Invio
Self-hosted invoicing without the bloat
Invio is a minimalist, self-hosted invoicing application that lets freelancers, consultants, and small businesses create, send, and track invoices without signing up for a SaaS platform or handing data to a third party. Clients receive a secure shareable link and can view their invoice without creating an account—no login emails, no friction.
The application is split into a Deno/Hono backend serving a REST API with SQLite persistence, and a SvelteKit frontend built with Bun and served as a Node.js adapter. Both services run in a single Docker container managed by supervisord, making self-hosted deployment straightforward. PDF export is handled by WeasyPrint, an HTML-to-PDF renderer installed in the container image.
Invio has grown well beyond a simple invoice creator. Version 2 introduced multi-user support with granular resource-level permissions, OIDC single sign-on, TOTP two-factor authentication, a product and tax definition catalog, invoice attachments, and support for structured e-invoicing standards including Factur-X/ZUGFeRD, UBL, and FatturaPA. The UI is fully internationalized with completed translations for English, German, Dutch, and Brazilian Portuguese.
All data lives in a SQLite file on your own server. There is no telemetry, no subscription, no per-invoice fee, and no dependency on external services. Invio is released into the public domain under the Unlicense, placing zero legal restrictions on use, modification, or commercial deployment.
What You Get
- Shareable invoice links - Generate a unique public URL for every invoice so clients can view it in a browser without logging in or creating an account.
- Multi-user access with permissions - Create additional user accounts and assign granular per-resource, per-action permissions so team members can access only what they need.
- OIDC single sign-on - Connect Invio to any OpenID Connect provider (Keycloak, Authentik, Google, etc.) for centralized authentication and optional automatic user provisioning.
- TOTP two-factor authentication - Protect admin accounts with time-based one-time passwords; eight recovery codes are generated at enrollment for account recovery.
- E-invoicing standard export - Generate machine-readable invoices in Factur-X/ZUGFeRD 2.2, UBL 2.1, and Italian FatturaPA formats, embedded in the PDF as XML attachments.
- Product and tax catalog - Define reusable products with prices and tax definitions with rates so invoice line items can be selected from a pre-built catalog rather than typed from scratch.
- Internationalized UI - Full translations for English, German, Dutch, and Brazilian Portuguese with browser-locale detection and a per-user locale override.
- WeasyPrint PDF rendering - Convert HTML invoice templates to PDF entirely on-server using WeasyPrint, with custom fonts and CSS supported out of the box.
- Rate-limited authentication - Sliding-window rate limiting tracks failed login attempts by IP, username, and IP+username combination to block brute-force and credential-stuffing attacks.
- Single-container deployment - A single Docker image runs both the Deno backend and the SvelteKit/Node.js frontend under supervisord, requiring only a volume mount and an env file.
Common Use Cases
- Freelancers billing clients - A graphic designer creates an invoice, generates a share link, and pastes it into an email—the client clicks and pays without any account setup.
- Small agencies replacing SaaS billing - A five-person agency self-hosts Invio on a VPS to centralize invoicing for all clients under one admin with staff members holding limited view-only access.
- Developers in regulated markets - A consultant in Germany exports Factur-X-compliant PDFs that satisfy e-invoicing mandates without paying per-invoice fees to a hosted solution.
- Teams using SSO - An engineering consultancy connects Invio to their Authentik instance so staff log in with their existing credentials and new hires are automatically provisioned.
- Privacy-first operators - A solo accountant runs Invio on a home server to ensure client financial data never leaves their own hardware and is not subject to third-party data policies.
Under The Hood
Architecture
Invio separates its backend API from its frontend presentation layer entirely, with each piece running as an independent process inside a shared container orchestrated by supervisord. The Hono backend exposes a versioned REST API under /api/v1 split into public routes for client-facing invoice views, admin routes protected by JWT middleware, and auth routes handling login, OIDC callbacks, and token refresh. The SvelteKit frontend consumes the backend exclusively through typed fetch helpers defined in a single backend.ts module, keeping the boundary clean. SQLite is accessed synchronously through the Deno sqlite binding; all queries are inline strings with no ORM, which keeps the code readable but means schema evolution is handled manually through version-tracked migration SQL files and automatic pre-upgrade backups.
Tech Stack The backend runs on Deno 2 with Hono v4 for HTTP routing, the standard Deno SQLite binding for persistence, djwt for JWT handling, bcrypt for password hashing, and otpauth for TOTP. PDF generation uses WeasyPrint—a Python-based HTML-to-PDF renderer—invoked as a subprocess, with pdf-lib post-processing PDFs to embed structured XML attachments for Factur-X, UBL, and FatturaPA formats. The frontend is SvelteKit 2 with Svelte 5, styled with Tailwind CSS v4 and DaisyUI v5, built with Bun and served at runtime via the SvelteKit Node adapter. The entire application ships as a single multi-stage Debian-based Docker image containing Deno, Bun, Node, WeasyPrint, and all required font packages.
Code Quality The codebase is TypeScript throughout with Deno’s strict compiler settings enabled on the backend and standard TypeScript strict mode on the frontend. No automated test suite exists—there are no test files in the repository—so correctness relies entirely on manual testing and the type checker. Error handling is pragmatic: most backend routes return typed JSON error responses but catch blocks often use broad patterns rather than typed error hierarchies. The frontend has ESLint with the Svelte plugin and Prettier with Tailwind class sorting configured and enforced in CI. The backend uses Deno’s built-in formatter and linter. Code organization is clear with controllers, routes, middleware, and utilities in distinct directories, though some controllers retain both a legacy and a refactored variant side by side during active development.
What Makes It Unique Invio’s most distinctive feature set is its structured e-invoicing support: it generates Factur-X/ZUGFeRD 2.2 BASIC, UBL 2.1, and Italian FatturaPA XML embedded as PDF attachments, covering three major European e-invoicing standards in a self-hosted tool that is otherwise aimed at simplicity. The OIDC integration with configurable auto-provisioning makes it unusually easy to drop into an existing identity stack without manual user management. The demo mode feature—which periodically resets the SQLite database from a snapshot while allowing writes between resets—is a purpose-built mechanism that lets the project run a public live demo at demo.invio.dev without risk. The combination of a single-container deployment model, zero external service dependencies, and public-domain licensing removes every common friction point for self-hosters evaluating whether Invio fits their legal and operational constraints.
Self-Hosting
Invio is released under the Unlicense, which dedicates the software to the public domain. In plain terms: you can copy, modify, sell, sublicense, or embed it in a commercial product without attribution, without paying royalties, and without satisfying any copyleft conditions. There are no CLA requirements and no commercial-use restrictions. The Unlicense is one of the most permissive instruments available; the only meaningful caveat is that it provides no warranty and no indemnification, so you assume all risk for how you use the software.
Running Invio yourself requires a Linux host capable of running Docker containers. The official image is a single container that internally runs the Deno backend, the SvelteKit/Node.js frontend, and WeasyPrint under supervisord. Operationally, you mount a volume for the SQLite data file, supply environment variables for credentials and JWT secrets, and optionally configure SMTP for email or OIDC for SSO. Backups are a manual responsibility—the application creates SQLite snapshot files before schema migrations, but ongoing backup scheduling is entirely up to the operator. There is no built-in high-availability mode; if the container stops, the service is unavailable until you restart it.
Invio has no hosted or commercial tier—it is purely a self-hosted open-source project maintained by a single developer with community contributions. There are no SLAs, no managed upgrade path, no vendor support contracts, and no cloud backup service. Updates are delivered as new Docker image tags; you apply them manually or automate with a tool like Watchtower. The trade-off is total cost: you pay nothing beyond your hosting costs, and you give up the convenience of automatic updates, managed availability, and someone else’s oncall rotation.
Related Apps
OpenBB
Databases · Analytics · Invoicing Finance
The AI Workspace for Finance: Connect Data, Run AI Agents, Build Analytics
OpenBB
OtherMaybe
Databases · Invoicing Finance · Authentication
Self-hostable personal finance app that gives you full ownership of your financial data with a clean, minimal Rails-powered interface.
Maybe
AGPL 3.0ERPNext
ERP · Invoicing Finance
100% free, open-source ERP unifying accounting, manufacturing, inventory, CRM, HR, and POS in a single self-hostable platform.