The GST Council has approved the implementation of ‘e-Invoicing’ or ‘electronic invoicing’ in a phased manner for reporting of Business to Business (B2B) invoices to GST System, starting from 1st January 2020 on voluntary basis. Being the first Invoice Registration Portal (IRP), National Informatics Centre, has made the e-Invoice registration services available through API mode, in addition to other modes. The tax payers and GSPs can integrate their business systems and processes with the e-Invoice system through these APIs for seamless registration of the invoices, generated/prepared on their systems.
Frequently Asked Questions
Q.1 E-Invoice system is showing my old e-mail Id or mobile number. How should I get it changed?
Ans. E-invoice system is using the email id and mobile number, registered by the tax payer on the GST Common Portal, for communication purpose. If it is old, get is updated with latest on the common portal and communicate to us at support.einv.api@gov.in so that we can cross-verify and update on the sandbox for accessing credentials.
If you are GSP, then get is updated with GSTN and request them to communicate to us so that it can be updated.
Q.2 How and where can I get the credentials to access the APIs?
Ans. GSP and tax payer can get the API credentials using the online registration option under ‘Login’ system on this portal.
Q.3 Where can I get the URL or end points of APIs?
Ans. On logging into the testing portal, one can get the end points of APIs for sandbox system.
Q.4 Where can I get the Public Key of e-invoice system?
Ans. On logging into the testing portal, one can get the public key of the e-invoice system for sandbox system.
Q.5 My one business unit has GSTIN in each state based on same PAN. Can I use same API credentials to access to the API system?
Ans. There are two types of API credentials – Client Id and Client Secret, and Username and Password. Client Id and Client Secret is provided to the notified tax payer and the tax payer can use it for all the business units registered in different states, based on the same PAN.
Username and Password is created for each GSTIN. That is, one business, registered in different states, need to create separate username and password for each registered unit/GSTIN.
Q.6 Who can get access to the e-invoice APIs?
Ans. e-invoice APIs is available for registered GSPs, and registered tax payers with turnover more than Rs 500 Crores.
Q.7 Who can generate the IRN from the e-invoice system?
Ans. e-invoice APIs is available for registered GSPs, and registered tax payers with turnover more than Rs 500 Crores.
Q.8 Who can generate the IRN from the e-invoice system?
Ans. Presently, IRN can be generated only by the tax payers who have been notified. That is, tax payers whose turnover is more than Rs 500 Crores.
Q.9 Is there any change in the e-way bill generation after introduction of e-invoice system?
Ans. As of now, there is no change in the generation of e-way bill process. It will exist along with the e-invoice system. There will be additional facility in future to generate the e-way bill based on the IRN.
Q.10 Can I generate e-way bill using IRN?
Ans. Yes, there will be one more API, released shortly, to generate the e-way bill based on IRN and Part-B details.
Q.11 Do I need to generate the token for each transaction or request?
Ans. It is not advisable to request for new token before firing each transaction. Once the token is generated it can be re-used any number of times till it get expired. Even if new request for token is made, the system returns the already generated valid token with expiry time.
The best practice is, once the token is generated, store in the tax payer system along with SEK and expiry time. Next, whenever the transaction request is made, token can be referred from the system and used. If it has expired, then request for new token and store and use it.
Q.12 What happens if the same request or same transaction is fired multiple times?
Ans. It is not advisable to send the same request or same transaction continuously or multiple times. However, based on the response of the transaction, the tax payer system to act upon rather than firing again. If it happens so, then the e-invoice system will block that user’s requests for one hour and so.
Q.13 What is the purpose of the parameter ‘Force Refresh Access Token’ in Authentication API?
Ans. Force Refresh Access Token parameter of Authentication API can be used by the tax payer system to generate the new token, just 10 minutes before the expiry of the token. Basically, the tax payer system can use it to avoid failure of the transaction fired after expiry of the token.
Q.14 Can QR code can be printed by the tax payer on the invoice?
Ans. Yes, the tax payer can print the QR code, as provided in the response payload of the ‘ Generate IRN’ API, on his invoice before issuing it to the concerned party.
Q.15 Can I use the same token for generation of E-way Bill and e-invoice?
Ans. Both e-way bill and e-invoice co-exist and the authentication token generated on one system can be used with other system within the expiry time.
Q.16 How the Signed Invoice can be verified?
Ans. When ‘Generate IRN’ API is called, the system returns the Signed Invoice along with the other details. The tax payer system can verify Signed Invoice. The details in Signed Invoice is provided as per JWT and JWS standard and it contains the data, signature and signing algorithm parameters. These details can be decoded and verified using the PKI process. It may be noted that SHA256 RSA algorithm is used for digital signature.
Q.17 How many rounds of testing of APIs have to be made on the sandbox system to get the production access?
Ans. All APIs have to be tested on the sandbox environment. Each API with at least 50 success cases and 50 failed cases with different errors to be tested. The system generated MIS report will be provided under ‘API developer testing’ application to find out how many cases are tested by the tax payers. Based on this report, the system will declare whether tax payer is qualified for production access or not.
Q.18 Which is the algorithm used for encryption and decryption of data?
Ans. The symmetric algorithm AES256 (AES/ECB/PKCS7Padding) along with SEK Key is used to encrypt the request payloads of the POST API methods and to decrypt response payloads. It may be noted that SEK key is generated and passed by the e-invoice system while sending the authentication token.
Q.19 What is the validity of the Authentication Token?
Ans. Authentication token generated by the e-invoice system is valid for 6 hours on the production system. However, for effective testing by the developer, it has been set for 1 hour in the sandbox.
Can API Intergration possible through using Client ID of others gstin, if turnover is below 500 CR
function use EncryptBySymmetricKey
this error sow:Specified key is not a valid size for this algorithm.
Hi,
I just read content about “GST – E-Invoice API Developer’s Portal- FAQs” and just wanted to tune in and say that it was great.
I did too difficult to mark out some FAQs on E- Invoicing API’s. Luckily it turned out well for both of us.
just wanted to tell you, i have written a guide on “Highlights of E-invoice New API Specification”. Go and check it out and tell us what you thought about it. https://www.encomply.com/Insights/Highlights-of-E-invoice-New-API-Specification.
I’m also facing issue an authentication request. i have checked in postman, SoapUI it’s working fine. but using the console application it’s raising an error like “The underlying connection was closed: An unexpected error occurred on a send.” at response time. can anyone let me know is E-invoicing portal authentication API is working fine or not?
I am facing some issue while generating Auth Token through any mode like Java code/ Postman API call. Getting some error saying “Object reference not set to an instance of an object” but not providing any reason why this error is being thrown.