How to Start?
GSTN has published the sandbox API which is made available for the purpose of testing.
Below are the lists of APIs published by GSTN
- Generate IRN
- Cancel IRN
- Get e-Invoice by IRN
- Get GSTIN details
- Health Check API
The Authentication API is used for getting authenticated with the IRP portal for using any of the other APIs. On successful authentication a session key will be generated along with a token, which will be used for encrypting the payload data to be sent to IPR portal as well as for decrypting the response payload received from the IRP portal.
- The generate IRN API is used for generation of e-Invoice. On successful generation of e-invoice, the response will contain acknowledgement number, acknowledgement date, IRN no, signed invoice as well as a signed QR code. The public key to verify signature will be provided by IRP portal.
- The already generated IRN can be cancelled using the Cancel IRN API within 24 hours of generation. The response will contain the success flag along with the cancellation date.
- The Get e-invoice by IRN fetches the invoice details from the portal based on the IRN number generated. Only the IRNs generated by the taxpayer’s authenticated GSTN number will be made available.
- The Get GSTN details API fetches the name and address details of the registered tax payer based on the given GSTN number along with the blocked status.
Currently the API based access is enabled for Tax Payers with turnover more than 500 Cr and also for the GSPs. These tax payers can get direct access to APIs or can use GSP interface for connecting with IRP portal. GSPs will get Client Id and Client Secret. Tax Payers, using GSPs interface, will get API User Name and Password. Tax Payers, using direct APIs, will get Client Id, Client Secret, API User Name and Password. Group of Tax Payers, having one PAN, can use one Client Id and Client Secret
Sandbox Access – On-boarding
- Separate URL will be provided
- Online Registration by GSP and Identified Taxpayers
- Client Id and Client Secret can be generated by tax payers and GSPs online by Mobile and email Id OTP authentication
- GSPs can use dummy GSTIN for testing
- Online API username and password can be generated
- Online testing facility like JSON validation, encryption, decryption, signing will be available
Production – On-Boarding
- Online Registration for GSPs and Identified Taxpayers
- Online Generation of Client ID and Client Secret
- Online generation of API User Name and Password by Tax Payers
- Online linking of API user (GSTIN) with GSPs and Tax Payer Group (PAN based)
- Security Auditing (through CERT-In empanelled agency, by GSP/Tax Payer on application and system
- White listing of static IPs
- Indian Static IPs are only allowed
Best Practices of API Interface
- Understanding of the invoicing system of the company by the developers
- Don’t generate Token for each time
- Store Token, SEK and Expiry time and use till expiry
- Validate the data before submission, as per the JSON Schema and business rules
- Re-generate Token before 10 minutes of expiry
- Don’t hard code SSL Certificate with API interface
- Check response and status and act
Share this Post