Taxpayer Authentication API

Taxpayer Authentication Process

  • First, the GST Taxpayer has to enable API access on their GST Portal:
  • Second, the taxpayer can access the functionality of the GST portal using Sandbox APIs OTP mechanism.

OTP Process

1. Generate One Time Password

  • First, Generate One Time Password API is called.
  • This API takes in the GSTIN & Username as per GST Portal. And then sends OTP to phone number and email id of the GST Taxpayer.
  • OTP Message Sent to the Taxpayer
    Dear taxpayer,
    {{OTP}} is the OTP to verify your GST registration: {{GSTIN}}. OTP is valid till {{hh:mm:ss IST}}. Do not share OTP with anyone.

❗️

OTP Time Limit

OTPs will be valid for 10 minutes.

Endpoint

HTTP Method

Resource

Description

POST

https://api.sandbox.co.in/gst-portal/tax-payers/{gstin}/otp

The API takes in GSTIN & Username* to generate Mobile OTP and Email OTP**.

Response

Field

Description

Example

Message

Returns whether OTP generated successfully or not.

OTP generated successfully

Mobile

Masked Mobile Number

94xxxx9766

Email

Masked Email ID

[email protected]

2. Verify One Time Password

  • Second, the Verify One Time Password API is called. This API takes in the GSTIN, Username, and the OTP to verify the taxpayer.

Endpoint

HTTP Method

Resource

Description

POST

https://api.sandbox.co.in/gst-portal/tax-payers/{gstin}/otp/verify?otp={}otp{}

The API takes in GSTIN and ""OTP" to authenticate the GST Taxpayer.

Response

Field

Description

Example

message

Returns a message indicating whether verfication was successful or not.

GSTIN verified successfully.

📘

Session Access

Once Authenticated Session of 6 hrs will be allowed.

How long does the Taxpayer have access to the GST portal using Sandbox?

  • On successful verification, you are granted with short access of 6 hrs and a longer session (maximum of 30 days; configurable on GST portal).
  • Get Session Expiry API helps you fetch the token and session expiry timestamp.

Can the taxpayer extend his access to GST Portal?

  • Refresh Taxpayer access API will extend the access additionally by 6 hrs from the time of the request. '
  • An extension can be requested with valid access and up to session expiry time. So the user can refresh for 6 hrs from the start of the access after that Refresh access API will not work and the taxpayer session has to be again started with OTP verification.
  • Taxpayer Logout API allows the user to log out.

Did this page help you?