Confirmation of Process for ZATCA e-Invoicing Project

FATOORA portal and Simulation portal
1

Dears All,
I would like to confirm that there are no errors in the project related to the ZATCA (Zakat, Tax, and Customs Authority) e-Invoicing (WinForm , C#). I have used the SDK with the following commands to generate and sign the invoices:

  1. Private key:
Openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem
  1. Public key:
Openssl ec -in ec-secp256k1-priv-key.pem -pubout -out publickey.pem
  1. CSR:
Openssl req -new -sha256 -key ec-secp256k1-priv-key.pem -extensions v3_req -config csr.config -out Cert.csr

I created the Compliance CSID, then I used the binarytokensecurity for decoding and placed the result in zatca-einvoicing-sdk/Data/Certificate/cert.pem.

After that, I generated an XML invoice (Simplified/Standard) and used the following command to generate the invoice hash:

fatooranet generateHash -invoice invoicename.xml

Then, I signed the invoice using:

fatooranet sign -invoice invoicename.xml

I saved the signed invoice, then extracted the JSON using:

fatooranet invoiceRequest -invoice Signedinvoice.xml

I followed this process for both the Simplified and Standard invoices. I used the resulting JSON file from this step for Compliance Invoicing for six invoices, then performed Reporting for Simplified and Clearance for Standard. Finally, I extracted the Production CSID.

I have two questions:

  1. After extracting the Production CSID, should I perform a decode for the binarysecuritytoken again and place it in the cert.pem file?
  2. I have already tested my project on the simulation portal and found the device configured on the platform. I just want to make sure that there won’t be any issues when using the SDK and commands on client devices. Is there a better method to ensure this?

I would appreciate any advice or confirmation that this process is correct and won’t cause issues.

2

Dear @Madleen

Thanks for reaching out,

The steps you followed is perfect and consistence and correct, move forward please find the answers for your questions as follows:

1- Correct you must decode the binarysecuritytoken from the PCSID and replace it in the cert.pem file, the reason for this step is to sign your actual invoices with your own PCSID.
After that you need to modify the authentication in both Clerance and Reporting APIs using binarysecuritytoken as userName and the secret as password.

2- No issues will appear if you follow the same steps for production environment, just ensure to use the decoded binarysecuritytoken from PCSID and replace it in the cert.pem file as mentioned in the previous point.

Do not hesitate to reach out if you faced any further concerns.

Thanks,
Ibrahem Daoud.

1 Like
3

Dear @idaoud ,
Thank u for ur help.
I would like to inquire whether the ICV counter will be the same regardless of the invoice type, or if each type of invoice will have its own specific ICV counter.
Same question for PIH?

4

ICV Counter will remain same regardless of not only Invoice Type, Regardless of Document Types

  1. Standard Invoice
  2. Simplified Invoice
  3. Standard Credit Note
  4. Standard Debit Note
  5. Simplified Debit Note
  6. Simplified Credit Note

Each PCSID will have a ICV counter. Same for PIH

5

Dear @Ather ,
Thank you for your help.
If I paid bills and there was a rejected bill, when I raise it again, will I change its ICV or will it take the same ICV?

6

If Document got REJECTED from Zatca

Standard Document
Generate New ICV
New PIH
New Date/Old Date (Both Accepted)

Simplified Document
Generate New ICV
New PIH
Old Date

1 Like