I’m using the .Net SDK to sign B2C invoice.(develper portal)
after signing sucessfully, on validating the invoice, I get these errors Validate QR Code: [[Error] CODE: hashedXml, MESSAGE: hashedXml does not match with qr code hashedXml or the hashedXml is missing] Validate EInvoice Signature: [[Error] CODE: invoiceSignedDataDigestValue, MESSAGE: wrong invoice hashing…]
and submitting it to “compliance/invoices” gives the error: Invoice xml hash does not match with qr code invoice xml hash
To ensure comprehensive support, please send your concern to the SP support email below. Make sure to include the XML file, the signing steps, the full request, the full response, and your configuration file that you generated the CSR from.
The mentioned error might be received when the simplified tax invoice has been validated occurs because of a mistake in the signing process. Unlike standard tax invoice, simplified tax invoice & its associated notes must be signed with the taxpayer X.509 certificate (CSID), there are 2 returned X.509 certificates in the taxpayer’s EGS onboarding process.
First X.509 certificate: CCSID, which is returned after completing the first API (Compliance CSID), It’s returned as a security binary token which will be used as a username in the authorization, it’s also used as a signing certificate (X.509) after we decode it using base64 (we decode the binarysecurityToken) using base64 decoder and the output is the X.509 certificate, we use this certificate to sign the simplified tax invoices in the compliance invoice API (Compliance checks phase).
Second X.509 Certificate: PCSID, which is returned after completing the third API on the onboarding process (Production CSID), it’s also returned as a binary security token, and will be used as the username in te authorization for both reporting & clearance API, it’s also used as a signing certificate (X.509) after we decode it using base64 (we decode the binarysecurityToken) using base64 decoder and the output is the X.509 certificate, we use this certificate to sign the simplified tax invoices in the reporting API.
Please refer to the steps of manual signing using ZATCA’s JAVA SDK below:
1- After sending the CSR in the Compliance request CSID API, a Binarytoken & secret will be returned
2- Take the Binarytoken output, and decode it using base64 decoder, the decoded value is the x.509 certificate
3- Go to the SDK file to the following path: SDK/Data/Certificates/Cert.pem
4- Replace the value with your obtained x.509 certificate
5- Go to the JAVA SDK and use the command: fatoora -sign -invoice “invoice.xml”
6- Now the invoice will be signed & can be submitted successfully in the compliance checks phase (Compliance invoice API)
7- Redo the same steps above with the returned PCSID from the third API in the onboarding process and sign your simplified tax invoices with before sending to Reporting API
If you are implementing the signing process in your own code, please refer to the document of the “SigningProcessUpdated” which is attached to this mail.
If you require any additional support other than the mentioned steps above, please do not hesitate to reach out.