Simulation "Invalid OTP"

FATOORA portal and Simulation portal
1

Hello,

I successfully comply with development (with 123345 OTP) and I’m getting successful transaction for invoices/debit Notes/Credit Notes. I tested the full cycle and everything is working correctly.

When I tried the simulation I’m getting {“errors”:[{“code”:“Invalid-OTP”,“message”:“The provided OTP is invalid”}]}
I added the flag -sim while using the SDK.
and I’m using https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation base URL.

I double checked the TRN number/Commercial Registration Number etc.. and everything is correct.

Could you please help with this?

Regards

1 Like
2

Morning @ucitco

Thanks for reaching out, Welcome to our community.

To provide comprehensive support as usual, can I kindly ask you to mention the steps you followed to generate your CSR along with the steps you followed after login to fatoora portal?

Thanks,
Ibrahem Daoud.

3

1 - I created the config file like this:
“csr.common.name=__commonName\n” .
“csr.serial.number=__serialNumber\n” .
“csr.organization.identifier=__vatNumber\n” .
“csr.organization.unit.name=__organizationalUnitName\n” .
“csr.organization.name=__organizationName\n” .
“csr.country.name=__country\n” .
“csr.invoice.type=__invoiceType\n” .
“csr.location.address=__registeredAddress\n” .
“csr.industry.business.category=__businessCategory”;

2- I created the keys by:
-sim -csr -csrConfig {csrPath} -privateKey {privateKeyPath} -generatedCsr {generatedCsrPath}

3- My customer login to zatca portal, switch to simulation portal, request token for 1 device, share generated otp and apply it to our system.

4- I sent the OTP to the link like:
return Http::withHeaders([
“accept” => “application/json”,
“OTP” => $otp,
“Accept-Version” => “V2”,
“Content-Type” => “application/json”
])->post(“https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance”, [
“csr” => $encodedCsr
])->json();

As I mentioned earlier, in development. Every things working fine.

Please note as well, that our solution we used is (online) server and its hosted in Europe.

Regards

4

Dear @ucitco,

Please ensure the following:

1- Is this a VAT group scenario? If the customer is belonged to a VAT group, make sure to include the TIN number in the csr.orgnization.unit.name

2- Ensure that the OTP is being generated from simulation portal not the fatoora productio

3- Ensure that the endpoint is adjusted to simulation

4- ensure that the VAT number that you are including in csr.orgnization.identifier is identical to the VAT number that appears in the fatoora portal

5- OTP should be used within 1 hour, if this time frame exceeds, then a new OTP is needed.

5

We double check above all those points you mention.

whats strange is OTP with development working fine, while its not working in simualtion.

do you have any reference on how we can solve issue or if we can make meeting?

1 Like
6

Hello. I have same issue. Did you find a solution?

7

Also I have some issues

8

hello, did u solve the issue?

9

hello did u solve the issue, We still stuck on the same error, what i hear that software used to generate private key, ect must be located in KSA

10

Dear @ucitco,

There are no restrections on the device/server to be physically located in KSA, however, if you are still facing this issue kindly raise a ticket through ZATCA’s line or your releationship manager with ZATCA.

“invalid-OTP” is a common error, if you followed all of the provided steps previously and the issue still persists, please raise a ticket for further support.

Regards,

11

@ucitco I did, but I forgot what was the reason.I wrote a simple php library and it works fine. It’s open-source, so you can use it if you still have that issue GitHub - sevaske/zatca-api: Zatca API Client

12

I’ve the same exact issue. I tried many things but unfortunately I failed!

I did these steps:

  1. Filled CSR properties (used the demo from the SDK)
csr.common.name=TST-886431145-399999999900003
csr.serial.number=1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f
csr.organization.identifier=399999999900003
csr.organization.unit.name=Riyadh Branch
csr.organization.name=Maximum Speed Tech Supply LTD
csr.country.name=SA
csr.invoice.type=1100
csr.location.address=RRRD2929
csr.industry.business.category=Supply activities

  1. Successfully generated outputCsrFile.csr and privateKeyFile.key using [-csr, -csrConfig, csr-config-example-EN.properties, -sim] arguments.

  2. Tried to POST CCSID as following:

Accept-Version: V2
Content-Type: application/json
Accept: application/json
OTP: 123345
  • BODY:
{
  "csr": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ0dUQ0NBYjhDQVFBd2RURUxNQWtHQTFVRUJoTUNVMEV4RmpBVUJnTlZCQXNNRFZKcGVXRmthQ0JDY21GdQpZMmd4SmpBa0JnTlZCQW9NSFUxaGVHbHRkVzBnVTNCbFpXUWdWR1ZqYUNCVGRYQndiSGtnVEZSRU1TWXdKQVlEClZRUUREQjFVVTFRdE9EZzJORE14TVRRMUxUTTVPVGs1T1RrNU9Ua3dNREF3TXpCV01CQUdCeXFHU000OUFnRUcKQlN1QkJBQUtBMElBQkhPM1B6M3pyWGF0V1lpWVV3ekFzRFR4MjQ5R21YdTVockhXb21kV21VcWRnS05jZWJOMgpZTHlLQzhqRnVhZjZEMWhzM2I5N0ZWVWR4WDd3TDZrTzFleWdnZW93Z2VjR0NTcUdTSWIzRFFFSkRqR0IyVENCCjFqQWtCZ2tyQmdFRUFZSTNGQUlFRnd3VlVGSkZXa0ZVUTBFdFEyOWtaUzFUYVdkdWFXNW5NSUd0QmdOVkhSRUUKZ2FVd2dhS2tnWjh3Z1p3eE96QTVCZ05WQkFRTU1qRXRWRk5VZkRJdFZGTlVmRE10WldReU1tWXhaRGd0WlRaaApNaTB4TVRFNExUbGlOVGd0WkRsaE9HWXhNV1UwTkRWbU1SOHdIUVlLQ1pJbWlaUHlMR1FCQVF3UE16azVPVGs1Ck9UazVPVEF3TURBek1RMHdDd1lEVlFRTURBUXhNVEF3TVJFd0R3WURWUVFhREFoU1VsSkVNamt5T1RFYU1CZ0cKQTFVRUR3d1JVM1Z3Y0d4NUlHRmpkR2wyYVhScFpYTXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWhBSTg4WlhOawpRVzRhdGlKZG52Uytia2xtaDNvbXJmN2JGL1RhR05nalkrWVdBaUFTTU9IY2tjdHNCWU1YQVdmcHBjN3I2ZWo4ClFZT08raTN5OGlRNEtYdDgrdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo="
}
  1. Got this response!
{
  "errors": [
    {
      "code": "Invalid-OTP",
      "message": "The provided OTP is invalid"
    }
  ]
}

This suppose to be a simulation part. I wonder why the API didn’t accept 123345 OTP value!

NOTE: I use zatca-einvoicing-sdk-Java-238-R3.4.5

13

Dear @clovis.gustave

Thanks for reaching out. Welcome to our community.

Kindly note that the OTP should be generated from fatoora portal if you are trying to onboard in Production environment, and from fatoora simulation portal if you are trying to onboard in Simulation environment.

Thanks,
Ibrahem Daoud.