Hey,
Hope this email finds you well, I am a developer for Vista Entertainment.
We are busy implementing the e-invoicing solution and I have a query around the simulation portal endpoint no longer requiring correct OTPs.
I can submit the same invoice despite which OTP value I use for reporting to the simulation endpoint.
Thanks
Daniel
The OTP step is only necessary to obtain the Compliance CSID and initiate the compliance cycle.
Once you have obtained the Production CSID to begin the reporting cycle, the OTP is no longer necessary.
OTP is only required during the initial stages of onboarding. Once you onboard the device, the OTP is no longer required when sending the invoices.
In the provided sample, you are using reporting API to share an invoice. For the structure of the reporting API, see example in the sandbox: https://sandbox.zatca.gov.sa/IntegrationSandbox. In that structure, you can see that OTP is not required.
Thank you, that makes sense.
We tried the process from a different workstation, thus creating a unique CSR but we were still able to generate the Compliance CSID without a unique OTP. We changed the below fields within the CSR, we kept the OU the same.
I was guessing we need to register per common name with a unique OTP, but that does not seem to be the case.
My query is why we don’t need another OTP for a new workstation/CSR. Do we only need to register once per unique UID in the Subject Alternative Name?
Dear Daniel,
this is not expected behavior and ZATCA will investigate it.
Regards,
