About centered applications

ahmad2 · October 12, 2025, 7:44am

Tldr:

How should I develop things if my app is web based? Because normally you verify every unit a taxpayer uses but that’s unrealistic for a web app.

Full topic:

My app is web based and I am wondering how should I develop the onboarding process?

Should I verify all the taxpayers using the same device info? (Because it’s on a server)

Meaning all the invoices will be signed using the same certificate

I want a guide because the existing guides assume you’re developing a desktop app and you have a technical client.

sergei.shishov · October 21, 2025, 2:20pm

For web based app you have to create and onboard the device for every customer per TRN. The reporting is based on the TRN injected in the device, therefore you cannot use the same device for different customers.

Based on your usage, if you have customer as organization or separate persons are using your app, you have to group persons under the group which share the same TRN, this group can onboard 1 or more devices and use them latter in some round-robin fashion or based on your logic, you can onboard different devices for different documents etc.

But the main idea - you have to create and onboard device per TRN, store certificate and private key somewhere to use later and so on. You have to understand - web-based app is just the “UI” but internally you are using servers and databases, mounted volumes or anything where you can store persistent data.

NOTE: I am not anyhow affiliated with ZATCA and helping with what I know or understand. And I cannot build the full solution for you or give detailed info, until you hire me as a core developer

– Sergei

mnuaimi · October 30, 2025, 9:31am

In a web-based invoicing solution, it’s not practical to treat every physical machine as a separate “device” with its own certificate, unlike desktop setups.

The recommended approach — as discussed in the ZATCA Developer Forum — is to treat each Electronic Generation System (EGS) Unit as a virtual device within your backend infrastructure.

Recommended Implementation

Each taxpayer or branch should be onboarded as an EGS Unit in your backend (server side).
For each unit, generate:
- a key pair (private/public)
- a CSID certificate specific to that unit.
All signing and invoice reporting are handled server-side using that unit’s certificate.
The frontend (browser) never stores or uses the certificate — it only sends the invoice payload to the backend API.

Concept

The “device” in a web-based model is a logical EGS unit inside your system — not a physical computer.

Summary

This virtualized onboarding model follows ZATCA’s recommended approach for cloud and web-based invoicing solutions, ensuring compliance while maintaining scalability and security.

Topic		Replies	Views
Onboarding same Company on different device General	1	51	March 10, 2025
Inquiry about a certificate for each user General	4	70	November 21, 2024
Inquiry regarding the initial steps of the communication process General	21	280	February 25, 2025
Urgent Topic in phase 2 Clearance and Reporting	1	77	December 30, 2025
Register many branches under one vat number Onboarding, renewal and revocation	2	171	November 30, 2025

About centered applications

Recommended Implementation

Concept

Summary

Related topics