E-Invoice API FAQs

An API is an Application Programming Interface. It acts as a mediator between two different applications and helps them to interact with each other. In the e-invoice system, a taxpayer generates e-invoice in his respective software and reports these invoices on the Invoice Registration Portal (IRP). The IRP will process the e-invoice through API. Here are some of the e-Invoice API FAQs.

1. Where can a taxpayer/GSP get credentials to access the APIs and how?

   A taxpayer/GSP can get credentials on the https://einv-apisandbox.nic.in/ portal. They need to get registered under the portal by using the login tab.

2. Where can a taxpayer/GSP get the URL or endpoints of APIs?

   A taxpayer/GSP should log in to the testing portal to get the endpoints of APIs for the sandbox system.

3. Company X has business units in different states with different GSTINs under the same PAN. Can same API credentials be used for access at different locations?

   There are two types of API credentials:

   i. Client ID and Client Secret: It is provided to the notified taxpayer and can be used for all the business units registered in different states under the same PAN.

   ii. Username and password: It is created separately for each GSTIN.

4. For whom are e-invoice APIs available for access?

   E-invoice APIs are available for:

   • Registered taxpayers with a turnover greater than Rs.500 crore
   • Registered GSPs
5. Who can generate IRN under the e-invoice system?

   It can be generated by registered taxpayers with a turnover greater than Rs.500 crore.

6. Where can one find the Public Key of the e-invoice system?

   One can get the Public Key of the e-invoice system by logging into the testing portal.

7. Can a taxpayer generate e-way bills using IRN? Are there any changes in the generation of the e-way bill processes after the implementation of e-invoice systems?

   Yes, a taxpayer can generate e-way bills using IRN. There will be no change in the generation of e-way bill processes.

8. Is a taxpayer required to generate a token for each transaction?

   It is not recommended to raise a new token for each transaction. Once a token is generated it can be used multiple times till it gets expired. In case, a new request is made, the system will throw back the prior valid token along with expiry time. For making a new request, a taxpayer can refer to the already generated token from the system. If the token has expired, he can raise a new one.

9. What happens if the same request is raised multiple times?

   It is not recommended to raise the same request multiple times. But, if a taxpayer does so, the e-invoice system may block the user’s request for one hour or so.

10. What is the intent of using ‘Force Refresh Access Token’ under Authentication API?

    A taxpayer can use ‘Force Refresh Access Token’ to generate a new token just 10 minutes before the expiry of the previous token to avoid failure of a transaction after the expiry of a token.

11. Can the same token be used for the generation of e-way bills and e-invoice?

    Yes, the same token can be used to generate both e-way bills and e-invoice. But, the same should be done within the expiry of the token.

12. Can a taxpayer print QR code on its invoice?

    Yes, a taxpayer can do so by using the ‘Generate IRN’ API before issuing it to the counterparty.

13. How can a signed invoice be verified?

    A signed invoice can be verified by:

    • Use ‘Generate IRN’ API to get the signed invoice back. The details in the signed invoice are provided as per JWT and JWS standard, which contains the data signature and signing algorithm parameters.
    • These details can be decoded using the PKI process.

    *SHA256 RSA algorithm is used for digital signatures.

14. Which algorithm is used for encryption/decryption of data?

    The symmetric algorithm AES256 (AES/ECB/PKCS7Padding) is used along with SEK Key to encrypt the request payloads of the POST API methods and to decrypt response payloads.

15. For how long is the authentication token valid?

    An authentication token is valid for six hours on the production system. But, for effective testing by the developer, it is set for one hour in the sandbox.

16. How many rounds of API testing have to be made on the sandbox system to get the production access?

    Each API needs to be tested on the sandbox environment. It has at least 50 success cases and 50 failed cases. A system generated MIS report will be provided under ‘API developer testing’, application to figure out how many cases are tested by the taxpayers. On the basis of this report, the system will decide whether a taxpayer is qualified for production access or not.

17. Why am I getting ‘Invalid Auth Token’ error while generating an e-invoice through API?

    Auth Token for generating e-invoice will be active for six hours since the first successful login. Even if the Auth API is called again before six hours, the same token will be returned and the time is not reset. Hence, you have to generate a new Auth token when it expires after six hours.

Click here to read FAQs on the e-Invoicing system.