The credentials and certificates being used are correct — nothing has changed on our side. Everything was working normally, and we even successfully submitted a transaction yesterday (24-08-2025 at 23:57) without any issues.
Issue Now:
Every request now returns: 401 Unauthorized
Questions:
Is there a known issue or outage currently affecting the ZATCA gateway?
Has anything changed recently on the API (authentication, certificates, clock sync, etc.)?
How can we resolve the 401 Unauthorized, even though credentials worked yesterday?
Environment Details:
SDK Version: 3.3.3
Java Version: 17
Certificte expiration : 29-05-2029
Certificate Curve: secp256k1
Last successful submission: 2025-08-24 23:57
We would appreciate any urgent help or updates on this issue, especially if others are experiencing the same.
Same issue with us. This happened some times in the past also but would get resolved in a few hours. Now it has been more than 24 hours and all invoices will get the “late” warning.
@mah-dc@tareqkhanfar@Jamal@sirinibin2006@naval Please note that Compliance Check API is intended to be used only during Onboarding Process. Once you successfully obtain a Production CSID, you should not be using the corresponding Compliance CSID further. Once Production CSID is onboarded successfully, ZATCA will revoke the Compliance CSID as the intended purpose of completed.
This is done to prevent Compliance Check APIs being used for validating every single invoice before submitting them on Production which is not the intended purpose of this API.
@mah-dc you will have to de-couple submission of invoices to “Clearance API / Reporting APIs” and “Compliance Check API”. Try submitting invoices using Production CSID directly to Clearance API or Reporting API.
@Ankit.K.Tiwari So the compliance endpoint meant to be used for getting the pcsid only, the compliance won’t be needed anymore, the user should report to Clearance/Reporting only without passing by the compliance to check if the invoice is ok to be reported, (we used to use compliance to check if all is good before reporting), what if there is a warning and the invoice is reported, the user won’t be able to fix the warning and report again?
i face same issue, now i removed the Compliance Check API or code from my application
remove Compliance Check from code, now the Compliance Check is not need
the Reporting and Clearance api call already checking the Invoice XML , never check separately the xml file with Compliance Check API,
What about having a separate sandbox for teting invoices validity as the SDK doens’t give warning? @Ankit.K.Tiwari please advise on what to use for invoices validity testing before reporting?
We have same issue.
Before onboarding, we are able to successfully submit all six types of invoices, and the onboarding process works correctly. However, once onboarding is completed, the /compliance/invoices API stops working. Status Code: 401 Unauthorized. No error message is returned in the response body.
Any assistance would be highly appreciated. Thank you in advance.
@Ankit.K.Tiwari We are encountering the same issue during the onboarding process. While We were able to successfully complete the first step of obtaining the compliance CSID, the second step (Compliance Check) returns an empty response from ZATCA with a 401 status code. This matter is critical, and I kindly request your immediate attention and resolution.
Please note that 401 response refer to unauthorised
In your case , can I kindly ask you to confirm if you are using the same BinarySecurtyToken you received from compliance API! for the same VAT used in the sample that you are trying to do the compliance check for it!
If so, we would appreciate your elaborate to share the full payload via below mail, for our investigation to ensure providing the comprehensive support as usual
Simulation: 
Issue Now:
Questions: