API Credentials

  • E-Invoice API has two sets of credential – Client Id and Client Secret, and User Id and Password.
  • Client Id and Client Secret are provided to the Service Providers like GSPs, ERPs and ECOs(E-Commerce Operators).
  • If the tax payer wants to access the API directly, as notified by the NIC IRP for category of tax payers, then he will get Client Id and Client Secret. The Client Id and Client Secret, provided to the tax payer, can be used for GSTINs of his PAN India . That is, the Client Id and Client Secret can be used by the notified tax payer for all his sister concerned GSTINs, which have same PAN.
  • Username and Password are created by each tax payer for his GSTIN to generate IRNs.

API Credentials for SAND BOX

  • GSPs, ERPs, ECOs and notified tax payers have to register on the sandbox portal to get the Client Id and Client Secret. They have to click the login link on the ‘API sandbox portal’ and click on the Register button.
  • Here, the system requests to choose the category – GSP, ERP, ECO or Tax payer, and enter PAN or GSTIN. Also the registered mobile number and email id used while registering for GSP or GSTIN on GST Common Portal.
  • After verifying these details and the OTP sent to the registered mobile number, the system generates the Client Id and Client Secret and sends to the registered mobile number.
  • In case of tax payer, he can directly create the username and password for his GSTIN.
  • In case of GSP, he can generate the dummy GSTINs based on the state and his PAN and create the username and password for these GSTINs. GSPs can generate multiple user name and password for same PAN with different state.
  • These credentials can be used directly API testing. And also these credentials can be used to login to the API developer application to understand the process of API interface steps and verification.

API Credentials for Production

  • GSPs and notified tax payers, who are already accessing the E-way Bill APIs on production, can use the same Client Id and Client Secret, and Username and Password for e-invoice APIs.
  • GSPs, who are not having the API credentials in E-way Bill System, will be provided the credentials after completion of on-boarding process.
  • As GSPs are service providers, they wouldn’t be provided the username and password credentials.
  • ERPs, ECOs and Tax payers will login to the einvoice1 portal and request for the Client credentials by submitting four static IPs and summary test repot.
  • After scrutiny and verification of the report and whitelisting will be done and intimated to the tax payers and they can get the Client Credentials through portal.
  • Notified tax payers can create the username and password credentials on the e-invoice production portal after logging into the system. This option is available in user management and it will happen after OTP authentication.
  • If the sister concern of the notified tax payer is having the access to the API system, he can connect through him/her by registering with that company while creating the username and password.
  • Notified tax payer, if he/she is not accessing the API directly and wants to connect through GSP or ERP, he/she can choose the GSPs or ERPs through whom he/she wants to connect to the API system, while creating the username and password.
  • These user credentials have to be used to access e-invoice system for generating the IRN directly from taxpayer's system.

Important Points

  • Tax payer, who has registered for API system, should not share the username and password with his service provider.
  • If tax payer wants, he can create username and password with multiple GSPs or ERPs. It may be noted that the username and password will be different with each GSP/ERP.
  • He has to use the user credentials created with the GSP/ERP, while requesting for IRN through that GSP/ERP. That is, he can interchange and use these ‘user credentials’ or ‘Auth Token’ between GSPs/ERPs.
  • Tax Payer can freeze/block the user credentials created with any GSP/ERP, if not want to continue.
  • Tax Payer can also change the password of the user credentials, whenever required.
  • Tax payer is supposed to generate the IRN request from his system and send to the service provider (GSP/ERP).
  • The service provider(GSP/ERP) is not supposed to store the request and response of the tax payers in his system.