# Copyright 2026 DI Management Services Pty Ltd
# Last modified: 2026-06-17T09:23:00Z
openapi: 3.1.0
info:
title: FirmaSAT Validation REST API
version: 1.0.0
description: "For information purposes only. No warranties."
license:
name: Disclaimer
url: https://cryptosys.net/firmasat/validator.html#disclaimer
servers:
- url: https://di-mgt.com.au/cryptosys/api
paths:
/fsa_validation:
post:
summary: Validate XML document to SAT specifications
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- api-token
- xmldata
properties:
api-token:
type: string
description: Required API token
xmldata:
type: string
description: Required XML data encoded for JSON
pac-cert:
type: string
description: Optional PAC certificate in base64 encoding
responses:
'200':
description: Validation result (Success, Partial Success, or Error)
content:
application/json:
schema:
type: object
required:
- status
- validation-result
- timestamp
- reference
properties:
status:
type: string
description: Overall operation status
example: "partialsuccess"
validation-result:
type: object
description: Detailed results of the validation
required:
- xml-valid
- firmasat-version
- result-code
properties:
document-type:
type: string
description: The type and version of the document
example: "CFDI version 4.0"
xml-valid:
type: boolean
description: Indicates if the XML structure is valid to SAT specifications
xml-error:
type: string
description: Error message if XML validation failed
example: "Element 'Traslados' not allowed here (line 11)/Elemento no permitido aqui"
original-string:
type: string
description: The generated 'cadena original' pipe-delimited string
original-string-digest:
type: string
description: SHA-256 digest of the original string
signature-cert-used:
type: string
description: Serial number of the certificate used
signature-cert-reported:
type: string
description: Serial number of the certificate reported in XML
signature-valid:
type: boolean
description: Indicates if the digital signature is valid
signature-error:
type: string
description: Error message if signature validation failed
certification-string:
type: string
description: The 'cadena original' of the fiscal stamp (TFD)
certification-string-digest:
type: string
description: SHA-256 digest of the certification string
certification-cert-used:
type: string
description: Serial number of the SAT certificate used
certification-cert-reported:
type: string
description: Serial number of the SAT certificate reported
tfd-valid:
type: boolean
description: Indicates if the Timbre Fiscal Digital (TFD) is valid
tfd-error:
type: string
description: Error message if TFD validation failed
firmasat-version:
type: string
description: Version of the FirmaSAT library used
result-code:
type: string
description: Hexadecimal result code from the validation
example: "0x0"
timestamp:
type: string
format: date-time
description: The time the response was generated
reference:
type: string
description: Reference number
'400':
description: Invalid input
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Access denied
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'405':
description: Invalid HTTP method
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'413':
description: Payload too large
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'429':
description: Too many requests
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
components:
schemas:
ErrorResponse:
type: object
required:
- status
- message
properties:
status:
type: string
const: "error" # Value is strictly fixed to "error"
message:
type: string
example: "bad-json"