ANAF e-Factura API integration — technical guide 2026
Since 2024, e-Factura has been mandatory for B2B invoices in Romania; since 2025, also for B2C. Integration with the ANAF SPV API is technically feasible, but common operational pitfalls break production deployments. This guide documents the requirements, implementation flow, and typical errors in production.
Short legal framework
- OUG 120/2021 + Law 296/2023 — national RO e-Factura system
- 1 July 2024 — mandatory for B2B transactions in RON
- 1 January 2025 — extended to B2C
- Penalties: 1,000–10,000 RON per invoice not submitted
The 5 stages of integration
Stage 1 — OAuth 2.0 authentication
ANAF SPV uses a qualified digital certificate for API authentication. Steps:
- Obtain a qualified digital certificate (DigiSign, certSIGN, Trans Sped) — €50–€150/year
- Register on SPV (Serviciu Persoane Virtuale) with the certificate
- Generate an access token that expires — refresh every 90 days
- OAuth endpoint:
https://logincert.anaf.ro/anaf-oauth2/v1/authorize
Stage 2 — UBL 2.1 XML generation
The invoice must be generated in XML format conforming to UBL 2.1 with ANAF extensions (CIUS-RO). Structure:
- Header: invoice number, issue date, currency
- Supplier: issuer CIF, address, bank accounts
- Customer: recipient CUI/CNP, address
- Line items: product/service, quantity, unit price, VAT
- Totals: subtotal, VAT by rate (5%, 9%, 19%), total
Typical trap: Romanian diacritics must be correct UTF-8, not ANSI. Dates in ISO 8601 format (2026-05-04), not DD/MM/YYYY.
Stage 3 — API submission
Endpoint: POST https://api.anaf.ro/test/FCTEL/rest/upload (sandbox) or https://api.anaf.ro/prod/FCTEL/rest/upload (production).
Required headers: Authorization: Bearer <token>, Content-Type: application/xml.
Response: unique index_incarcare per invoice. Store it — you use it for status checks.
Stage 4 — Status verification
The invoice is not processed instantly. It goes through ANAF validations (can take 1–30 minutes). You must poll the status periodically:
Endpoint: GET /stareMesaj?id_incarcare=<index>. Possible statuses: nok (validation error), ok (validated), in prelucrare (in progress).
Stage 5 — Download ANAF signature
After validation, ANAF returns a ZIP with the digitally signed invoice. You must store it — this is the legal proof that you submitted it.
7 pitfalls that break production integrations
- Expired token without warning — OAuth tokens expire silently. Implement automatic refresh at 80% of lifetime.
- Undocumented rate limiting — 60 requests/minute per certificate. Above the threshold on burst, you get 429 with no explanation.
- Strict XML schema — one missing field = total rejection, no specific message. Validate locally with the XSD schema before sending.
- Scheduled maintenance — ANAF runs maintenance, usually in the morning. Implement retry with exponential backoff (5min, 30min, 2h, 6h).
- Invoice cancellation — you do not delete; you submit a credit note (storno) referencing the cancelled invoice. Separate business logic.
- Compliant numbering — the invoice must follow your sequential numbering. ANAF does not generate numbers; you supply them.
- Schema versions — ANAF updates specifications periodically. Your build breaks silently. Monitor emails from ANAF.
Recommended technical stack
- Backend: Node.js or PHP — good libraries for XML manipulation and cryptography
- Queue: BullMQ or RabbitMQ — essential for retry logic
- Storage: S3 or local for signed ZIPs — legal retention 5–10 years
- Monitoring: Sentry for errors, custom dashboard for success rate
- Validation: XSD library for local pre-submission validation
Integration development cost
- Simple integration (B2C, low volume, no storno): €2,500 – €4,000
- Standard integration (B2B + B2C, retry, admin dashboard): €4,000 – €7,000
- Enterprise integration (high volume, multi-company, audit logs): €7,000 – €15,000
Plus monthly maintenance €100–€500 for ANAF updates and monitoring.