Alsalamo Alaykom, I generate CSR and Secret according to my Company branch (for simulation)…
Then I posted at …“https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance” passing (OTP,Accept-Language, and Accept-version) in header.. and my CSR in json body…
That worked as expected and I got response … like
“{
“requestID”: 1752…296,
“dispositionMessage”: “ISSUED”,
“binarySecurityToken”: “TUlJQ3F6Q0NBbEdn…TZzJCeA==”,
“secret”: “L3vQIQkDugr…EtcAgOY=”,
“errors”: null
}”
BUT the device does not appeat in …Zatca" [simulation] , can you help me about this
Dear @eng.Adel.Elsayyad,
Wa Alaikum- Al-Sallam.
This is expected as you haven’t completed the full onboarding process, in order to be able to display the onboarded device, you need to perform the compliance checks after requesting the compliance CSID, and after that you will be able to request for the production CSID.
The difference between the compliance CSID and the production CSID is the following:
-
Compliance CSID: the binarySecurityToken & Secret, should be used as a username and a password “Basic Auth” as an authorization header for the compliance checks phase, therefore, the BinarySecurityToken should be the username while the secret should be the password, in compliance checks phase, dummy invoices can be shared as ZATCA will not capture those as a real submissions.
-
Production CSID: the binarySecurityToken & Secret, should be used as a username and a password “Basic Auth” as an authorization header for the reporting & clearance APIs, therefore, the BinarySecurityToken should be the username while the secret should be the password, in reporting & clearance, real invoices should be shared as ZATCA will capture those as a real submissions (in case of production environment).
If you need any further clarifications, please don’t hesitate to reach out.
Regards,