I am having Invalid invoice hash error in B2C. please see my process below and advice.
a) First I am generating an XML file without UBL extensions.. Completely deleted UBL extension
b) I am deleting the QR code and signature from my XML - Completely deleting the tags and leaving no space .
c)I am generating an invoice hash after canonicalization - To verify my invoice hash, I am using THE SDK to sign document and getting same invoice hash as I generated using my C# Code..
d)after getting hash, I am now following the signing process and adding the UBL extension back and all the values including xades to the beginning of my xml.
I am also adding new lines in the XML body by inserting the QR section & Signature with the respective values cac:AdditionalDocumentReference cbc:IDQR</cbc:ID> cac:Attachment
<cbc:EmbeddedDocumentBinaryObject mimeCode=“text/plain”>AR1N…YXhXA==</cbc:EmbeddedDocumentBinaryObject>
</cac:Attachment>
</cac:AdditionalDocumentReference> cac:Signature cbc:IDurn:oasis:names:specification:ubl:signature:Invoice</cbc:ID> cbc:SignatureMethodurn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>
</cac:Signature>
e) I am thereafter encoding my invoice base 64 and use reporting API to send to the portal - I am using the same invoice hash that was generated before signing procedure.
Could this mismatch be caused by the QR & signature section that I am inserting back?
Thanks for your respose - PLease note I am handling B2C - Simplified invoice as per my topic where we are required to sign the document from our end. We have signed the document and was being reported on the developer environment but when we came to simulation mode - we were getting bad error (400). after trying the same payload on postman, we discovered that its having a hashing error : “the-invoice-hash-api-body-does-not-match-the-calculated-hash-of-the-xml”
I understand after calculation of invoice hash, I am not supposed to make changes to the invoice - its confusing because before hash calculation, I am supposed to remove the QR and signature and UBL extension tags but include the tags and QR code value before reporting the invoice.. Please clarify this.
I’ve also encountered this issue when using the ZATCA DLL for signing. However, the problem was resolved when I switched to using the CLI utility, which correctly generated the hash and signature.
I hope this helps clarify the process. Let me know if you need any assistance.
That’s correct as per ZATCA’s documentation, we are supposed to use reporting API for simplified invoice. I am signing the simplified invoice manually. I have followed the signing document but I am still getting the invoice hash mismatched.. am not sure where I am missing the point. My procedures are as below.
Create a B2C Xml without UBL extension, QR Code and signature (i am deleting the tags completely and removing the space/lines they were occupying)
Canonicalize the invoice ang get invoice hash( it matches exactly the same hash I am getting when signing document with ZATCA sdk)
I am adding back the UBL extension with the correct signing values
I am also inserting new lines for QR and signature with the correct values.
I am thereafter encoding the final invoice using base64 which becomes part of the payload plus the invoice hash generated earlier. - no canonicalization
I am sending data to reporting API
Note in the development reporting api, I was getting status reported but in the compliance api, I am getting the error highlighted.. @idaoud please assist as well.
Hi James, please do not use “Sandbox” environment and do not reference if something work there and not working on Prod/Simulation.
For all your testing please use Simulation environment which as the proper verification of certificate and other values.
It seems we you are not using SDK but using your own implementation of generating XML and signing it. The big omission of ZATCA signing process, is they do not remove newlines and whitespaces between tags while calculating the hash. Therefore the hash will be different if you have extra newline or extra whitespace somewhere.
You can see the implementation of some libraries (including ZATCA SDK, how they are calculating hash and you will see that they are using some WORKAROUND to match the hash). Apparently you have to add the same workaround on your system to make it generate same hash.
To understand where your hashing method is working not as ZATCA expects, you can use their SDK and inject there some prints or use some other open library and print the “signing” document.
@Ankit.K.Tiwari@psinclair just for the information. These newlines appeared after deleting XML tags. Probably you are using some regex + replace and do not "properly” canonize the document afterwards.
I would recommend/expect to sign the document, which does not have newlines and whitespaces between tags. Like sign non pretty-print document. In such case the hash can be easily replicated by removing tags which should be removed and then make XML (oneline) without extra whitespaces and newlines. But it is easier to be done if we operate XML and not just text…
If the issue still persists, kindly share with us your issue with the supporting documents to our email: “SP_Support@zatca.gov.sa” as listed below:
1- a valid simplifed B2C XML before signing.
2- Same XML after signing.
3- a valid full API full request with the response included from reporting API using the same XML if signed properly through the ZATCA’s SDK (CLI) either .net or JAVA version.
Also, please confirm that you are using the same private key generated that is associated to the obtained CSID, providing such information will be helpful to investigate your case as this error has multiple reasons to occur.
Dear @Ankit.K.Tiwari, your kind support to follow up with the team to capture the response from the TP is much appreciated.