E-invoice APIs communicate and exchange data between Taxpayers or GSP systems and the e-Invoice system. This section describes standards and formats used to define API exposed by the e-Invoice system. E-Invoice APIs are implemented as RESTful Web Services.
Following HTTP methods are used across the APIs
- It is essential to get authenticated to make use of any API. The user has to call the Authentication API and get a token. Subsequent calls to other APIs should carry this valid token. Details of the Authentication API are available under the API documentation.
- Password and AppKey, during the authentication process, have to be encrypted using the public key, which the e-Invoice system will provide.
- Successful authentication also provides Session Encryption Key(SEK). Subsequent request payloads should be encrypted using this key. Responses from the e-Invoice system will be encrypted using this key. The payloads are encrypted using the symmetric algorithm.
- The responses of some of the API calls like “Generate – IRN”, “Get IRN Details” will have the complete e-Invoice and QR- Code data digitally signed using JSON Web Token (JWT) and JSON Web Signature (JWS) with “SHA256RSA” algorithm.
- More information on the above is available in the respective API documentation in this portal.
Following HTTP methods are used across the APIs
Process flow for other services
