Skip to content

OnAPI Service (1.0.3)

Welcome to our SUNAT Electronic Invoices API portal.
In this space, you can perform Tax Intelligence operations such as:

  • Generation and management of CPEs in a controlled SUNAT testing environment;
  • OpenAI Artificial Intelligence tools applied to CPEs;
  • Validation and identity verification tools from RENIEC;
  • Support tools for CPEs, and more.
Languages
Servers
Homologation Environment

https://e-hom-onapi.factura-core.com/integrator/api/v1/

Production Environment

https://e-prod-onapi.factura-core.com/integrator/api/v1/

Development Environment

https://e-dev-onapi.factura-core.com/integrator/api/v1/

Authentication

Credential Generation
The team will generate and provide credentials (username and password). This step will be performed only once.

Token Generation
Using the credentials obtained in the previous step, the user will generate a token through a service provided by the team for this purpose.
This token will have a validity period, which is indicated in the service response. Within this period, the token can be used as many times as needed to invoke the services.

Operations

Authentication endpoint

Request

Authenticates a user using their credentials and returns an access token along with a refresh token.

This endpoint is typically used as the first step in the authentication flow. It verifies the user's credentials (e.g., username and password) and, if valid, issues tokens that can be used to access protected resources.

The returned access token should be included in the Authorization header of subsequent API requests using the Bearer scheme.

Tokens:

  • The access token is typically short-lived and used to authorize API requests.
  • The refresh token is long-lived and can be used to obtain a new access token without re-authenticating.

Security Notes:

  • Credentials should be transmitted over HTTPS to ensure security.
  • Refresh tokens must be securely stored and never exposed to third parties.
  • Multiple failed login attempts may result in temporary blocking or rate limiting.
Bodyapplication/jsonrequired

Authentication endpoint

clientIdstring
Example: "integra"
usernamestring
Example: "api@coredobrasil.com.br"
passwordstring
Example: "core"
grantTypestring
Example: "password"
curl -i -X POST \
  https://e-hom-onapi.factura-core.com/integrator/api/v1/integrator/authenticate \
  -H 'Content-Type: application/json' \
  -d '{
    "clientId": "integra",
    "username": "api@coredobrasil.com.br",
    "password": "core",
    "grantType": "password"
  }'

Responses

Successful operation

Bodyapplication/json
tokenstring
refresh_tokenstring
expiresIninteger(int32)
Response
application/json
{
  "token": "string",
  "refresh_token": "string",
  "expiresIn": 0
}

Refresh Token endpoint

Request

Exchanges a valid refresh token for a new access token (and optionally a new refresh token).

This endpoint is used to keep the user authenticated without requiring them to log in again. It should be called before the current access token expires.

The client must send a valid refresh token, typically received from the login or token exchange endpoint.

If the refresh token is valid and not expired or revoked, the response will contain a new access token. Depending on server configuration, a new refresh token may also be issued.

Security Notes:

  • Refresh tokens must be kept secure and should not be shared or exposed.
  • Reuse of refresh tokens after logout or expiration will result in an error.
  • Clients should always update their stored refresh token if a new one is provided in the response.
Security
bearerAuth
Bodyapplication/jsonrequired

Refresh Token endpoint

refreshTokenstring
curl -i -X POST \
  https://e-hom-onapi.factura-core.com/integrator/api/v1/integrator/refresh-token \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "refreshToken": "string"
  }'

Responses

Successful operation

Bodyapplication/json
tokenstring
expiresIninteger(int32)
Response
application/json
{
  "token": "string",
  "expiresIn": 0
}

Logs

Retrieves the most recent API request logs processed by the integrator service. This endpoint returns detailed information for each request, including the HTTP method, endpoint path, request headers, body content, and the timestamp when the request was received. The number of logs returned is controlled by the limit path parameter.

Operations

Integrator

Methods for querying and generating SUNAT Electronic Invoices.

Operations

Reniec Tools

APIs of the National Registry of Identification and Civil Status (RENIEC) of the Government of Peru.

Operations

Tools AI

Artificial Intelligence APIs to support Electronic Invoices, such as:

  • Identity Document Validation (DNI) vs. Selfies
  • Voice-Based Product Generation for CPE Creation
Operations

Tools CPEs

APIs related to SUNAT Electronic Invoices.

Operations

Tools GRE

APIs related

Operations

Products

APIs related to products and services.

Operations
Copyright © Core do Brasil. All rights reserved.