Good morning, We are in final stage of deployment of our zatca integrated solution.
We successfully onboarded with our company’s fatoora account and tested clearance API after receiving Prod CSID in simulation env
We are “Inventory/billing” solution provider. As a solution provider, below is our understanding
our software needs to facilitate the generation of separate Production CSID for each client based on the CSR generated with the taxpayer’s details.
For each new Client who uses our software for trading business, We have to make sure that whole workflow of Compliance CSID generation, compliance submissions, till Prod CSID generation should be done via our solution interface and the client just needs to enter OTP during this onboarding process (which they generate via their own fatoora login)
We have to keep the csrcertificate and private key for each client to later do invoice signing of their respective invoices
we have to keep each clients binarySecurityToken & secret so as to do the clearance of their respective invoices
Yes I found the answer in that post, Thank you for your response and detailed clarification. The explanation provided is clear and aligns with my understanding. I appreciate the additional points mentioned:
PCSID being maintained for each onboarded device is well understood.
The clarification regarding the x.509 certificate being the decoded (Base64) BinarySecurityToken is noted.
The importance of securely storing the private key, even if the client does not require signing e-invoices, is understood and acknowledged.