Skip to content

API Changelog

This page documents all significant changes to the Invoicetronic API.

v1.13.1 - April 24, 2026

Fixes

  • Fixed an issue where the interactive example in API Reference for POST /send/json and POST /send/validate/json did not match the actually expected payload, causing a 400 error for users who copied it. The endpoints accept FatturaPA JSON with the structure matching the XML standard; the example shown is now correct and the description of both endpoints makes it explicit.

Documentation

  • The API Reference overview page now links to the cross-cutting sections most relevant to integrators: Prerequisites, API Keys, Sandbox, Rate Limiting, Pagination, CORS, Localization, Webhooks.

v1.13.0 - April 23, 2026

New

  • New latest_state filter on GET /send: retrieve in a single call all invoices whose current SDI state matches the supplied value (e.g. ?latest_state=Scartato). Accepts either the state name or the corresponding numeric value. Complementary to the latest_state field already exposed inline on Send records, it removes the need to paginate and filter client-side.

v1.12.1 - April 22, 2026

Fixes

  • Fixed a bug where sending a syntactically malformed XML to /send/xml could return a 500 error instead of the expected 400. The server now always responds with 400 plus a ProblemDetails payload including the XML parse error detail.

v1.12.0 - April 21, 2026

New

  • New latest_state field on /send responses (detail and list) and on the send object embedded in /update responses. Exposes the current SDI state of the invoice directly on the Send record, avoiding a second call to /update to discover it.
  • The multi-value ids filter is now supported on GET /send: it accepts up to 100 comma-separated ids to retrieve multiple records in a single call. Useful for displaying the state of a known set of invoices without N+1 patterns.

Fixes

  • The last_update field on /send and the last_update_from/last_update_to filters could show stale values. The field is now always aligned with the most recent SDI update received for the invoice.

Changes

  • Rate limit on polling endpoints widened: bursts up to 500 instantaneous requests and 180 sustained requests per minute (was: 200 and 60). The RateLimit-Policy header reflects the new values on affected endpoints. Details in the rate limiting guide.

v1.11.1 - April 16, 2026

Fixes

  • Fixed an issue where an XML document containing leading invisible characters (such as a UTF-8 BOM) could fail to be processed correctly.

v1.10.0 - April 14, 2026

New

  • New dedicated rate limit for polling endpoints. GET requests on /receive, /update, /send, /log, and /webhookhistory are now subject to an additional limit of 60 requests per minute sustained, with bursts up to 200 instantaneous requests. The limit protects the API from polling loop patterns without penalizing legitimate pagination. The RateLimit-Policy header reflects the new limit on affected endpoints. Details in the rate limiting guide.

v1.9.1 - April 14, 2026

Fixes

  • Fixed a rare 500 Internal Server Error that could appear on otherwise successful API calls when the internal logging system experienced transient issues. The correct response is now always returned to the client.

v1.9.0 - April 12, 2026

Breaking Changes

  • Removed the 15-day free trial on Desk seats: new seat checkouts now start immediately as active subscriptions with no trial period. Sandbox API keys are now the free evaluation path for Desk — no seat required, no time limit.

v1.8.1 - April 10, 2026

New

  • An email notification is now sent when webhook delivery fails repeatedly, allowing timely diagnosis and correction of the endpoint.

v1.8.0 - April 10, 2026

New

  • Improved webhook delivery resilience and diagnostics. Failed attempts are now automatically retried without duplicating event log entries. Each attempt is recorded in webhook history with error details in the new error field.

v1.7.6 - April 10, 2026

Documentation

  • The status_code field in webhook history now documents the meaning of value 0: network error, typically caused by a misconfigured or no longer existing endpoint.

v1.7.5 - April 10, 2026

Fixes

  • Improved webhook delivery resilience: network errors (unresolvable DNS, timeouts, connection refused) no longer cause repeated retries of the entire job. Failures are now recorded in webhook history with status code 0.

v1.7.4 - April 8, 2026

Fixes

  • Fixed an issue where submitting an invoice in JSON format (POST /send/json and POST /send/validate/json) could return a 500 error when one of the document's numeric fields was sent as a string instead of a number. The response is now a clear 400 that points to the malformed field.

v1.7.3 - April 8, 2026

Fixes

  • Fixed an issue where test requests run from the API Reference "Try It" panel could fail with a 400 error because of incorrect placeholder values automatically inserted into server-managed fields.
  • The webhook update endpoint (PUT /webhook/) no longer rejects requests when the user reference in the body does not match the authenticated user: it now aligns automatically, just like other update endpoints already do.

v1.7.2 - April 7, 2026

Fixes

  • Fixed an issue where, after canceling a Desk seat, purchasing a new seat on the same API key could fail. Reactivation from the dashboard now works correctly.

v1.7.1 - April 7, 2026

Fixes

  • Fixed an issue where purchasing an additional Desk seat could create a new Stripe customer profile instead of reusing the one already associated with the user.

v1.7.0 - April 7, 2026

New

  • Desk seats: new model to manage access to Desk Cloud through seats tied to API keys, with recurring billing integration. Your primary API key includes a 15-day free trial.
  • Dual pricing support for Desk seats based on country (Italy/abroad).
  • New has_active_seat field in the GET /status response, to check whether an API key has an active Desk seat.
  • New is_sub_key field in the GET /status response, to identify sub-keys.
  • The description field is now required when creating sub-keys.

Fixes

  • Desk seat cancellation now takes effect at the end of the billing period (status canceling with current_period_end) instead of immediately.

v1.6.5 - April 2, 2026

Fixes

  • Fixed an error where sending malformed XML returned a 500 error instead of the correct 400.

v1.6.4 - April 2, 2026

Fixes

  • Fixed OpenAPI spec generation that produced an empty security requirement, causing missing authentication in all SDKs.

v1.6.3 - April 2, 2026

Fixes

  • Fixed an error that prevented the reception of some electronic invoices in P7M format.

v1.6.2 - March 31, 2026

Fixes

  • Fixed file size limit check (5MB) that was validating the Base64 string length instead of the actual decoded file size, causing false rejections for files within the limit.

v1.6.1 - March 30, 2026

Fixes

  • Improved robustness of Base64 payload decoding.

v1.6.0 - March 30, 2026

New Features

  • Log events now include the user_agent field, which reports the User-Agent header from the HTTP request. The field is available in GET /log/ responses and can be filtered via query parameter.

v1.5.1 - March 27, 2026

Fixes

  • Fixed identification of XML payloads without <?xml> declaration, which were incorrectly converted to Base64.

v1.5.0 - March 26, 2026

Breaking Changes

  • CORS is no longer open to all origins. Allowed origins must be configured per API key. If no origins are configured, cross-origin requests are blocked by the browser. Wildcard subdomain support is available (e.g. *.example.com).

v1.4.2 - March 26, 2026

Fixes

  • Fixed double Base64 encoding on P7M invoices received from SDI.

v1.4.0 - March 24, 2026

New Features

  • Restricted keys support. API keys can now have child keys with configurable permissions and, optionally, access limited to specific companies. Restricted keys share billing with the primary key and cannot create other child keys.

v1.3.3 - March 12, 2026

Fixes

  • Fixed 500 error on POST /send and other transactional endpoints caused by incompatibility between the automatic retry strategy for transient PostgreSQL errors (introduced in v1.3.2) and manual transactions.

v1.3.2 - March 12, 2026

Fixes

  • Fixed 500 error on POST /send/xml when Content-Type includes parameters (e.g., charset=utf-8). The check now also supports text/xml and is case-insensitive.
  • Fixed 500 error on POST/PUT when DateTime fields lack an explicit timezone. Non-UTC values are now rejected with a 400 error.
  • The created field of all entities is now fully managed by the server: set to UTC on creation and not modifiable on update.
  • Fixed 500 error on GET /log and GET /webhookhistory when sorting by success. Computed properties not mapped to the database now return a validation error.

v1.3.1 - March 10, 2026

Fixes

  • Fixed 500 error when the payload field is null or empty on invoice submission. Now correctly returns a 400 error.

v1.3.0 - March 7, 2026

New Features

  • Added nome_committente field to sent invoices and nome_prestatore field to received invoices. The business name is automatically extracted from the XML and is searchable via the q filter.

v1.2.10 - March 6, 2026

Fixes

  • Improved self-invoice (autofattura) detection: invoices with soggetto_emittente = CC and tipo_documento = TD01, or with tipo_documento TD16, TD17, TD18, TD19, TD20, TD21 or TD27 are now correctly recognized.
  • Added validation: invoices submitted without at least one body now return a 400 error.

v1.2.9 - March 3, 2026

New Features

  • Added sorting support for document_date (and -document_date) on /send/ and /receive/ endpoints, to order invoices by document date.

Documentation

  • Clarified in the /update/ endpoint documentation that querying is free and not counted as an operation.

v1.2.8 - March 2, 2026

New Features

  • Added Retry-After header on 429 Too Many Requests responses, indicating how many seconds the client should wait before retrying.
  • Added RateLimit-Limit and RateLimit-Policy headers on all API responses, describing the active rate limit windows (per-second, per-minute, per-day).

v1.2.7 - March 2, 2026

New Features

  • Added GET /health/ endpoint for checking API and database health status. No authentication required. Rate limited to 12 requests per minute. Returns 200 when all services are operational, 503 when one or more dependencies are unreachable.

v1.2.6 - February 27, 2026

New Features

  • Added SDI filename format validation for outbound invoices. The file_name, if provided, must follow the SDI naming convention: country code + fiscal id + _ + progressive + .xml or .xml.p7m (e.g., IT01234567890_00001.xml).

v1.2.5 - February 26, 2026

Fixes

  • The type parameter on the /export/ endpoint now accepts case-insensitive values (e.g., send, Send, SEND) and returns a clear error for invalid values.

v1.2.4 - February 26, 2026

New Features

  • Added q parameter for full-text search across name, VAT number, and fiscal code on /company/ list endpoint.

v1.2.3 - February 26, 2026

New Features

  • Added q parameter for full-text search across committente, prestatore, identifier, and file name on /send/ and /receive/ list endpoints.

v1.2.2 - February 25, 2026

Fixes

  • The sort parameter on list endpoints is now case-insensitive (e.g., both sort=name and sort=Name work).

v1.2.1 - February 25, 2026

New Features

  • Added GET /company/{vat} endpoint to retrieve a company by its VAT number.

Fixes

  • Added default ordering by id to paginated queries to prevent unpredictable results.

v1.1.6 - February 24, 2026

Fixes

  • Transient database exceptions (connection timeouts, etc.) now return 503 Service Unavailable with ProblemDetails.

v1.1.5 - February 23, 2026

New Features

  • Added GET /send/{id}/payload and GET /receive/{id}/payload endpoints to retrieve only the payload without invoice metadata. The receive endpoint marks the invoice as read and counts the operation.

Fixes

  • GET responses for receive and update returned is_read=false even when the read operation marked them as read. Now is_read is correctly true in the immediate response.

v1.1.4 - February 19, 2026

New

  • The API Reference now includes entity schemas (Company, Send, Receive, Update, WebHook, Event, Status) with their descriptions.

v1.1.3 - February 17, 2026

Fixes

  • Whitespace in XML id_codice or codice_fiscale fields (e.g., 04467630614) caused false 400 errors when receiving invoices. Values are now automatically trimmed.

v1.1.2 - February 17, 2026

Fixes

  • Validations are now correctly counted in the operations counter, even when sending with ?validate=true.

v1.1.1 - February 16, 2026

Fixes

  • Malformed XML now returns 400 Bad Request instead of 500 Internal Server Error on all send and validation endpoints.
  • The error message for VAT number not found now includes the VAT number extracted from the XML.
  • The prestatore filter on /update/ queries was being ignored. It now correctly filters through the linked sent invoice.

v1.1.0 - February 13, 2026

New Features

  • Added GET /export/ endpoint to export sent and received invoices as a ZIP archive of FatturaPA XML files. Supports filters by company, period (month/quarter), and document date range. Sent invoices are included only when in final state.

Fixes

  • Received invoices (Receive) are now counted as operations only when unread.

v1.0.27 - February 6, 2026

Fixes

  • The date_sent field on sent invoices (Send) is now updated correctly.

Documentation

  • Added State enum values table to Update documentation with detailed descriptions.
  • Added note on the importance of monitoring sent document status.

v1.0.26 - February 5, 2026

New Features

  • The DELETE /company/{id} endpoint now requires the ?force=true parameter when there are linked invoices. Without it, returns 409 Conflict with details about existing invoices.

v1.0.25 - February 3, 2026

Fixes

  • The is_read field on received invoices (receive) is now set only when include_payload=true, both for single GET and list endpoints.

Documentation

  • Updated receive endpoint descriptions to document the new is_read behavior.
  • Fixed typos in model descriptions.

v1.0.24 - February 2, 2026

Fixes

  • Improved event logging.

v1.0.23 - February 2, 2026

Fixes

  • Fixed base64 decoding in Basic Auth authentication that could cause login failure when credentials were encoded without the colon separator (e.g. Base64(api_key) instead of Base64(api_key:)).

v1.0.22 - January 18, 2026

Improvements

Enhanced API documentation

Added comprehensive descriptions to all API endpoints with detailed information about: - Description of each entity (send, receive, update, company, log, webhook, status) - Data retention periods - Available filters for searches - Links to Dashboard for resource management - Links to Sandbox and Webhooks documentation

v1.0.21 - January 5, 2026

New Features

German language support

Added full support for German language (de) in the Accept-Language header. All error and validation messages are now available in three languages: - Accept-Language: it - Messages in Italian (default) - Accept-Language: en - Messages in English - Accept-Language: de - Messages in German

Regional variants are supported and automatically mapped to the base language (e.g., de-DE, de-AT, de-CHde). For more details, see the localization documentation.

v1.0.20 - January 4, 2026

Breaking Changes

Localization Header - Migration to Accept-Language

The localization header has been migrated from the custom Invoicetronic-Language header to the standard HTTP Accept-Language header (RFC 7231). For more details, see the localization documentation.

Action required: Clients must update their integrations to use the Accept-Language header instead of Invoicetronic-Language: - Before: Invoicetronic-Language: en - Now: Accept-Language: en

The custom Invoicetronic-Language header is no longer supported. The default language is now Italian (previously it was English).

New Features

Full multi-language support

All validation error messages are now available in Italian and English. The API responds in the language specified in the Accept-Language header: - Accept-Language: it - Messages in Italian - Accept-Language: en - Messages in English

If the header is absent or contains an unsupported language, the API will respond in Italian. Currently supported languages: Italian (it), English (en).

v1.0.19 - January 2, 2026

Bug Fixes

Log Errors - More Readable error Field

Improved the error field in logs to show only the actual error message instead of the entire JSON response. The field now contains the real error message (e.g., "vat is required") instead of the full JSON wrapper, making logs more readable. For ProblemDetails errors, the detail field is extracted; otherwise, the title field is used, or for non-ProblemDetails responses, the raw response body (truncated to 500 characters).

v1.0.18 - January 1, 2026

Bug Fixes

Required field validation

Fixed required field validation to return 400 Bad Request instead of 500 Internal Server Error when vat, fiscal_code, name (Company) or payload (Send/Receive) are null. These fields were already marked as required in the API contract and OpenAPI specification, but the validation was not properly enforced at runtime.

v1.0.16 - December 9, 2025

Changes

Invoice Submission - DatiTrasmissione Auto-population

When submitting an invoice without specifying the file_name field, the system now automatically updates the DatiTrasmissione fields in the XML if they are empty: - IdTrasmittente.IdPaese is set to "IT" - IdTrasmittente.IdCodice is set to "01180680397" (Invoicetronic VAT number) - ProgressivoInvio is set to the auto-generated Base36 counter

Previously, only the filename was auto-generated but the XML content remained unchanged. This change ensures consistency between the filename and the XML structure. Existing non-empty values are always preserved and never overwritten.

v1.0.15 - December 6, 2025

New Features

Invoicetronic-Version Header

Added Invoicetronic-Version header to all API responses. Clients can now verify the API version and detect updates by reading this header from any response. The version number matches the API release version (e.g., "1.0.15").

v1.0.14 - December 6, 2025

Bug Fixes

Webhook - Payload Encoding

Fixed webhook payload encoding from UTF-16 to UTF-8 for correct HMAC signature verification. The webhook HTTP payload was being sent with Encoding.Unicode (UTF-16LE) while the HMAC signature was computed using ASCII encoding, making it difficult for clients to verify the signature. Now both payload and HMAC computation use UTF-8 encoding, which is the standard for JSON payloads and ensures consistent signature verification.

v1.0.13 - December 5, 2025

Bug Fixes

Webhook - Wildcard event support

Fixed support for the wildcard event (*) in webhooks. Webhooks configured with the * event were accepted during creation but were never triggered. Now webhooks with * in their events list are correctly triggered for all events.

v1.0.12 - December 4, 2025

New Features

Webhook - resource_id field

Added resource_id field to webhook notifications. Webhook payloads now include the ID of the resource created or modified by the request.

For example, for update.add events, the resource_id field contains the ID of the newly created Update entity. This allows webhook receivers to directly fetch resource details without having to match based on timestamps or other heuristics.

v1.0.9 - December 4, 2025

Bug Fixes

Webhook notifications for receive.add and update.add

Fixed an issue that prevented webhook notifications from being sent correctly for receive.add and update.add events. Webhooks are now correctly triggered for the resource owner.

v1.0.7 - December 3, 2025

Bug Fixes

Webhook notifications with null company_id

Fixed an issue that prevented webhook notifications from being sent when the API response contained a null company_id value. Webhooks are now correctly sent even in these cases.

v1.0.0 - July 14, 2025

New Features

First official release of Invoicetronic API.