goods, gold, travel agencies, cash basis, OSS/IOSS, equivalence surcharge, REAGYP, simplified and more.
• 📑 All official invoice types: F1 (full), F2 (simplified), F3 (replacement), R1–R5 (corrective), with correction by replacement (S) and by differences (I).

🧩 What's included in the module

• 📄 VERI*FACTU tab on each invoice with submission status, AEAT response, QR and simulation.
• 📋 Invoice list with status filters and bulk actions.
• 🔍 NIF/CIF verification with automatic badge on third-party cards.
• 🇪🇺 VIES/ROI verification for intra-community operations.
• 🔍 AEAT record query to verify submitted invoices.
• 🔐 Certificate management with upload, validation and automatic extraction.
• 📥 Download management with update verification.
• 📜 Responsible declaration downloadable as PDF.
• ⚙️ Admin panel with 9 tabs: General, Certificates, Downloads, License agreement, Changelog, Telemetry, About, Phantom invoices and Documentation.
• 🔧 5 numbering masks: Standard, Refund, Credit note, Advance and Simplified.
• ⚡ 2 cronjobs: Error invoice retry and safe recurring invoice generation.
• 🔒 2 triggers: Invoice restrictions and automatic AEAT submission.
• 📐 verifactu_lib library: Independent engine for XML construction, signing, SOAP submission and validations.
• 🔍 Compatibility checker: Script to verify server PHP/extension requirements.
• ❓ Integrated FAQ: Frequently asked questions about VERI*FACTU fields and values.
• 🌍 Translations in Spanish (es_ES), English (en_US) and Galician (gl_ES).
• 📋 Complete documentation: PDF guides included in the module.
• 🔐 Transparent telemetry: Fully documented GDPR policy.
• 🛡️ Anti-fraud module RD 1007/2023 included: Includes the additional module module_rd10072023-1.5.3.zip, required by the anti-fraud regulations of Royal Decree 1007/2023.

📦 Common use cases

• 🏢 Spanish companies: Mandatory compliance from January 1, 2027. Automatic submission of all issued invoices to AEAT.
• 💼 Self-employed professionals: Mandatory compliance from July 1, 2027. Simplified setup for freelancers.
• 🛒 Shops with POS (TakePos): Automatic simplified invoicing for physical point-of-sale transactions.
• 🏗️ Construction and services: Invoice management with withholdings (IRPF) and correct ImporteTotal calculation.
• 🌍 Companies with EU customers: Integrated VIES and ROI verification for intra-community operations.
• 📊 Tax advisors and agencies: Bulk invoice validation and NIF/CIF verification against AEAT census.
• 🏭 Distribution companies: High invoicing volume with automatic retries and resubmission cronjobs.
• 💻 Software and SaaS companies: Recurring invoices generated safely with the specialized cronjob.

⚙️ Compatibility & requirements

• 📦 Dolibarr V10+ (compatible up to V23+)
• ⚙️ PHP 7.4 – 8.3+
• 🗄️ MySQL 5.7+ / MariaDB 10.3+ / PostgreSQL 10+
• 🌐 Modern browser with JavaScript support
• 🔌 Required PHP extensions: curl, openssl, json, xml
• 🔐 Valid digital certificate FNMT/AEAT (.pfx or .p12 format)
• 📡 Internet access for SOAP communication with AEAT
• 🔗 Required Dolibarr modules: Invoicing, BlockedLog, REST API

�️ Security & Compliance

• 🔐 Active SSL verification: All AEAT communications use verify_peer = true to prevent MITM attacks.
• 🛡️ XSS protection: dol_escape_htmltag() applied to all dynamic HTML attributes.
• 🔒 Confirmation dialog: jQuery UI modal confirmation before executing critical actions.
• 📋 SHA-256 integrity hash: Verifies that the module code has not been tampered with.
• ⚖️ Responsible declaration: Downloadable legal document certifying RD 1007/2023 compliance.
• 📊 Minimal transparent telemetry: Only essential technical data, never customer or billing data. Documented GDPR policy.
• 🔗 Invoice chain: SHA-256 linked hash ensures immutability and traceability of all records.
• 🔐 Encrypted key storage: Private keys encrypted in DB with dolEncrypt()/dolDecrypt().
• 🚫 Invoice restrictions: Automatic blocking of reopening, deletion and modification of validated invoices, with disabled buttons and explanatory tooltip.
• 🛡️ Extrafield protection: Prevents deletion of fields with verifactu_ prefix to preserve fiscal data integrity.
• ✅ Automatic data validation: Mandatory CIF for Spanish customers, intra-community VAT number for EU customers, mandatory address (except simplified invoices).
• 🔐 CSRF protection: All AJAX endpoints and forms protected against cross-site request forgery.

�💰 Pricing & license

The module is distributed under GPL v3 license with additional terms required for Royal Decree 1007/2023 compliance. The software producer (EasySoft Tech S.L.), as legally responsible under anti-fraud regulations, implements integrity controls and license activation. Includes updates and support during the license period.

✉️ Support

✉️ info@easysoft.es | 🌐 www.easysoft.es