Error: invalid-invoice-hash

Abderrahmen · September 17, 2024, 10:25am

Hello,

I’am facing an error while processing an invoice in odoo with zatca.
Full error message:

{"validationResults":{"infoMessages":[{"type":"INFO","code":"XSD_ZATCA_VALID","category":"XSD validation","message":"Complied with UBL 2.1 standards in line with ZATCA specifications","status":"PASS"}],"warningMessages":[],"errorMessages":[{"type":"ERROR","code":"invalid-invoice-hash","category":"INVOICE_HASHING_ERRORS","message":"The invoice hash API body does not match the (calculated) Hash of the XML","status":"ERROR"},{"type":"ERROR","code":"invoiceHash_QRCODE_INVALID","category":"QRCODE_VALIDATION","message":"Invoice xml hash does not match with qr code invoice xml hash","status":"ERROR"}],"status":"ERROR"},"reportingStatus":"NOT_REPORTED"}
Invoice:

XML content containt the following lines:

 <cac:LegalMonetaryTotal>
    <cbc:LineExtensionAmount currencyID="SAR">400.00</cbc:LineExtensionAmount>
    <cbc:TaxExclusiveAmount currencyID="SAR">260.00</cbc:TaxExclusiveAmount>
    <cbc:TaxInclusiveAmount currencyID="SAR">299.00</cbc:TaxInclusiveAmount>
    <cbc:AllowanceTotalAmount currencyID="SAR">140.00</cbc:AllowanceTotalAmount>
    <cbc:PrepaidAmount currencyID="SAR">0.00</cbc:PrepaidAmount>
    <cbc:PayableAmount currencyID="SAR">299.00</cbc:PayableAmount>
  </cac:LegalMonetaryTotal>

Your help would be appreciated so much!
I’am happy to provide any more information that could resolve the problem.

lalomar · September 17, 2024, 10:52am

Hi @Abderrahmen ,

Thank you for reaching out,

Kindly note that you might receive this error when the invoice hash is not generated correctly for standard invoices, or the simplified invoices is not signed correctly. Therefore, you need to follow the generate hash process for standards invoices and signing process for simplified invoice. Moreover, kindly note that when you make any modification in the invoice you need to generate new hash or sign the invoice again.

You can find blow the processes using JAVA SDK:

you can generate the hash using this command:
Fatoora -generateHash -invoice “invoice.xml”
You will have to take the hash value from the CLI and replace the first digest value in the invoice with the new generated Hash.

Unlike standard tax invoice, simplified tax invoice & its associated notes must be signed with the taxpayer X.509 certificate (CSID), there are 2 returned X.509 certificates in the taxpayer’s EGS onboarding process.

First X.509 certificate: CCSID, which is returned after completing the first API (Compliance CSID), It’s returned as a security binary token which will be used as a username in the authorization, it’s also used as a signing certificate (X.509) after we decode it using base64 (we decode the binarysecurityToken) using base64 decoder and the output is the X.509 certificate, we use this certificate to sign the simplified tax invoices in the compliance invoice API (Compliance checks phase).

Second X.509 Certificate: PCSID, which is returned after completing the third API on the onboarding process (Production CSID), it’s also returned as a binary security token, and will be used as the username in te authorization for both reporting & clearance API, it’s also used as a signing certificate (X.509) after we decode it using base64 (we decode the binarysecurityToken) using base64 decoder and the output is the X.509 certificate, we use this certificate to sign the simplified tax invoices in the reporting API.

Please refer to the steps of manual signing using ZATCA’s JAVA SDK below:

After sending the CSR in the Compliance request CSID API, a Binarytoken & secret will be returned
Take the Binarytoken output, and decode it using base64 decoder, the decoded value is the x.509 certificate
Go to the SDK file to the following path: SDK/Data/Certificates/Cert.pem
Replace the value with your obtained x.509 certificate
Go to the SDK and use the command: fatoora -sign -invoice “invoice.xml”
Now the invoice will be signed & can be submitted successfully in the compliance checks phase (Compliance invoice API)
Redo the same steps above with the returned PCSID from the third API in the onboarding process and sign your simplified tax invoices with before sending to Reporting API

If you are implementing the signing process in your own code, please refer to This document:
SigningProcessUpdated.pdf (392.7 KB)

If you require any additional support other than the mentioned steps above, please do not hesitate to reach out.

Abderrahmen · September 18, 2024, 10:16am

Hello,

I see the issue, but unfortunately i can’t process the invoice manually as it was generated using Odoo ERP. Most of the other invoices had been signed and processed successfully, around 1000 invoices. there is a specific issue with the invoice above.

What could be causing the problem other than the certificate?

Thank you.

lalomar · September 18, 2024, 11:19am

Can I kindly ask you to share your full concerns via email along with the XML file and the request body to SP support team, to ensure comprehensive support as usual, and schedule a meeting if needed.

SP email: sp_support@zatca.gov.sa

Thanks,

Topic		Replies	Views
Invoice hashing errors XML and business rules	1	74	July 28, 2024
Invoices with correct invoice hash failing with hash error on simulation Clearance and Reporting	23	174	September 1, 2024
The invoice hash API body does not match the (calculated) Hash of the XML Signing process	2	176	September 2, 2024
INVOICE_HASHING_ERRORS simplifed Clearance and Reporting	11	138	August 31, 2024
Invoices with correct invoice hash failing with hash error on production for Stores offline invoices XML and business rules	1	450	February 12, 2024

Error: invalid-invoice-hash

Related Topics