lavaloon-eg / ksa_compliance

KSA Compliance App for KSA E-invoice
https://www.lavaloon.com/
GNU Affero General Public License v3.0
37 stars 28 forks source link

Rejected invoice #91

Closed alaalsalam closed 2 months ago

alaalsalam commented 2 months ago

When I do a sales invoice, it shows this error

Validation Results: Information Messages (Pass)

XSD Validation: Code: XSD_ZATCA_VALID Category: XSD validation Message: "Complied with UBL 2.1 standards in line with ZATCA specifications" Status: PASS Explanation: The invoice complies with the UBL 2.1 standards as required by ZATCA, meaning the invoice's structure and data format are correct. Error Messages (Fail)

Certificate Permissions Error: Code: certificate-permissions Category: CERTIFICATE_ERRORS Message: "User only allowed to use the VAT number that exists in the authentication certificate" Status: ERROR Explanation: This error occurs because the VAT number used in the invoice does not match the VAT number associated with the user's authentication certificate. ZATCA requires that the VAT number on the invoice be the same as the one in the certificate used for authentication. Clearance Status: Status: "NOT_CLEARED" Explanation: The invoice has not been cleared due to the certificate permissions error. Next Steps: Verify the VAT Number:

Ensure that the VAT number on the invoice matches the VAT number linked to the authentication certificate used for submitting the invoice. Update the VAT Number:

If there is a discrepancy, update the invoice to reflect the correct VAT number that corresponds with the authentication certificate. Revalidate and Resubmit:

After making the necessary corrections, revalidate and resubmit the invoice for clearance.


when I do perform compliance checks This message only appears without anything happening

image

mhaggag commented 2 months ago

Hello. This looks like it's on the sandbox environment. On the sandbox, you have to use the VAT registration number prepared by ZATCA because they issue a hard-coded certificate in response to production CSID that targets that specific VAT: 399999999900003

If you want to use a different (or real) VAT number, then you have to use the simulation environment instead (which requires an OTP from the Fatoora simulation platform to onboard).

To troubleshoot such issues, you can use a combination of base64decode and certificate decoder. First you take the production security token and base64 decode it, e.g. this:

TUlJRDNqQ0NBNFNnQXdJQkFnSVRFUUFBT0FQRjkwQWpzL3hjWHdBQkFBQTRBekFLQmdncWhrak9QUVFEQWpCaU1SVXdFd1lLQ1pJbWlaUHlMR1FCR1JZRmJHOWpZV3d4RXpBUkJnb0praWFKay9Jc1pBRVpGZ05uYjNZeEZ6QVZCZ29Ka2lhSmsvSXNaQUVaRmdkbGVIUm5ZWHAwTVJzd0dRWURWUVFERXhKUVVscEZTVTVXVDBsRFJWTkRRVFF0UTBFd0hoY05NalF3TVRFeE1Ea3hPVE13V2hjTk1qa3dNVEE1TURreE9UTXdXakIxTVFzd0NRWURWUVFHRXdKVFFURW1NQ1FHQTFVRUNoTWRUV0Y0YVcxMWJTQlRjR1ZsWkNCVVpXTm9JRk4xY0hCc2VTQk1WRVF4RmpBVUJnTlZCQXNURFZKcGVXRmthQ0JDY21GdVkyZ3hKakFrQmdOVkJBTVRIVlJUVkMwNE9EWTBNekV4TkRVdE16azVPVGs1T1RrNU9UQXdNREF6TUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUVvV0NLYTBTYTlGSUVyVE92MHVBa0MxVklLWHhVOW5QcHgydmxmNHloTWVqeThjMDJYSmJsRHE3dFB5ZG84bXEwYWhPTW1Obzhnd25pN1h0MUtUOVVlS09DQWdjd2dnSURNSUd0QmdOVkhSRUVnYVV3Z2FLa2daOHdnWnd4T3pBNUJnTlZCQVFNTWpFdFZGTlVmREl0VkZOVWZETXRaV1F5TW1ZeFpEZ3RaVFpoTWkweE1URTRMVGxpTlRndFpEbGhPR1l4TVdVME5EVm1NUjh3SFFZS0NaSW1pWlB5TEdRQkFRd1BNems1T1RrNU9UazVPVEF3TURBek1RMHdDd1lEVlFRTURBUXhNVEF3TVJFd0R3WURWUVFhREFoU1VsSkVNamt5T1RFYU1CZ0dBMVVFRHd3UlUzVndjR3g1SUdGamRHbDJhWFJwWlhNd0hRWURWUjBPQkJZRUZFWCtZdm1tdG5Zb0RmOUJHYktvN29jVEtZSzFNQjhHQTFVZEl3UVlNQmFBRkp2S3FxTHRtcXdza0lGelZ2cFAyUHhUKzlObk1Ic0dDQ3NHQVFVRkJ3RUJCRzh3YlRCckJnZ3JCZ0VGQlFjd0FvWmZhSFIwY0RvdkwyRnBZVFF1ZW1GMFkyRXVaMjkyTG5OaEwwTmxjblJGYm5KdmJHd3ZVRkphUlVsdWRtOXBZMlZUUTBFMExtVjRkR2RoZW5RdVoyOTJMbXh2WTJGc1gxQlNXa1ZKVGxaUFNVTkZVME5CTkMxRFFTZ3hLUzVqY25Rd0RnWURWUjBQQVFIL0JBUURBZ2VBTUR3R0NTc0dBUVFCZ2pjVkJ3UXZNQzBHSlNzR0FRUUJnamNWQ0lHR3FCMkUwUHNTaHUyZEpJZk8reG5Ud0ZWbWgvcWxaWVhaaEQ0Q0FXUUNBUkl3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdNR0NDc0dBUVVGQndNQ01DY0dDU3NHQVFRQmdqY1ZDZ1FhTUJnd0NnWUlLd1lCQlFVSEF3TXdDZ1lJS3dZQkJRVUhBd0l3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUxFL2ljaG1uV1hDVUtVYmNhM3ljaThvcXdhTHZGZEhWalFydmVJOXVxQWJBaUE5aEM0TThqZ01CQURQU3ptZDJ1aVBKQTZnS1IzTEUwM1U3NWVxYkMvclhBPT0=

..is base64 decoded to this:

MIID3jCCA4SgAwIBAgITEQAAOAPF90Ajs/xcXwABAAA4AzAKBggqhkjOPQQDAjBiMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNnb3YxFzAVBgoJkiaJk/IsZAEZFgdleHRnYXp0MRswGQYDVQQDExJQUlpFSU5WT0lDRVNDQTQtQ0EwHhcNMjQwMTExMDkxOTMwWhcNMjkwMTA5MDkxOTMwWjB1MQswCQYDVQQGEwJTQTEmMCQGA1UEChMdTWF4aW11bSBTcGVlZCBUZWNoIFN1cHBseSBMVEQxFjAUBgNVBAsTDVJpeWFkaCBCcmFuY2gxJjAkBgNVBAMTHVRTVC04ODY0MzExNDUtMzk5OTk5OTk5OTAwMDAzMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEoWCKa0Sa9FIErTOv0uAkC1VIKXxU9nPpx2vlf4yhMejy8c02XJblDq7tPydo8mq0ahOMmNo8gwni7Xt1KT9UeKOCAgcwggIDMIGtBgNVHREEgaUwgaKkgZ8wgZwxOzA5BgNVBAQMMjEtVFNUfDItVFNUfDMtZWQyMmYxZDgtZTZhMi0xMTE4LTliNTgtZDlhOGYxMWU0NDVmMR8wHQYKCZImiZPyLGQBAQwPMzk5OTk5OTk5OTAwMDAzMQ0wCwYDVQQMDAQxMTAwMREwDwYDVQQaDAhSUlJEMjkyOTEaMBgGA1UEDwwRU3VwcGx5IGFjdGl2aXRpZXMwHQYDVR0OBBYEFEX+YvmmtnYoDf9BGbKo7ocTKYK1MB8GA1UdIwQYMBaAFJvKqqLtmqwskIFzVvpP2PxT+9NnMHsGCCsGAQUFBwEBBG8wbTBrBggrBgEFBQcwAoZfaHR0cDovL2FpYTQuemF0Y2EuZ292LnNhL0NlcnRFbnJvbGwvUFJaRUludm9pY2VTQ0E0LmV4dGdhenQuZ292LmxvY2FsX1BSWkVJTlZPSUNFU0NBNC1DQSgxKS5jcnQwDgYDVR0PAQH/BAQDAgeAMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCIGGqB2E0PsShu2dJIfO+xnTwFVmh/qlZYXZhD4CAWQCARIwHQYDVR0lBBYwFAYIKwYBBQUHAwMGCCsGAQUFBwMCMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwMwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwIDSAAwRQIhALE/ichmnWXCUKUbca3yci8oqwaLvFdHVjQrveI9uqAbAiA9hC4M8jgMBADPSzmd2uiPJA6gKR3LE03U75eqbC/rXA==

If you paste the above into the certificate decoder, you'll get the following certificate details:

Certificate Information:
Common Name: TST-886431145-399999999900003
Subject Alternative Names: DirName:SN = 1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f, UID = 399999999900003, title = 1100, registeredAddress = RRRD2929, businessCategory = Supply activities
Organization: Maximum Speed Tech Supply LTD
Organization Unit: Riyadh Branch
Locality:
State:
Country: SA
Valid From: January 11, 2024
Valid To: January 9, 2029
Serial Number: 1100003803c5f74023b3fc5c5f000100003803

The sandbox will always respond with this certificate regardless of your choices/settings in the CSR.

alaalsalam commented 2 months ago

In fact, I use frappe cloud I followed the steps mentioned in your video, Now with this problem what should I do? Can you tell me the steps and thank you for your patience

mhaggag commented 2 months ago

Can you please link the video so that I can have the team check it and update it if it's outdated? @Ahmed-M-Fawzy @omarashrafsarhan

The recommended approach to ZATCA integration is to first do a test integration using a test environment (typically, a clone of your production environment or a test environment with a similar setup). I'm assuming this is what you're trying to do. For an integration test, you want to use the simulation environment if you already have a Fatoora account. If you don't, use the sandbox.

Assuming you're doing the integration test using sandbox (the screenshot shared above), you need to go to the "Seller ID" tab and update the VAT registration number to: 399999999900003. After that, you should be able to send invoices to the sandbox.

alaalsalam commented 2 months ago

Thank you, I changed the VAT registration number and the invoice was accepted but This does not mean that the tax number is experimental. What if I want to link it to my tax number and have it be actual?

mhaggag commented 2 months ago

Thank you, I changed the VAT registration number and the invoice was accepted but This does not mean that the tax number is experimental. What if I want to link it to my tax number and have it be actual?

The sandbox is mainly used for testing during development and when you don't have a fatoora portal account to use simulation. If you have a fatoora portal account, switch to the simulation environment and use your real configuration (real VAT) to test. If that works OK, you can then use the production environment and work in production.