E-Invoice API FAQs

An API is an Application Programming Interface. It acts as a mediator between two different applications and helps them to interact with each other. In the e-invoice system, a taxpayer generates e-invoice in his respective software and reports these invoices on the Invoice Registration Portal (IRP). The IRP will process the e-invoice through API. Here are some of the e-Invoice API FAQs.

Latest Updates

10th May 2023
The CBIC notified the 6th phase of e-invoicing, applicable to businesses with a turnover exceeding Rs.5 crore in any financial year from 2017-18 w.e.f. 1st August 2023.

6th May 2023
The GST department has deferred the time limit of 7 days to report the old e-invoices on the IRP portals by three months. Further, the department is yet to announce the new implementation date.

13th April 2023
As per the GST Network's advisories dated 12th April 2023 and 13th April 2023, taxpayers with annual turnover equal to or more than Rs.100 crore must report tax invoices and credit-debit notes to IRP within 7 days of invoice date from 1st May 2023. 

Frequently Asked Questions

Where can a taxpayer/GSP get credentials to access the APIs and how?

A taxpayer/GSP can get credentials on the https://einv-apisandbox.nic.in/ portal. They need to get registered under the portal by using the login tab.

Where can a taxpayer/GSP get the URL or endpoints of APIs?

A taxpayer/GSP should log in to the testing portal to get the endpoints of APIs for the sandbox system.

Company X has business units in different states with different GSTINs under the same PAN. Can same API credentials be used for access at different locations?

There are two types of credentials for logging-in to the e-invoice system: i. Client ID and Client Secret: This is provided to the notified taxpayer and can be used for all the business units registered in different states under the same PAN. ii. Username and password: This is to be created separately for each GSTIN.

For whom are e-invoice APIs available for access?

E-invoice APIs are available for:

• e-Invoicing-eligible entities
• Registered GSPs

Who can generate IRN under the e-invoice system?

E-invoicing was initially notified for registered taxpayers with a turnover greater than Rs.500 crore in any financial year from 2017-18, with exceptions such as Special Economic Zones (SEZ) units, insurance, banking, financial institutions, NBFCs, GTA, passenger transportation service and sale of movie tickets. Only notified taxpayers will have to generate the IRN for their supplies/sales. Currently, e-Invoicing applies to businesses with more than Rs.10 crore annual turnover, and will soon be extended to businesses with a turnover of more than Rs.5 crore w.e.f. 1st August 2023.

Where can one find the Public Key of the e-invoice system?

One can get the Public Key of the e-invoice system by logging into the testing portal.

Can a taxpayer generate e-way bills using IRN? Are there any changes in the generation of the e-way bill processes after the implementation of e-invoice systems?

Yes, a taxpayer can generate e-way bills using IRN. There will be no change in the generation of e-way bill processes.

Is a taxpayer required to generate a token for each transaction?

It is not recommended to raise a new token for each transaction. Once a token is generated it can be used multiple times till it gets expired. In case, a new request is made, the system will throw back the prior valid token along with the expiry time. For making a new request, a taxpayer can refer to the already generated token from the system. If the token has expired, he can raise a new one.

What happens if the same request is raised multiple times?

It is not recommended to raise the same request multiple times. But, if a taxpayer does so, the e-invoice system may block the user’s request for one hour or so.

What is the intent of using ‘Force Refresh Access Token’ under Authentication API?

A taxpayer can use ‘Force Refresh Access Token’ to generate a new token just 10 minutes before the expiry of the previous token to avoid failure of a transaction after the expiry of a token.

Can the same token be used for the generation of e-way bills and e-invoice?

Yes, the same token can be used to generate both e-way bills and e-invoice. But, the same should be done within the expiry of the token.

Can a taxpayer print QR code on its invoice?

Yes, a taxpayer can do so by using the ‘Generate IRN’ API before issuing it to the counterparty.

How can a signed invoice be verified?

A signed invoice can be verified by:

Use ‘Generate IRN’ API to get the signed invoice back. The details in the signed invoice are provided as per JWT and JWS standard, which contains the data signature and signing algorithm parameters.

Further, to verify the signed invoice and the QR code, the public key of the certificate which was used to sign is required. The public key is the same as was used for encrypting the password and app key. The key for the sandbox environment is available for download on the e-invoice sandbox API developer’s portal.*SHA256 RSA algorithm is used for digital signatures.

Which algorithm is used for encryption/decryption of data?

The symmetric algorithm AES256 (AES/ECB/PKCS7Padding) and the asymmetric algorithm (RSA/ECB/PKCS1Padding) is used along with SEK, to encrypt the request payloads of the POST API methods and to decrypt response payloads.

For how long is the authentication token valid?

An authentication token is valid for six hours on the production system. But, for effective testing by the developer, it is set for one hour in the sandbox.

How many rounds of API testing have to be made on the sandbox system to get the production access?

Each API needs to be tested on the sandbox environment. Each API will have to have at least 50 success cases and 50 failed cases. A system generated MIS report will be provided under ‘API developer testing’, application to figure out how many cases are tested by the taxpayers. On the basis of this report, the system will decide whether a taxpayer is qualified for production access or not.

Why am I getting ‘Invalid Auth Token’ error while generating an e-invoice through API?

Auth Token for generating e-invoice will be active for six hours since the first successful login. Even if the Auth API is called again before six hours, the same token will be returned and the time is not reset. Hence, you have to generate a new Auth token when it expires after six hours.

Click here to read FAQs on the e-Invoicing system.