fiscaliacore

Appearance

Quickstart

Five minutes to your first signed submission. Assumes you have a DGII-accredited .p12 certificate from an INDOTEL-registered QTSP (Viafirma, Avansi, CCSD, ...) and an integrator API key from fiscaliacore.

1. Open a signing session

Trade the .p12 for a 15-minute bearer token.

bash
curl -X POST https://api.fiscaliacore.com/api/v1/sessions \
  -H "X-Api-Key: $FISCALIACORE_API_KEY" \
  -H 'Content-Type: application/json' \
  -d @- <<EOF
{
  "certificate": "$(base64 -w0 < /path/to/customer.p12)",
  "password": "$CUSTOMER_P12_PASSWORD"
}
EOF
json
{
  "token": "dXNXRUxTMkZINDBiUXR1WUhpelprenVRZlVtZzkzNndSdzJrNnY",
  "signerCedula": "40209547971",
  "subjectDn": "CN=ALEX RODRIGUEZ,SERIALNUMBER=40209547971,O=VIAFIRMA DOMINICANA,C=DO",
  "certExpiresAt": "2027-04-20T00:00:00Z",
  "expiresAt": "2026-04-23T17:15:00Z"
}

token is your bearer credential for the next 15 minutes. The unlocked private key stays in our JVM heap only — nothing is persisted on our side.

2. Issue a commercial approval (ACECF)

bash
curl -X POST https://api.fiscaliacore.com/api/v1/acecf/issue \
  -H "X-Api-Key: $FISCALIACORE_API_KEY" \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "rncEmisor": "131793916",
    "rncComprador": "40209547971",
    "eNCF": "E310000000005",
    "fechaEmisionOriginal": "2026-04-23",
    "montoTotalOriginal": 1180.00,
    "estado": 1,
    "environment": "CERTIFICATION"
  }'
json
{
  "trackId": "abc-123-def",
  "dgiiEstado": "Aceptada",
  "signedXml": "<ACECF>...</ACECF>",
  "submittedAt": "2026-04-23T17:02:14Z",
  "success": true,
  "statusMessage": "Aceptada"
}

Archive signedXml on your side. fiscaliacore doesn't. Your customer will want it for their own audit and DGII may ask to see it.

3. Close the session (optional)

bash
curl -X DELETE https://api.fiscaliacore.com/api/v1/sessions/current \
  -H "X-Api-Key: $FISCALIACORE_API_KEY" \
  -H "Authorization: Bearer $TOKEN"

The session TTL handles eviction automatically; explicit close is polite but not required.

Next steps

  • Read the full integration guide for production patterns (401-retry, per-customer session caching, two-phase DGII semantics).
  • Browse every endpoint interactively at the Swagger UI.
  • Generate a typed client from the OpenAPI spec in your language of choice.