Validate a CFDI
Validate a CFDI 4.0 XML: structure, arithmetic, the digital seal (sello), and — when already stamped — live SAT status. Send either JSON { "xml_base64": "..." } or a raw CFDI XML body with Content-Type application/xml.
Authorizations
API key: Authorization: Bearer sk_test_... or sk_live_....
Headers
Pin a dated API release (Stripe-style). Omit to use the current version. An unknown value returns 400 request.invalid_version. Echoed back on every response.
"2026-07-10"
Connect: act on behalf of one of your connected accounts (its acct_…/org_… id). Omit to act as your own organization. Not honored on /v1/api_keys.
"org_2P9connectedacct"
Safely retry any POST. The first response is stored for 24h and replayed byte-for-byte for identical retries (the replay adds an idempotent-replayed: true header). Reusing the key with a different body is 409 idempotency.key_reuse; an in-flight duplicate is 409 idempotency.key_processing. This makes retrying a 502/429 safe — no duplicate stamp.
"a1b2c3d4-e5f6-4789-8abc-1234567890ab"
Body
Base64 of the CFDI XML to validate (Content-Type application/json).
1Response
Default Response
Always "validation".
validation Validation record id.
True when the CFDI passed all structural/SAT checks.
The validation failures found (empty when valid).
Parsed summary of the CFDI plus SAT status.
True if validated with a live-mode key.
Creation timestamp, ISO-8601 UTC.