Skip to main content
PATCH
/
v1
/
fiscal_profiles
/
{id}
Update a fiscal profile
curl --request PATCH \
  --url https://api.newinvoice.dev/v1/fiscal_profiles/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: multipart/form-data' \
  --form csd_cer='@example-file' \
  --form csd_key='@example-file' \
  --form fiel_cer='@example-file' \
  --form fiel_key='@example-file' \
  --form logo='@example-file'
import requests

url = "https://api.newinvoice.dev/v1/fiscal_profiles/{id}"

files = {
"csd_cer": ("example-file", open("example-file", "rb")),
"csd_key": ("example-file", open("example-file", "rb")),
"fiel_cer": ("example-file", open("example-file", "rb")),
"fiel_key": ("example-file", open("example-file", "rb")),
"logo": ("example-file", open("example-file", "rb"))
}
headers = {"Authorization": "Bearer <token>"}

response = requests.patch(url, files=files, headers=headers)

print(response.text)
const form = new FormData();
form.append('csd_cer', '{
"fileName": "example-file"
}');
form.append('csd_key', '{
"fileName": "example-file"
}');
form.append('fiel_cer', '{
"fileName": "example-file"
}');
form.append('fiel_key', '{
"fileName": "example-file"
}');
form.append('logo', '{
"fileName": "example-file"
}');

const options = {method: 'PATCH', headers: {Authorization: 'Bearer <token>'}};

options.body = form;

fetch('https://api.newinvoice.dev/v1/fiscal_profiles/{id}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.newinvoice.dev/v1/fiscal_profiles/{id}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"logo\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001--",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: multipart/form-data"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://api.newinvoice.dev/v1/fiscal_profiles/{id}"

payload := strings.NewReader("-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"logo\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001--")

req, _ := http.NewRequest("PATCH", url, payload)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.patch("https://api.newinvoice.dev/v1/fiscal_profiles/{id}")
.header("Authorization", "Bearer <token>")
.body("-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"logo\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001--")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.newinvoice.dev/v1/fiscal_profiles/{id}")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Patch.new(url)
request["Authorization"] = 'Bearer <token>'
request.body = "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"csd_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_cer\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"fiel_key\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"logo\"; filename=\"example-file\"\r\nContent-Type: application/octet-stream\r\n\r\n{\r\n \"fileName\": \"example-file\"\r\n}\r\n-----011000010111000001101001--"

response = http.request(request)
puts response.read_body
{
  "object": "fiscal_profile",
  "id": "obj_2P9K3sample",
  "rfc": "XAXX010101000",
  "legal_name": "string",
  "tax_regime": "string",
  "zip": "string",
  "csd": {
    "serial": "string",
    "valid_from": "string",
    "valid_to": "string",
    "rfc": "XAXX010101000"
  },
  "status": "requires_action",
  "has_fiel": true,
  "manifest_status": "pending_signature",
  "manifest_signed_at": "2026-07-10T18:25:43Z",
  "next_actions": [
    {
      "type": "string",
      "message": "string",
      "endpoint": "string",
      "requires": [
        "string"
      ]
    }
  ],
  "pending_actions": [
    {
      "type": "string",
      "message": "string",
      "endpoint": "string",
      "requires": [
        "string"
      ]
    }
  ],
  "metadata": {},
  "brand_color": "string",
  "has_logo": true,
  "livemode": false,
  "created_at": "2026-07-10T18:25:43Z",
  "updated_at": "2026-07-10T18:25:43Z"
}
{
"type": "https://errors.invoiceapi.mx/auth_unauthorized",
"title": "Authentication required",
"status": 401,
"code": "auth.unauthorized",
"detail": "Missing or invalid API key.",
"remediation": "Send `Authorization: Bearer sk_test_...` (or sk_live_...) with a valid API key.",
"doc_url": "/docs/errors#auth-unauthorized",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/resource_not_found",
"title": "Resource not found",
"status": 404,
"code": "resource.not_found",
"detail": "No such id in this org + mode.",
"remediation": "Verify the id and that the key mode (test/live) matches the id.",
"doc_url": "/docs/errors#resource-not_found",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/fiscal_profile_invalid_csd",
"title": "Invalid CSD certificate or password",
"status": 422,
"code": "fiscal_profile.invalid_csd",
"detail": "The CSD .cer/.key pair could not be opened.",
"remediation": "Verify cer_base64 is the .cer, key_base64 is the .key, and the password.",
"doc_url": "/docs/errors#fiscal_profile-invalid_csd",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/rate_limit_exceeded",
"title": "Rate limit exceeded",
"status": 429,
"code": "rate_limit.exceeded",
"detail": "Too many requests for this key + request class (reads and writes are limited separately).",
"remediation": "Back off and retry after the number of seconds in the Retry-After header; batch work or lower your request rate.",
"doc_url": "/docs/errors#rate_limit-exceeded",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/internal_error",
"title": "Internal server error",
"status": 500,
"code": "internal.error",
"detail": "An unexpected error occurred.",
"remediation": "Retry later; contact support with the request_id if it persists.",
"doc_url": "/docs/errors#internal-error",
"request_id": "req_2P9K3sample"
}

Authorizations

Authorization
string
header
required

API key: Authorization: Bearer sk_test_... or sk_live_....

Headers

Invoice-Version
string

Pin a dated API release (Stripe-style). Omit to use the current version. An unknown value returns 400 request.invalid_version. Echoed back on every response.

Example:

"2026-07-10"

Invoice-Account
string

Connect: act on behalf of one of your connected accounts (its acct_…/org_… id). Omit to act as your own organization. Not honored on /v1/api_keys.

Example:

"org_2P9connectedacct"

Path Parameters

id
string
required

Fiscal-profile id, e.g. "fp_2P9K3sample".

Minimum string length: 1

Body

New issuer legal name (razón social).

zip
string

New place-of-issue ZIP (5 digits).

brand_color
string

PDF accent color as #RRGGBB, or empty to leave unchanged.

csd_cer
file

The raw CSD certificate (.cer) file — no base64 needed.

csd_key
file

The raw CSD private-key (.key) file — no base64 needed.

csd_password
string

CSD private-key password (required when rotating the CSD).

fiel_cer
file

The raw FIEL certificate (.cer) file — no base64 needed.

fiel_key
file

The raw FIEL private-key (.key) file — no base64 needed.

fiel_password
string

FIEL private-key password (required when uploading a FIEL).

The raw issuer logo image (PNG or JPEG) — embedded in the PDF; no data URL needed.

Response

Default Response

object
enum<string>
required

Always "fiscal_profile".

Available options:
fiscal_profile
id
string
required

Fiscal-profile id, e.g. "fp_2P9K3sample".

rfc
string
required

Issuer RFC, derived from the CSD certificate.

Issuer legal name (razón social).

tax_regime
string
required

c_RegimenFiscal code of the issuer, e.g. "601".

zip
string
required

Issuer fiscal-domicile ZIP (LugarExpedicion).

csd
object
required

Public metadata of the stored CSD (never the private key).

status
enum<string>
required

Derived readiness state. "requires_action": the carta manifiesto is not yet signed, so this profile CANNOT stamp CFDIs. "active": the manifiesto is signed and the profile is authorized to stamp for its RFC. Derived from manifest_status at serialization time.

Available options:
requires_action,
active
has_fiel
boolean
required

True when a FIEL (e.firma) is stored (used to sign the carta manifiesto and for descarga masiva).

manifest_status
enum<string>
required

Carta-manifiesto signing state.

Available options:
pending_signature,
signed
manifest_signed_at
string | null
required

When the carta manifiesto was signed (ISO-8601 UTC), or null if unsigned.

next_actions
object[]
required

Actions to make this profile active (identical content to pending_actions). Empty when active.

pending_actions
object[]
required

Outstanding actions before this profile can stamp CFDIs (identical content to next_actions). Empty when active.

metadata
object
required

Integrator-owned key-value map echoed back.

brand_color
string | null
required

PDF accent color (#RRGGBB), or null if unset.

Whether a PDF logo is stored (the raw data URL is not echoed to keep responses small).

livemode
boolean
required

True if this profile was created with a live-mode key.

created_at
string
required

Creation timestamp, ISO-8601 UTC.

updated_at
string
required

Last-update timestamp, ISO-8601 UTC.