GSTIN Token Refresh: Meaning, Expiry, OTP Fix & Impact on GST Login

By Annapoorna

|

Updated on: Jul 4th, 2025

|

5 min read

GSTIN token refers to the secure authentication token that the GST Network issues via API when the taxpayer logs into the GST system to fetch GST data. The GST system includes the GST portal, e-invoicing system, and e-way bill portal. The token authenticates the taxpayer/user after logging in and is used to make authorised API requests to retrieve and validate GSTIN details or perform GST-related functions.

Credentials like client-ID and client-secret (password) are both used for secure access. The GSTIN token allows only authorised access to sensitive GST data by confirming the legitimacy of the requester.

This article explains about GSTIN token, GSTIN token refresh, why it expires every 6 hours, and how token refresh alerts work, role of GSP/ASP, how to avoid frequent OTP prompts, and manage GSTIN token expiry with best practices.

What is the GSTIN Token Refresh? 

Every GSTIN token has a validity of six hours. GSTIN token refresh means renewing or extending the validity of an existing GSTIN token authentication for GST-related API systems (GST portal, e-invoicing or e-way bill).

The process enables uninterrupted access to GST APIs by not re-authenticating from scratch. However, the GSTIN token refresh must happen before it expires to obtain the new GSTIN token. The GSTIN token refresh also helps avoid transaction failures. It does not require re-entry of credentials or OTP.

Some systems provide a feature called ‘Force refresh access token’ that enables generation of a new token 10 minutes before expiry of current token for ensuring continuous access.

Why do you get GSTIN Token Refresh Alerts? 

You receive the GSTIN token refresh alerts via emails or SMS from donotreply@gst.gov.in saying "Authentication token refreshed for your GSTIN". It is because the authentication token is only valid for six hours. The alert helps the user to renew the GSTIN token before it expires, allowing you not to go through transaction failure, which is critical during compliance. Where the user is already using ASP-GSP, it just means the GSTIN token was auto-renewed to keep your IRP access running smoothly.

Suppose the user wants to reduce inbox clutter & SMS alerts, they can simply create an email filter with:

Subject: "Authentication token" From: donotreply@gst.gov.in

This will send all token refresh emails into a separate folder, keeping their main inbox clean, while still receiving other essential messages from the GSTN.

GSTIN Token Refresh Process Explained

When the user first authenticates with the GST system, a GSTIN access token is issued. This token allows users to make API requests for GST compliance functions. As the token nears expiry (often 10 minutes before), the user receives an alert to refresh the token. 

The alert is to avoid service disruption. After the expiry, it cannot be used for further API requests. The user can use a "Force Refresh Access Token" function to generate a new token proactively before the old one expires. There is no need to generate a new token for every transaction. One can use the existing token until it expires, then refresh as needed.

Role of GSP/ASP in Token Refresh

GST Suvidha Providers (GSP) enable smooth indirect access to services on the GST portals. On the other hand, GST Application Service Providers (ASP) are software/cloud solution providers that act as intermediaries between the GSP and taxpayer users to interact with the GST portals. They often enable users with SAAS-based or tech functionalities to easily prepare and file their GST returns, or generate e-invoices or e-way bills in bulk. There is a clear division of roles between GSP and ASP. While GSP handles the token refresh mechanics, ASPs render value-added services to the taxpayers.

When it comes to the GSTIN token refresh task, there are certain aspects in GSTIN token refresh that both GSP and ASP manage, such as the token access, security, delegation and monitoring. These are summarised in the table below-

RoleGSP ResponsibilitiesASP Responsibilities
Token AccessSecurely connect to GST Network and manage GSTIN token lifecycleRequest GSTIN token refresh via GSP
SecurityStore and manage GSTIN credentials while enforcing complianceHandle user data, interface, and workflows
DelegationProvide sub-licenses to ASPsUse GSP-provided credentials for API calls
MonitoringTrack expiry and automate GSTIN token refreshMonitor session status and alert users

GSTIN Token Expiry and Validity

The GSTIN token or the GSTIN authentication token has a validity of six hours from the time it is generated. This means:

  • GSTIN Token Validity: The GSTIN token remains active for a continuous period of six hours and can be used for all API requests.
  • Expiry: After six hours, the token expires. If one uses an expired token to make any API request, it will result in an "Invalid Token" error. The system will not process the request until a new token is obtained.
  • GSTIN Token Refresh: One must call the authentication API again to get a new token once the previous one expires and to avoid transaction failures.

One can use the "ForceRefreshAccessToken" parameter to generate a new token about ten minutes before expiry for seamless operations.

How to Avoid GSTIN Token Refresh OTP

An ASP/GSP must refresh the GSTIN token for its users within six hours. If not refreshed, users will need to enter the OTP manually repeatedly. GSTIN token refreshing helps users do this manual OTP entry only once every 30 days. Users can use session-based authentication, where they can authenticate via an ASP/GSP. 

A session is established between the ASP application and the GST system through the GSP. As long as this session is active, the ASP/GSP can refresh the GSTIN token programmatically without prompting the user for OTP each time.

GSTIN Token Refresh Every 6 Hours: How It Impacts Your GST Login Experience

The user gets impacted by the GSTIN token refresh every 6 hours. They could be logged out of the GST portal, affecting filings and API usage experience, as follows-

If the GSTIN token is not refreshed, API calls fail with "Invalid Token" errors, disrupting GST compliance.

Frequent token expiry can lead to repeated OTP prompts and login interruptions.

Best Practices for Managing GSTIN Tokens

There are some best practices for managing GSTIN tokens efficiently without GST compliance disruption. These are listed below-

  • Use the GSTIN token multiple times before it expires without generating a new token for every request
  • Refresh the token before expiry to avoid transaction failures
  • Keep tokens securely, restricting access to authorised users only
  • Avoid embedding tokens directly in application code to prevent accidental leaks.
  • If the user suspects a token compromise, they must regenerate or revoke tokens immediately
  • Sync token management with the ERP or billing system for seamless GST compliance workflows

Common Issues Leading to Token Expiry/Failure

Issue

Reason

Resolution

Token ExpiryToken used after a six-hour validityCall the Auth API again to generate a new token before using GST APIs.
Incorrect GSTIN/User ID/TokenWrong GSTIN, User ID, or token passed in API request headersPass the correct GSTIN, User ID, and Auth Token in all API requests except the Auth API.
Inactive or Cancelled GSTINGSTIN is inactive, cancelled, or not enabled for e-invoicingVerify GSTIN status on the GST portal, and allow it for e-invoicing if required.
Invalid Client ID/Client SecretThe Client ID or Client Secret in the request header is wrongUse the correct Client ID and Client Secret.
Payload/Encryption ErrorWrong formation of the request payload or encryption errorPrepare payload as per API documentation; use the correct public key for encryption.
Inactive User or User Not EnabledUser status is inactive or not enabled for e-invoicingVerify user status and enable necessary services on the GST portal.
Invalid GSTIN for UserGSTIN in the header differs from the GSTIN used for token generationSend the correct GSTIN in the header for APIs other than the Auth API.
Server/Network IssuesGSTN/NIC server downtime or connectivity issuesWait and retry after some time; check for scheduled maintenance.
GSTIN Data Not SyncedGSTIN details not updated between GSTN and the e-invoice systemUse the "Sync GSTIN details from Common Portal" API to update GSTIN data.
PIN Code-State Code MismatchThe PIN code does not belong to the state providedProvide the correct PIN code and state code combination.
Invalid Login CredentialsWrong User ID or PasswordPass the correct User ID and Password; use "Forgot Password" if needed.
Decryption of App Key/Password FailedThe wrong encryption key was usedUse the correct public key for encryption as provided by the portal.

Frequently Asked Questions

How often should I refresh my GSTIN token?

You can refresh the GSTIN token every six hours, or just before expiry, using the "Force Refresh Access Token" option.

What happens if I don't refresh the GSTIN token?

If the token is not refreshed, API calls will fail with "Invalid Token" errors, and you must generate a new token to continue.

Is my GST data safe with the GSTIN token refresh activity?

Yes, every token refresh must be compliant with GSTN’s published guidelines. You can view the complete API Access history on the GST portal under My Profile > Manage API Access.

Why am I seeing the ASP/GSP name in my GSTIN token refresh mail?

You’re seeing the ASP/GSP name in the GSTIN token refresh mail because you, your team, or your consultant has previously authorised them to connect to GST systems like the portal, e-invoicing, or e-way bill on your behalf.

Can token refresh be automated?

Yes, you can automate token refresh through your GSP/ASP or application logic.

Are token refresh alerts mandatory for all GST API users?

No, but a timely refresh is required to avoid disruptions; alerts help remind users, but are not mandatory.

What would happen if the authorisation token expires and a transaction is on (i.e., posted to the GST system already)?

The transaction will fail if the token has expired before completion; a new token is needed to retry.

Can a taxpayer access the GST system through more than one GSP/ASP application?

A taxpayer can access the GST system through multiple GSP/ASP applications.

About the Author
author-img

Annapoorna

Assistant Manager - Content
social icons

I preach the words, “Learning never exhausts the mind.” An aspiring CA and a passionate content writer having 4+ years of hands-on experience in deciphering jargon in Indian GST, Income Tax, off late also into the much larger Indian finance ecosystem, I love curating content in various forms to the interest of tax professionals, and enterprises, both big and small. While not writing, you can catch me singing Shāstriya Sangeetha and tuning my violin ;). Read more

Browse by topics
Income Tax e-Filing
Income Tax Calculator
Income Tax Slabs FY 2024-25
Old vs New Tax Regime
How To File ITR
New Tax Regime
Which ITR Should I File
Last Date To File ITR For 2024-25
Income Tax Sections & Deductions
Income Tax Refund
Capital Gains Income
TDS
PF Balance Check
Form 26AS
Advance Tax
Related articles
What is Invoice Management System (IMS) under GST: Key Features, Benefits & How Does It Work
What is B2C e-Invoicing: Applicability, Date, Requirements, Limit, Examples
Impact of GST on Rent: GST on House Rent and Commercial Property Rent
GST on Gold: GST Rate on Gold Purchase, Jewellery, Coins, Biscuit & Bar
GST on Laptops: Applicability, HSN Code and GST Rate
GST on Mobile Phones: Applicability, HSN Code and GST Rate
GST on TV in India: HSN Code and GST Rate for LED Televisions
GST on Health Insurance: Applicability, HSN Code and GST Rate
GST on Construction Services and Materials: Applicability, GST Rate and HSN Code
55th GST Council Meeting Highlights: Updates, Outcome, Press Release and Latest News
Popular articles
Goods and Services Tax: What is GST in India? Indirect Tax Law Explained
GST Rates in India 2024 - List of Goods and Service Tax Rates, Slab & Revision
All about Reverse Charge Mechanism (RCM) under GST
GST State Code List and Jurisdiction
Section 17(5) of CGST Act - Blocked Credit Under GST
Late Fees and Interest on GST Returns
What is SGST, CGST, IGST and UTGST?
GST Registration Online: Documents Required, Limit, Fees, Process, Penalty
GST Return - What is GST Return? Who Should File, Due Dates & Types of GST Returns
GSTR-1 Filing: Due Date, Format, Late Fees, Eligibility & Rules
GSTR-3B: Due Date, Late Fee, Format, Return Filing, Eligibility, Rules
GSTR-9 Annual Return: Due Date, Applicability, Turnover Limit, Format, Eligibility, Rules
GST Login – How to login GST portal (www.gst.gov.in) online in India
GST Composition Scheme: Rules, Turnover Limit, Rate, Benefits
Goods Transport Agency under GST
Time, Place and Value of Supply in GST
GST Penalties and Appeals
Important GST Dates and GST Calendar 2024-25
Invoicing Under GST
You might be interested in
GST Number Search Online - Taxpayer GSTIN/UIN Verification
GST Number Search by Name | GSTIN Verification Online
GST Number Search by PAN: Guide to GST Search by PAN
Pin to Pin Distance - How to Calculate Distance Between Two Pin Codes for e-Way Bill
GST Calculator Online
Clear Logo
Follow us on
FacebookTwitterLinkedInGitHubInstagram
Have a query?
Support
Company
About us
Contact us
Careers
Media & Press
User reviews
Engineering blog
Clear Library
FinTech glossary
ClearTax Chronicles
GST Product Guides
Trust & Safety
Cleartax(Saudi Arabia)

Clear offers taxation & financial solutions to individuals, businesses, organizations & chartered accountants in India. Clear serves 1.5+ Million happy customers, 20000+ CAs & tax experts & 10000+ businesses across India.

Efiling Income Tax Returns(ITR) is made easy with Clear platform. Just upload your form 16, claim your deductions and get your acknowledgment number online. You can efile income tax return on your income from salary, house property, capital gains, business & profession and income from other sources. Further you can also file TDS returns, generate Form-16, use our Tax Calculator software, claim HRA, check refund status and generate rent receipts for Income Tax Filing.

CAs, experts and businesses can get GST ready with Clear GST software & certification course. Our GST Software helps CAs, tax experts & business to manage returns & invoices in an easy manner. Our Goods & Services Tax course includes tutorial videos, guides and expert assistance to help you in mastering Goods and Services Tax. Clear can also help you in getting your business registered for Goods & Services Tax Law.

Save taxes with Clear by investing in tax saving mutual funds (ELSS) online. Our experts suggest the best funds and you can get high returns by investing directly or through SIP. Download Black by ClearTax App to file returns from your mobile phone.

Cleartax is a product by Defmacro Software Pvt. Ltd.

Privacy PolicyTerms of use

ISO

ISO 27001

Data Center

SSL

SSL Certified Site

128-bit encryption