Skip to content

GST E-Invoice API

IRN, EWB and credit/debit notes over one REST API.

Authorised GSP under the hood. OAuth per GSTIN, idempotency keys and webhooks on every state change. SDKs in Node, Python, PHP, Java, Go and .NET.

Start free trialBook a demo
OneFinOps API reference — Generate IRN endpoint

REST API

One REST API for IRN, EWB, cancel and CDNR.

Versioned endpoints for IRN generation, e-way bill issuance, cancellation, amendment via credit and debit notes (CDNR), and reconciliation reads. JSON in, JSON out. The schema mirrors the GSTN spec, so the documentation you read on the IRP applies one-to-one in your code.

REST API screenshot

Authorised GSP routing

Direct path to the NIC IRP via authorised GSP partners.

OneFinOps connects through authorised GSPs in the GSTN partner programme. Your traffic goes from your service to OneFinOps to the GSP layer to the NIC IRP. Multi-GSP routing for redundancy when an IRP region is degraded.

Authorised GSP routing screenshot

SDKs

SDKs in Node, Python, PHP, Java, Go and .NET.

Idiomatic clients for the six runtimes Indian engineering teams ship in. Typed responses, async-first interfaces, automatic retries with exponential backoff and request signing baked in. Open-source on GitHub. Semantic versioning, changelog per release.

Node.js logo

Node.js

Python logo

Python

PHP logo

PHP

Java logo

Java

Go logo

Go

.NET logo

.NET

Webhooks

Webhooks on every state change.

Subscribe to IRN success, IRN failure, IRN cancellation, e-way bill issuance, EWB validity update and CDNR events. Signed payloads with HMAC. At-least-once delivery with retry-and-replay. Dead-letter queue inspectable from the dashboard.

Webhooks screenshot

Sandbox & Production

Sandbox that matches the GSTN spec.

Dedicated sandbox environment with the full schema and the GSTN's test PAN/GSTIN seed data. Cut over to production with a credential swap, no code change. Rate limits and latency profiles in sandbox match production within tolerance.

Sandbox & Production screenshot

Idempotency

Idempotency keys built in.

Send any IRN, EWB or CDNR request with an Idempotency-Key header. The same key returns the same response within the 24-hour replay window. Safe retries on network failure without the duplicate-IRN risk that the GSTN penalises.

Idempotency screenshot

Bulk Endpoints

Bulk IRN with status post-back per record.

Submit up to 5,000 invoices in a single bulk call. Each record validated locally, then relayed via the authorised GSP. Per-record success or failure returned synchronously, with the full IRN payload on success and the GSTN error code on failure. Webhooks fire as records complete.

Bulk Endpoints screenshot

Multi-GSTIN OAuth

OAuth credentials per GSTIN.

Each GSTIN gets its own OAuth client credentials. Rotate keys without service interruption via dual-key support. Scope the credentials to specific endpoints (read-only, IRN-only, full). Audit log of every credential issue, rotation and revoke.

Multi-GSTIN OAuth screenshot

Observability

Every API call inspectable.

Request log per call with the GSTN payload, the response, the latency breakdown and the retry chain. Filter by IRN, GSTIN, endpoint, status code or date. Export to your SIEM. The same data feeds the failure-resolution playbook in the dashboard.

Observability screenshot

Schema Versioning

GSTN schema changes, applied without code changes.

When the GSTN updates the e-invoice schema (new field, deprecated field, validation change), the API layer absorbs it. Your existing requests continue to work. Breaking schema changes (rare) get a 90-day deprecation window with a clear migration path.

Schema Versioning screenshot

At scale

E-invoice API, by the numbers.

< 2 sec

IRN latency p50, end to end

99.9%

API uptime, with auto-retry on transient GSTN outages

6 SDKs

Node, Python, PHP, Java, Go, .NET

Day 1

from sandbox key to first production IRN

Buyer FAQ

What engineering teams ask before integrating.

How is this different from your GST E-Invoicing Software product?

GST E-Invoicing Software is a full UI for finance teams: dashboards, queues, GSTR-1 drafts, multi-GSTIN management. The E-Invoice API is the same underlying authorised-GSP integration, exposed as a REST API for engineering teams that want to embed IRN, EWB and CDNR generation directly into their own product, ERP or invoicing service. Same authorised-GSP path, no UI.

Do you connect via an authorised GSP?

Yes. OneFinOps connects to the NIC IRP via authorised GSPs in the GSTN partner programme. Your traffic goes from your service to OneFinOps to the GSP layer to the NIC IRP. Multi-GSP routing kicks in when an IRP region is degraded, so your integration sees fewer downstream failures than a single-GSP setup.

What happens when GSTN or NIC IRP is down?

The API queues the request locally and retries with exponential backoff against the failover GSP. Your client sees a single response (the eventual success or a clear failure with a GSTN error code). Webhook fires when the IRN finally lands. We publish IRP status on a public status page; the SDKs read from it to back off intelligently.

How does sandbox differ from production?

Sandbox uses GSTN-provided test PAN and GSTIN seed data. The schema, the validation rules and the response shape are identical to production. Rate limits and latency profiles are tuned to match production within tolerance, so you do not get a surprise on the day you cut over. To switch to production, you swap credentials, no code change required.

What is the rate limit?

Default rate limits scale with plan: 10 requests per second on the developer plan, 100 on the standard plan, custom on the enterprise plan. Bulk endpoints accept up to 5,000 records per call. The X-RateLimit-* headers ship on every response so you can throttle from the client side.

How do I rotate credentials safely?

Dual-key support is built in. Provision a new client credential, switch your traffic over, then revoke the old one. The audit log captures every issue, rotation and revoke event. Credentials never appear in webhook payloads or request logs; we redact them at the edge.

Multi-GSTIN. How is auth handled?

Each GSTIN gets its own OAuth client credentials. The auth scope is per-GSTIN, so a credential for GSTIN A cannot generate IRN against GSTIN B. SaaS platforms invoicing on behalf of their tenants can issue per-tenant credentials and let each tenant manage their own GSTN registration without exposing other tenants.

Pricing model?

A monthly platform fee plus a per-IRN charge that decreases with volume. Bulk and reconciliation API calls are billed at lower rates than IRN-generating calls. The first 100 IRNs per month on sandbox are free for development. Detailed pricing is on the pricing page; volume tiers are negotiable on enterprise plans.

Idempotency. What is the replay window?

Send the Idempotency-Key header on any state-changing request (IRN, EWB, cancel, CDNR). The same key returns the same response within a 24-hour window. After 24 hours, the key is released. The replay window matches the GSTN's own duplicate-detection window, so you cannot accidentally generate two IRNs for the same invoice.

Can our security team audit your platform?

Yes. We share SOC 2 Type II report (gated NDA), the architecture diagram, the data-flow diagram and the GSP partnership documentation. Indian customer data is hosted in India. The API is exposed only over TLS 1.3, with HSTS, certificate pinning support in the SDKs, and request signing on every call.

Get a sandbox key in 10 minutes.

Sign up free. The sandbox is GSTN-spec-equivalent. Generate your first IRN before lunch, swap to production credentials when your team is ready.

Start free trialBook a demo