Will initial steps be done with each new invoice creation process? Or are they one-time steps every five years and stored on the device and used with each new invoice process?
Therefore, if they are stored on the device, they will be used in the sending and reporting processes.
Do I understand correctly or am I confused?
Initial steps during any session of reporting or clearance , no need to save.
What I mean by the initial steps here is starting from
1- Private Key to Public Key and Signature.
These are the steps I mean that are followed in signing any invoice. Do I have to make a call with each invoice to create a certificate until I reach the signature in order to sign the invoice?
My mind really did not comprehend that with each invoice creation I repeat the same steps.
Dear @ashraf_gebril, please note that certificate is valid for 5 years. You do not have to create a certificate for every invoice.
Looping colleague @idaoud to help with technical part on how you sign Simplified Invoices (B2C invoices). Standard Tax Invoice (B2B) are signed and QR Code is generated by ZATCA at the time of Clearance.
Dear @ashraf_gebril
Thanks for reaching out,
Kindly find the below high-level clarification of the onboarding process and it’s repeatability:
1- Getting your CCSID from the CSR for your configuration file by hitting the compliance API.
2- Start with compliance checks by sending a sample invoices using CCSID in Authentication as basic auth, hitting compliance/invoices API.
3- After completing the compliance checks successfully, moving to get the PCSID from hitting the production/csids API (using CCSID in Authentication as basic auth).
4- After receiving the PCSID (binarySecurityToken, and secret) you will start sending your actual invoices based on the invoice type in your config file:
For B2B Invoices: Use the Clearance API with (binarySecurityToken, and secret) from PCSID as basic auth in Authorization.
For B2C Invoices: Use the Reporting API with (binarySecurityToken, and secret) from PCSID as basic auth in Authorization.
Back to your concerns about repeating the same step with each invoice creation, Please find the below answer:
The steps mentioned above from 1-3 it’s one time process you only need to do it once in order to generate PCSID for each device generating invoices (each device generating invoice must has its own PCSID), However, Step 4 will use the mentioned APIs for (Clearance, and Reporting) based on your invoice type, with ensuring hitting the right API for each invoice type using the same PCSID you received from ZATCA in step 3.
Please refer to ( Zatca) login using your tin number, fatoora simulation portal>> API Documentation to know endpoint for the above steps.
For any further question related the high-level onboarding steps, do not hesitate to reach out our support team via the below mail, to provide comprehensive support as usual
SP mail: sp_support@zatca.gov.sa
Thanks,
Ibrahem Daoud.
Dear @idaoud Thank you very much.
Unfortunately, I do not understand the speech without an illustrative example, especially since there are no examples on the site for the PHP language. But thanks be to God, I am almost there.
As for your response regarding my concerns about the repetition process, I will post a picture of what I created in recording the basic data and saving it.
I use this data with every invoice creation
This is the result I currently have with every automatic invoice creation.
Please answer me this question here
Dear @Ankit_Tiwari May Allah reward you.
Thank you very much. Honestly, you have helped me since the first time you replied to me.
But here I am replying to my colleague.
I actually followed the steps of contacting for the first time to save the certificate data on the system and use it to sign any invoice when it is created. So far, things are fine with me in the developer portal. I am just preparing my system with every step that is correct with me until I reach the last point.
I have currently tried it in practice when creating an invoice, it is signed and sent to the authority for scanning or approval… Of course, this is in the simulation stage for the developer portal.
Thank you for the benefit for the second time. God willing, when I finish and the work is completed successfully, I will put here all the necessary steps for using the PHP language without complications for members to benefit
1 Like
@Ankit_Tiwari Can you please tell me where is it mentioned that the certificate is valid for 5 years? I did not find any documentation for it. Is the certificate expiry date provided in the Production CSID response from ZATCA?
Dear @malar , detailed Technical Guideline has a FAQ about validity of CSID and response says its valid for multiple years but as you rightly pointed out validity period is explicitly mentioned as expiry date provided in Production CSID response from ZATCA.
Dear @ashraf_gebril
Thanks for reaching out,
Can I kindly ask you to reach out with your RM and share your concerns via SP mail? to schedule meeting and provide comprehensive support as usual.
SP mail shared in the previous reply.
Thanks,
Ibrahem Daoud.
I have finished all the processes of creating CSR, Onboarding, Clearance and Reporting using PHP code and Python code.
Not a good code, all made by AI. But it can work as expected.
Maybe it can be a reference for you.
It is true that I noticed something when I changed my location for sending invoices, because first, I was setting up a screen by pressing a key that sent all the invoices for the day at once. When I learned that the standard invoice must be scanned. I had to create a code when creating each invoice to be sent.
It appeared on the sending reports screen that any standard invoice was received correctly and scanned
Any simple invoice will be rejected…
I later discovered that the variables for the amounts and dates that I put in the QR are empty and do not contain any data.
What is meant is that if the QR contains empty data such as the total and tax in the case of a standard invoice, it scans the invoice, but in the case of a simplified one, it does not accept the invoice.
Soon, God willing. I will finish the basic structure and make the system dependent on the actual simulation. At that time, I will definitely need to contact the mail. You are here to respond and answer. Please allow the Arabic language in communication. We are, first and last, an Arab community before we are developers and programmers.
1 Like
I have checked the invoice and indeed there is an error in the contents of the invoice.
Dear @Cloud Thank you
I took a quick look at the project for about 10 minutes. I will leave it as a reference for me, God willing.
I will need some ideas from him, but I need to run the project and follow every step in it to understand the content.
Of course, every programmer works in his own way, but I learned from the days when I was studying Visual Basic 6. That a programmer does not have many tools, but a programmer with the least tools can come up with something good.
I researched the whole idea and everything in it for more than two weeks.
And I completed a week for experimentation. And it is necessary and I must implement it, so I am following the steps one by one. Currently, my affairs are fine until I send the invoice or memos, whatever their type. To do the scanning or approval.
Currently, the code is running on the system in secret. With each invoice creation process, it is sent and recorded in a table for follow-up and error review.
After remaining here, I will move to the next step, which is I don’t know yet…
Look here, all invoices are fine except for two invoices. I will open the error registration code for each invoice for review and download the invoice file to review the file.
Look here
When I finish solving the problem, I will press the key to resend again
Hello everybody
I found in the csr properties file the following fields as examples.
csr.common.name=TST-886431145-399999999900003
csr.serial.number=1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f
csr.organization.identifier=399999999900003
csr.organization.unit.name=Riyadh Branch
csr.organization.name=Maximum Speed Tech Supply LTD
csr.country.name=SA
csr.invoice.type=1100
csr.location.address=RRRD2929
csr.industry.business.category=Supply activities
Q1. My question
From where do we get these values?
csr.common.name
csr.serial.number
csr.organization.identifier
Q2. csr.invoice.type=1100
11 – represent Simplified and Standard Tax invoices. Which digit represents simplified / standard tax invoice?
What 00 represent? We do not have debit notes in our application. If the invoice was undercharged we simply issue a new invoice. So is possible to get compliance for only Invoice and Credit notes and then obtain the production CSID based on the compliance of 2 invoice (simplified or std invoice and credit note) or 4 invoices (simplified and std invoice and credit note).
Can you please explain each of the 4 digits? Or lead me to the documentation. I could not find the documentation myself.
Regarding the first question, I did not understand what is meant by reading data or executing data? What is the programming language? I work on PHP
As for the second question, the rest will be explained later, and forgive me if I am negligent, I am like you and less, and I am still searching with you here for solutions
The document type that the Taxpayer’s solution unit will be issuing/generating. It can be one or a combination of Standard Tax Invoice (T), Simplified Tax Invoice (S), (X), (Y). The input should be using the digits 0 & 1 and mapping those to “TSXY” where: 0 = False/Not supported 1= True/Supported (X) and (Y) are for future use and should be set to 0 by default for the time being. For example: 1000 would mean Solution will be generating Standard Invoices only. 0100 would mean Solution will be generating Simplified invoices (B2C) only and 1100 means Solution will be generating both Standard (B2B) and Simplified invoices (B2C).
See here
http://einvoice-ksa.org/blog/Format-of-CSR-for-invoice-signing-certificate
Thank you @ashraf_gebril
Thank you very much for your prompt reply. My Q2 is answered.
I will explain the context of the Q1
If you download the sandbox SDK. You will find a csr.properties file inside folder Data/Input. The CSR that is generated by the command
fatoora -csr -csrConfig fileName -privateKey fileName -generatedCsr fileName -pem
uses the values from the csr.properties file
I think we can put any value for developer testing. But in the simulation or production environment, we have to use the right values.
My question is - are these values provided by fatoora to any tax payer / tax paying organization?
From the link you provided I can see that:
Common Name: Name or Asset Tracking Number for the Solution Unit is Provided by the Taxpayer for each Solution unit: Unique Name or Asset Tracking Number of the Solution Unit.
So this is a value provided by the TaxPayer.
EGS Serial Number: Manufacturer or Solution Provider Name, Model or Version and Serial Number: Automatically filled and not by the Taxpayer: Unique identification code for the EGS. - How is this obtained? Is it during onboarding of the EGS? Who provides this information? When is it provided?
1 Like
Currently, I have not reached this stage yet… but by following the members’ topics here… I can say that when registering on the Authority’s website, this data is obtained, the device is registered, and you get a unique uuid .