דמו למודול הקצאת מספרי חשבוניות על-ידי רשות המיסים

OpenAPI Sandbox Invoices Demo

For this example to work properly you must perform the following steps:

1. Complete the Registration to the Sandbox process and create an App there.

Note: you can use an existing app. Either change the Redirect URI to https://demo.open-api.co.il/OpenAPI or get an Authorization Code idependently and "Set" it in step 3.

--------------------------------------------------------------------------------------------------------------------------------------------------------

2. Set the key, secret, etc. here:

Available keys and secrets:

Env סביבה Key מפתח Secret סוד Redirect URI Shaaam URL פורטל
Sandbox localhost:44327 6d2e5958492712a68a9a126377ca9ae0 79b2f283ba87650e59a202d42ce98aff https://localhost:44327/openAPI https://openapi.taxes.gov.il/shaam/tsandbox
https://ita-api.taxes.gov.il/shaam/tsandbox
Sandbox 5c49dc2bbf8ef34151fa40b9b8030a5c a3b632650e969a23d6041da689b64b6b https://demo.open-api.co.il/OpenAPI https://openapi.taxes.gov.il/shaam/tsandbox
https://ita-api.taxes.gov.il/shaam/tsandbox
Production 9c83a7320fecabd55319a63a82f34d7a bb7cb994ab692d1e9fd15157c227e7f8 https://demo.open-api.co.il/OpenAPI https://openapi.taxes.gov.il/shaam/production
https://ita-api.taxes.gov.il/shaam/production

* Shaam API URL = URL used to get Authorization Code and Access Tokens

* ITA API URL = URL used to get Allocation Number

* Application Key (also called client_id) =

* Application Secret (also called client_secret) =

The redirect uri must be exactly the same (it is case SENSITIVE!) as you registerd in the "Sandbox" App.

* Redirect uri =

Optional State (e.g. invoice number, client id, etc.) =

--------------------------------------------------------------------------------------------------------------------------------------------------------

3. Get an Authorization Code:

When you click "Get" you will need to login via the Tax Authority Login page.
If no Login Page is displayed then it may be that you are already logged into the Tax Authority domain.
If the login is OK and the Key is OK you will get an Authorization Code and it will be displayed below.

Possible errors:

{"error":"unauthorized_client","error_description":"Invalid client ID or secret, or client not subscribed to this API"}

1. You entered an incorrect Key or an incorrect Secret.
2. Your App (in the Sandbox) is not subscribed to the demoApp. Go there and add a subscription.

Url =

Authorization Code =

State (received from Tax Authority) =

Or if you have your own App in the Sandbox, then use it to get the Authorization Code and set it manually:

Code =

--------------------------------------------------------------------------------------------------------------------------------------------------------

4. Get an Access Token

Authorization (used in the Headers of the API call) =
Basic NWM0OWRjMmJiZjhlZjM0MTUxZmE0MGI5YjgwMzBhNWM6YTNiNjMyNjUwZTk2OWEyM2Q2MDQxZGE2ODliNjRiNmI=

TokenResponse =

Accss Token = Expires at =

Refresh Token = Expires at =

Once you received the Token the Authorization Code is invalidated. If you want to test again then you need to get a new Authorization Code. Go back to step 3.

--------------------------------------------------------------------------------------------------------------------------------------------------------

5. Get an Invoice Allocation Number (מספר הקצאה):

You can edit the Invoice details to test the JSON:

Invoice Allocation Number Response =

Invoice Allocation Number =

----------------------------------------------------------------------------------------------------------------

How to check your Invoice JSON?

Note: when you try to get an "Allocation Number" you may receive criptic validation errors such as:
Validate: temporary:///swagger/shaam_tsandbox_invoices_v1.json:396: [JSV0008] Invalid number: 0 must be greater than or equal to 1."

You can validate your JSON using https://www.jsonschemavalidator.net/.
Here is the schema file. Download it and copy the schema to the validator.

--------------------------------------------------------------------------------------------------------------------------------------------------------

6. Refresh the Access Token

The Access Token is valid only for 10 minutues. Once it expires you can aquire a new Authorization Code and a new Acces Token.
But if your login into the Persnal Area (איזור אישי) expired you will need to login again. This may affect performance and usability.
Alternatively you can aquire a new Access Token via the Refresh Token.

Refresh Token Response =