Tax compliance solution to automate tax processes

A production .NET + Angular system that automates Mexico’s SAT tax compliance pipeline, replacing error-prone manual workflows with automate retrieval, monthly closing, and secure cloud storage.

Problem statement

ℹ️ What is a CFDI?

A CFDI (Comprobante Fiscal Digital por Internet) is the official electronic invoice in Mexico. Regulated by the tax authority (SAT), it serves as the only legal proof of commercial transactions, allowing companies to prove income, claim business expenses, and credit taxes.

⚠️ The manual workflow

A retail distributor company relied entirely on manual workflows to manage their monthly tax compliance obligations under Mexico’s SAT regulations:

• No automated CFDI retrieval: accountants had to manually download every digital CFDI required for monthly administrative processes, one by one from the SAT portal.
• Error-prone data extraction: each downloaded file had to be manually parsed, adapted, and reformatted to match internal reporting formats, introducing risk of human error at scale.
• Tedious monthly closing: producing the monthly closing document required cross-referencing all emitted and received tax receipts by hand, turning a routine task into an hours-long process.
• Fragile local storage: all documents were stored on the company’s local machine.

Making all this work manually, took the administrative members aproximately +5 hours by week.

The solution

Built as a web application (SPA + API), the system replaces every manual step in the tax compliance cycle with an automated pipeline: from pulling raw CFDIs out of SAT, normalizing them into structured data, generating closing reports on demand, and storing everything in a resilient cloud infrastructure.

📄 Automated CFDI retrieval

What used to take hours of manual work is now reduced to a few clicks. Users simply select the document type and a date range, the system handles the rest.

Under the hood, an application service orchestrates the full bulk download lifecycle against SAT’s web services:

1. Authenticating with the company’s digital certificate (e.FIRMA)
2. Request and retrieval
3. Extraction and parsing
4. Mapping to database and store raw files

📦 Data normalization

CFDIs arrive as deeply nested XML documents with a fiscal schema designed for SAT’s purposes, not business logic. Consuming them directly would couple every feature to SAT’s format fragile and unscalable.

A dedicated mapping layer translates each raw XML document into domain entities.

┌───────────────────────────────────────┐     ┌─────────────────────────────────────┐
│               CFDI XML                │     │            Domain Entity            │
├───────────────────────────────────────┤     ├─────────────────────────────────────┤
│ <cfdi:Comprobante UUID="..." />       │ ──> │ Invoice (Id, Folio, Uuid, Subtotal) │
│ <cfdi:Emisor Rfc="..." Nombre="..." />│ ──> │ Supplier (Rfc, LegalName)           │
│ <cfdi:Receptor Rfc="..." />           │ ──> │ Customer (Rfc)                      │
└───────────────────────────────────────┘     └─────────────────────────────────────┘

📆 Automated monthly closing

With normalized data in place, generating the monthly closing document becomes a matter of selecting a period. No spreadsheets, no manual cross-referencing.

The report aggregates all emitted and received CFDIs for the given month, computing totals and net balances, and produces an exportable on-screen summary ready for the accountant’s review.

What previously took hours of error-prone manual work is now available on demand in seconds.

🗂️ Centralized storage

The original single-machine storage was a single point of failure with no redundancy or access control. The solution moves to a cloud hybrid storage strategy.

Structured data (invoice metadata, entities, relationships) lives in the relational database for fast querying, while the raw XML files are stored in Ionos Cloud Object Storage.

Access to raw documents is protected via role-based access control, files are encrypted at rest, and automated backups ensure recoverability.

The stack

Challenges and solutions

Handling digital certificates (e.FIRMA): SAT authentication requires the company’s e.FIRMA: a legally binding digital certificate that, if leaked, could be used to sign fraudulent tax documents on the company’s behalf.

The solution bundles the certificate and private key into a single password-protected .pfx archive (encrypted at rest), whilethe unlock password is stored exclusively in a secrets manager. Never hardcoded, never in source control, and only injected atruntime.

Asynchronous CFDI retrieval protocol: SAT’s bulk download API doesn’t return documents instantly, it operates in three distinct phases: submit a request, verification until the package is ready and download. This multi-step lifecycle can span minutes, making a synchronous request-response approach impossible.

The solution delegates the entire lifecycle to background jobs via Hangfire: the request is submitted, a scheduled job takes polling at controlled intervals, and once SAT indicates that it is ready, it proceeds to download the packages.

SAT service intermittency: SAT’s infrastructure serves the entire country’s tax traffic simultaneously, making it prone to slowdowns and outages, particularly around month-end compliance deadlines. Blind retries risk triggering SAT’s rate and leave background jobs in an inconsistent state if a request is lost mid-lifecycle.

The background jobs implement exponential backoff to space out retries progressively under load, combined with a circuitbreaker to stop polling entirely when SAT is unresponsive. Job state is persisted by Hangfire, so no in-progress request is lostacross server restarts or failures.