Dear ZATCA Support Team,
We are developing a pharmacy ERP system and integrating with ZATCA Phase 2 e-invoicing.
We are testing in the Sandbox (developer-portal) environment.
Issue:
The Compliance CSID API returns HTTP 400 “Invalid Request” with our generated CSR.
However, the SAMPLE CSR provided in your Swagger documentation returns HTTP 200 successfully.
Environment Details:
- Endpoint: https://gw-fatoora.zatca.gov.sa/e-invoicing/developer-portal/compliance
- OTP used: 123345
- Accept-Version: V2
Our CSR Details:
- Generated using: Python cryptography library + OpenSSL 3.0.13
- Key Algorithm: secp256k1
- OID 1.3.6.1.4.1.311.20.2 = “ZATCA-Code-Signing”
- SAN DirName: serialNumber, UID, title, registeredAddress, businessCategory
- Signature: ecdsa-with-SHA256
We tried:
- Python cryptography library → 400
- OpenSSL command line → 400
- Your Swagger sample CSR → 200
Please provide the correct CSR configuration and the exact steps/tool
required to generate a valid CSR for the developer-portal sandbox.
Thank you