Updated on: May 15th, 2023
|
3 min read
An API is an Application Programming Interface. It acts as a mediator between two different applications and helps them to interact with each other. In the e-invoice system, a taxpayer generates e-invoice in his respective software and reports these invoices on the Invoice Registration Portal (IRP). The IRP will process the e-invoice through API. Here are some of the e-Invoice API FAQs.
Latest Updates
10th May 2023
The CBIC notified the 6th phase of e-invoicing, applicable to businesses with a turnover exceeding Rs.5 crore in any financial year from 2017-18 w.e.f. 1st August 2023.
6th May 2023
The GST department has deferred the time limit of 7 days to report the old e-invoices on the IRP portals by three months. Further, the department is yet to announce the new implementation date.
13th April 2023
As per the GST Network's advisories dated 12th April 2023 and 13th April 2023, taxpayers with annual turnover equal to or more than Rs.100 crore must report tax invoices and credit-debit notes to IRP within 7 days of invoice date from 1st May 2023.
A taxpayer/GSP can get credentials on the https://einv-apisandbox.nic.in/ portal. They need to get registered under the portal by using the login tab.
A taxpayer/GSP should log in to the testing portal to get the endpoints of APIs for the sandbox system.
There are two types of credentials for logging-in to the e-invoice system: i. Client ID and Client Secret: This is provided to the notified taxpayer and can be used for all the business units registered in different states under the same PAN. ii. Username and password: This is to be created separately for each GSTIN.
E-invoice APIs are available for:
E-invoicing was initially notified for registered taxpayers with a turnover greater than Rs.500 crore in any financial year from 2017-18, with exceptions such as Special Economic Zones (SEZ) units, insurance, banking, financial institutions, NBFCs, GTA, passenger transportation service and sale of movie tickets. Only notified taxpayers will have to generate the IRN for their supplies/sales. Currently, e-Invoicing applies to businesses with more than Rs.10 crore annual turnover, and will soon be extended to businesses with a turnover of more than Rs.5 crore w.e.f. 1st August 2023.
One can get the Public Key of the e-invoice system by logging into the testing portal.
Yes, a taxpayer can generate e-way bills using IRN. There will be no change in the generation of e-way bill processes.
It is not recommended to raise a new token for each transaction. Once a token is generated it can be used multiple times till it gets expired. In case, a new request is made, the system will throw back the prior valid token along with the expiry time. For making a new request, a taxpayer can refer to the already generated token from the system. If the token has expired, he can raise a new one.
It is not recommended to raise the same request multiple times. But, if a taxpayer does so, the e-invoice system may block the user’s request for one hour or so.
A taxpayer can use ‘Force Refresh Access Token’ to generate a new token just 10 minutes before the expiry of the previous token to avoid failure of a transaction after the expiry of a token.
Yes, the same token can be used to generate both e-way bills and e-invoice. But, the same should be done within the expiry of the token.
Yes, a taxpayer can do so by using the ‘Generate IRN’ API before issuing it to the counterparty.
A signed invoice can be verified by:
Use ‘Generate IRN’ API to get the signed invoice back. The details in the signed invoice are provided as per JWT and JWS standard, which contains the data signature and signing algorithm parameters.
Further, to verify the signed invoice and the QR code, the public key of the certificate which was used to sign is required. The public key is the same as was used for encrypting the password and app key. The key for the sandbox environment is available for download on the e-invoice sandbox API developer’s portal.*SHA256 RSA algorithm is used for digital signatures.
The symmetric algorithm AES256 (AES/ECB/PKCS7Padding) and the asymmetric algorithm (RSA/ECB/PKCS1Padding) is used along with SEK, to encrypt the request payloads of the POST API methods and to decrypt response payloads.
An authentication token is valid for six hours on the production system. But, for effective testing by the developer, it is set for one hour in the sandbox.
Each API needs to be tested on the sandbox environment. Each API will have to have at least 50 success cases and 50 failed cases. A system generated MIS report will be provided under ‘API developer testing’, application to figure out how many cases are tested by the taxpayers. On the basis of this report, the system will decide whether a taxpayer is qualified for production access or not.
Auth Token for generating e-invoice will be active for six hours since the first successful login. Even if the Auth API is called again before six hours, the same token will be returned and the time is not reset. Hence, you have to generate a new Auth token when it expires after six hours.
Click here to read FAQs on the e-Invoicing system.
An API in the e-invoice system helps taxpayers interact with the Invoice Registration Portal (IRP) to generate and report e-invoices. The latest updates regarding e-invoicing regulations are mentioned along with FAQs about accessing APIs and generating e-way bills using IRN. Information on credentials, endpoints, accessing APIs, generating IRN, refreshing access tokens, and verifying signed invoices is provided.