Skip to main content
1

Authenticate

To begin the GST E-Invoice workflow, your application must first authenticate using the Authenticate endpoint to obtain the Sandbox JWT access token.This endpoint requires your API Key and API Secret, and returns a JWT access token that’s valid for 24 hours. This token is required for all subsequent API calls.

cURL Request

curl --request POST \
  --url https://api.sandbox.co.in/authenticate \
  --header 'accept: application/json' \
  --header 'x-api-key: xxxxxxxxxxxxxxxxxx' \
  --header 'x-api-secret: xxxxxxxxxxxxxxxxxx' \
  --header 'x-api-version: 1.0.0'
When authentication is successful, you’ll receive the Sandbox JWT access token in the response. This token must be used in the authorization header (without the Bearer prefix) for all subsequent API calls.
2

Authenticate with E-Invoice API

Once you have the Sandbox JWT access token, authenticate with the E-Invoice portal using the E-Invoice Authentication endpoint.You need to provide the username and password that were created on the E-Invoice portal (NIC), along with the taxpayer’s GSTIN (15-character GST Identification Number). The force query parameter should be set to true if you need to refresh the token 10 minutes before expiry.

cURL Request

curl --request POST \
  --url 'https://api.sandbox.co.in/gst/compliance/e-invoice/tax-payer/authenticate?force=true' \
  --header 'authorization: {sandbox-access-token}' \
  --header 'x-api-key: xxxxxxxxxxxxx' \
  --header 'x-source: primary' \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "ACME_IND_API_QCK",
  "password": "QnVzaW5lc3NfQVBJX1FDSw",
  "gstin": "29AAACQ3770E000"
}'
When authentication is successful, you’ll receive an E-Invoice access token in the response along with an expiry timestamp. The x-source header specifies which NIC server to use: primary (NIC 1) or secondary (NIC 2).
Prerequisites: You must have API credentials created on the E-Invoice portal (NIC) to use this endpoint. If you haven’t created them yet, follow the steps to create API credentials.