Z Zatca API
العربية Sign in Sign up free
FAQ

How can we help?

In-depth answers to the most common questions about Zatca API.

About the service

What is Zatca API?
Zatca API is a cloud service that lets Saudi businesses connect their systems to the Zakat, Tax and Customs Authority for issuing e-invoices, without writing complex code or managing certificates by hand. We handle digital signing, hashing, QR generation, and submission — and return the result.
Do I need programming experience to use it?
A minimum. Any developer can fire a simple POST request at the API. We provide examples in PHP, JavaScript, Python, and cURL. You can also issue invoices manually from the dashboard for testing.
Is the service ZATCA-approved?
Yes. The service uses official ZATCA protocols (UBL 2.1, XAdES, TLV QR) and supports all stages: sandbox for try-out, simulation for testing, production for live use. All certificates are issued directly by ZATCA.

ZATCA integration

How does the ZATCA onboarding work?
After signup, you log into your dashboard, fill in your business details (VAT number, address, ...), then paste the OTP from the ZATCA portal. We generate the CSR, request the compliance certificate, and after testing issue the production certificate — all automatically.
What's the difference between a Standard and a Simplified invoice?
Standard invoices (B2B) require Clearance from ZATCA before they can be handed to the customer. Simplified invoices (B2C) are Reported within 24 hours of issuance. The API detects the type automatically and follows the right flow.
Do you support Credit and Debit notes?
Yes. The API supports tax invoice (388), credit note (381), and debit note (383), for both Standard and Simplified types.

Invoices

How long does processing an invoice take?
Median response time is under 500 ms for simplified invoices and around 1.5 s for standard invoices (including ZATCA's own server response time).
What happens if ZATCA rejects an invoice?
The full ZATCA response (with error messages) is stored and displayed in the dashboard. You can edit and resubmit the invoice with one click.

Security & pricing

How is data secured?
Every API call is signed with HMAC-SHA256 inside a timestamp window to prevent replay. Certificates and secrets are encrypted at rest. Each client has an isolated folder for their certificates. IP allow-lists are supported.
Can I try the service before paying?
Absolutely. The free plan lets you issue 50 invoices / month in sandbox/simulation — enough for a full integration test before going live.
Can I cancel any time?
Yes. Upgrade, downgrade, or cancel from your dashboard at any time. No long-term contracts.
Do you offer technical support?
Business plan includes email support within one business day. Enterprise plan adds 24/7 support and a dedicated account manager.

Ready to get started?

Join dozens of Saudi businesses already using Zatca API to simplify their e-invoicing.

Create your account