I have followed the steps below in both simulation and production environments:
Generate CSR.
Get CSID with the OTP and CSR from the portal.
Complete 6 types of compliance checks for the standard and simplified invoices.
Obtain PCSID with the requestID from the initial CSID response.
Use credentials obtained from the PCSID response for further requests. Binarytoken and secret from the PCSID response will be used as the new authentication credentials.
However, when I try to submit an invoice for compliance check or clearance using the new credentials I am getting a 401 error. I am using a PHP package called saleh7/php-zatca-xml. I have received the same results when I sent the requests through postman also.
Please note that I got 401 for both simulation and production environments after using the new credentials from the PCSID.
Could you please guide me and let me know if I missed any steps?
It would be good if such details are highlighted in the documentation.
This error may appear for the following reasons:
You receive four keys:
CCSIDBinaryToken
CCSIDSecret
PCSIDBinaryToken
PCSIDSecret
The first two keys (CCSIDBinaryToken and CCSIDSecret) are used only for compliance checking. These keys are required to sign the XML invoice for compliance verification.
If the compliance check passes, you must then use the third and fourth keys (PCSIDBinaryToken and PCSIDSecret) to sign the same XML invoice data for reporting and clearance.
The Compliance API requires “Basic Auth” authentication using the first and second keys.
The Reporting and Clearance APIs require “Basic Auth” authentication using the third and fourth keys.