Taxpayer Authentication Process

• First, the GST Taxpayer has to enable API access on their GST Portal:

• Second, the taxpayer can access the functionality of the GST portal using Sandbox APIs OTP mechanism.

OTP Process

1. Generate One Time Password

• First, Generate One Time Password API is called.
• This API takes in the GSTIN & Username as per GST Portal. And then sends OTP to phone number and email id of the GST Taxpayer.
• OTP Message Sent to the Taxpayer
  Dear taxpayer,
  {{OTP}} is the OTP to verify your GST registration: {{GSTIN}}. OTP is valid till {{hh:mm:ss IST}}. Do not share OTP with anyone.

❗️

OTP Time Limit

OTPs will be valid for 10 minutes.

Endpoint

Response

2. Verify One Time Password

• Second, the Verify One Time Password API is called. This API takes in the GSTIN, Username, and the OTP to verify the taxpayer.

Endpoint

Response

📘

Session Access

Once Authenticated Session of 6 hrs will be allowed.

How long does the Taxpayer have access to the GST portal using Sandbox?

• On successful verification, you are granted with short access of 6 hrs and a longer session (maximum of 30 days; configurable on GST portal).
• Get Session Expiry API helps you fetch the token and session expiry timestamp.

Can the taxpayer extend his access to GST Portal?

• Refresh Taxpayer access API will extend the access additionally by 6 hrs from the time of the request. '
• An extension can be requested with valid access and up to session expiry time. So the user can refresh for 6 hrs from the start of the access after that Refresh access API will not work and the taxpayer session has to be again started with OTP verification.
• Taxpayer Logout API allows the user to log out.