Friday, October 2, 2020

Takeaways & Observations of Direct-API EInvoicing Users

On Oct 1 2020, GSTN went live with eInvoicing, i.e., registering of invoices with NIC, for companies with 500 Cr+ turnover. We have earlier written about the "Direct-API", which allows tax-payers to connect to the NIC servers directly and make the API calls.

We have enabled many of our partners to go live with this Direct-API on Oct 1. These were companies with 500Cr+ turnover, and used several different ERP systems, including SAP and Oracle. We have been getting a lot of queries about the Direct API and the go-live experience. This note is to document our observations across the many partners who have successfully started eInvoicing with the Direct-API.

My overall observation is that GSTN & NIC have done a good job with the Direct API and the on-boarding process. The process was clearly documented by GSTN / NIC, and everything worked as promised without a hitch. 

Moreover, in the last 60 hours, tens of thousands of eInvoices have been registered by our partners, and not a single case of failure has been reported as of this time.

Specific Observations:

1) The documentation provided by GSTN for consuming the direct API is clear, and all the REST API calls work as described.

2) A sandbox has been made available for testing. Taxpayers can register on the sandbox to obtain their API credentials and then begin to test the API. The sandbox behavior is as documented. (Few weeks ago, there was a delay of a few hours between new schema changes being announced and the sandbox behavior. In the recent weeks, there has been no such mismatch).

3) NIC requires Direct-API users to run a number of tests (both success and failures)  per each API call prior to Production access. The purpose is to ensure that Taxpayers actually try out all their use-cases on the sandbox, and handle success & failures, prior to accessing the Production servers. There is a spreadsheet available on the GSTN site. It is clear on the number and type of the tests to be performed. The spreadsheet takes about 10 mins to fill once you run the required number of tests on Sandbox.

4) NIC also requires Taxpayers to allocate maximum up to 4 public IPs for whitelisting. In other words these are the IPs from which requests will be permitted to hit the NIC Production servers.

5) The request for Production access can be made by logging in to the portal with Admin credentials. You have to select Direct Access, then enter the Whitelisted IPs, and then upload the filled spreadsheet mentioned in item 3 above (after converting XLS to PDF).

6) Once the above request is made, the taxpayer needs to await approval from NIC. The statistics based on the experience of our partners is: 

Maximum days for getting approval: 6 days

Minimum days for getting approval:  < 1 day (!!!)

Average number of days for getting approval: 3 days

Approval received in first attempt: Approx 78% of applicants

Application rejected in first attempt: Remaining 22% of applicants (NIC provided reasons for rejection)

Applications approved on second attempt (of the 22%): 100%.

This means that a majority of applicants received their approval in the first attempt and fairly quickly. The remaining ones got approval after they fixed the errors in their application.

7) Applicants received a clear email with next steps for production access. This required the taxpayer to create API users from the portal, along with their credentials. These credentials are to be used in the Production API.

8) Process of creating say 10 API users (one for each GSTN corresponding to a single PAN) takes about 10 mins.

9) Process of going live only requires the user to change the API end-points from Sandbox to NIC production server, and using the Production credentials.

10) Out of more than 100 IPs that we saw whitelisted, only 1 failed to work on production as expected. Other than this singular case, IP whitelisting by NIC worked as expected for all taxpayers.

11) There is no difference in the behavior of the Sandbox and Production servers. This is good. All API work as expected on Production, if they worked on the Sandbox.

12) Only one taxpayer faced connectivity issues for a few hours, but it was an issue on the taxpayer side, not on NIC side. The lesson for the taxpayer is to ensure good internet connectivity.

13) Direct taxpayers have been receiving responses to emails from NIC on a fairly regular basis. 

14) The schema validation changes announced by GSTN 4 days prior to go-live did require some work on our side, but we observed that many of those changes were already live on the sandbox prior to their announcement.

To be honest, we had mentally prepared our partners (taxpayers) for possible glitches after go-live. However these apprehensions proved to be unfounded and everything has worked well as of this time, with no latency issues being reported either.

To summarize, our partners have had a smooth journey going into Production with Direct eInvoicing API from a variety of ERP systems. Every single one of them went live on time, with no disruption to their business users.

(Note: The earlier note on Direct-API, background & benefits is here)

The Direct API for eInvoicing

NIC provides a Direct-API for registering eInvoices. "Direct-API" means that the API endpoints on the NIC servers can be accessed directly by the tax-payer (i.e., without having to route the data via any intermediary or GSP). 

GSTN has recognized that eInvoice data is confidential & embodies trade secrets. Pricing information in particular is something that companies protect zealously. Large companies often spend an enormous amount of money on implementing on-premise ERP solutions precisely for this reason. Invoice data is too precious to be stored on a cloud-based ERP.

It is one thing for one data-point (pricing of a particular item at a particular time) to be compromised. It is much worse when detailed invoicing data ends up being gathered over a period of time into a database. Significant analysis can be performed and inferences drawn from such databases. ("Big Data", "Data Harvesting"). Needless to say, this data is of immense competitive value. 

Many CIOs, CFOs and Information Security professionals understand this, and are reluctant to route data via third-parties. There are other benefits to going direct as well. It reduces the number of hops, and therefore reduces the latency and minimizes the points of failure. Further, you are at no risk of being charged annual or per-transaction fees by anyone.

Given these significant concerns, it is logical for NIC to provide an API which tax-payers can consume themselves, and route the data to NIC directly. Hundreds of Companies (500Cr+ turnover) have adopted the direct route to implement their eInvoicing. GSTN has also included eWayBills in this API, which means Taxpayers can now generate eWayBills along with eInvoicing as well.