Sample code for 30+ languages & platforms
PHP Extension

ZATCA Onboarding Get Compliance CSID

See more ZATCA Examples

Demonstrates sending a POST to get a compliance CSID, which is two parts: A binary security token, and a secret.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// It is assumed you've already generated a CSR.
// Also, you'll need an OTP code, valid for 1 hour, which is generated online in the Fatoora portal.  See 
// https://zatca.gov.sa/ar/E-Invoicing/Introduction/Guidelines/Documents/E-invoicing%20Detailed%20Technical%20Guidelines.pdf

// Manually replace this with the OTP code you interactively obtained in a browser session from the Fatoora portal.
// The OTP code is valid for 1 hour.
$otp = '123434';

// You should already have a CSR in a file containing something that looks like this:

// -----BEGIN CERTIFICATE REQUEST-----
// MIIB5DCCAYsCAQAwTDELMAkGA1UEBhMCU0ExFTATBgNVBAsMDFJpeWFkIEJyYW5j
// aDEQMA4GA1UECgwHQ29udG9zbzEUMBIGA1UEAwwLRUExMjM0NTY3ODkwVjAQBgcq
// hkjOPQIBBgUrgQQACgNCAAQI6op+6GQ4Gmn9oy0DpGxX0lFtUIvj+4Jtnp0VyEsH
// +ZO7lpgksbRC484R3fAsO0v+Ly24ZIUIOYEIAeJ1f6AooIHfMIHcBgkqhkiG9w0B
// CQ4xgc4wgcswIQYJKwYBBAGCNxQCBBQTElpBVENBLUNvZGUtU2lnbmluZzCBpQYD
// VR0RBIGdMIGapIGXMIGUMTswOQYDVQQEDDIxLVRTVHwyLVRTVHwzLWVkMjJmMWQ4
// LWU2YTItMTExOC05YjU4LWQ5YThmMTFlNDQ1ZjEfMB0GCgmSJomT8ixkAQEMDzMx
// MDEyMjM5MzUwMDAwMzENMAsGA1UEDAwEMTEwMDESMBAGA1UEGgwJTXlBZGRyZXNz
// MREwDwYDVQQPDAhJbmR1c3RyeTAKBggqhkjOPQQDAgNHADBEAiBurm6KdAeHfXzt
// h/jk8xSMBP4TAkkFrg+hWDhfI0/SuAIgJi8ectM7YwBIBCmf0tdFcVTU7GBbvjnK
// xValZCAO39M=
// -----END CERTIFICATE REQUEST-----

$pem = new CkPem();
$success = $pem->LoadPemFile('c:/aaworkarea/zatca/onboarding/taxpayer.csr','');
if ($success == false) {
    print $pem->lastErrorText() . "\n";
    exit;
}

// Get the base64 from the CSR in a single line.
$sbCsrBase64 = new CkStringBuilder();
$sbCsrBase64->Append($pem->getEncodedItem('csr','','base64',0));
$numReplaced = $sbCsrBase64->Replace('\r','');
$numReplaced = $sbCsrBase64->Replace('\n','');
$csrBase64 = $sbCsrBase64->getAsString();
print $csrBase64 . "\n";

$json = new CkJsonObject();
$json->put_EmitCompact(false);
$json->UpdateSb('csr',$sbCsrBase64);

$http = new CkHttp();
$http->put_Accept('application/json');
$http->SetRequestHeader('OTP',$otp);
$http->SetRequestHeader('Accept-Version','V2');
$resp = new CkHttpResponse();
$success = $http->HttpJson('POST','https://gw-apic-gov.gazt.gov.sa/e-invoicing/core/compliance',$json,'application/json',$resp);
if ($success == false) {
    print $http->lastErrorText() . "\n";
    exit;
}

if ($resp->get_StatusCode() != 200) {
    print $resp->bodyStr() . "\n";
    print 'response status code = ' . $resp->get_StatusCode() . "\n";
    print 'Failed' . "\n";
    exit;
}

$jsonResp = new CkJsonObject();
$resp->GetBodyJson($jsonResp);

$jsonResp->put_EmitCompact(false);
print 'JSON response:' . "\n";
print $jsonResp->emit() . "\n";

?>