Hi,
I would like to confirm the integration steps I have followed for implementing ZATCA’s e-Invoicing system in the Sandbox environment and seek guidance on any improvements needed, as well as the procedure for transitioning to Production.
Steps Followed in Sandbox:
-
CSR Generation:
I generated a CSR using the ZATCA SDK (via command line). -
Compliance CSID API Call:
The CSR was submitted to the Compliance CSID API, and I received thebinarySecurityTokenandsecret. -
Certificate Retrieval:
I converted thebinarySecurityTokento Base64 to obtain the certificate. -
Compliance Check API:
Using the certificate and secret, I validated the XML invoice (UBL format) through the Compliance Check API.- Authentication: Basic Auth using
binarySecurityTokenandsecret.
- Authentication: Basic Auth using
-
XML Signing:
I used the ZATCA .NET DLL (v4.8) to sign the invoice XML, resulting in the compliant e-Invoice. -
Reporting API Submission:
The signed XML was packaged using the ZATCA DLL to generate a request for submission.
I then submitted the invoice to the Reporting API, again usingbinarySecurityTokenandsecretfor Basic Auth.
So far, I have successfully submitted a Tax Invoice in the Sandbox environment.
Request for Confirmation and Guidance:
- Could you please confirm whether the steps above align with ZATCA’s expected integration flow?
- Are there any improvements or changes you recommend before moving to Production?
- What is the exact procedure to transition to the Production environment (e.g., CSR process, certificate handling, API endpoints, or security changes)?
Best regards,