Qoyod
Pricing

Knowledge Base

E-Invoicing Technical Readiness Check: The Five Pillars

Before you connect your system to the Fatoora platform, one technical question decides whether the integration succeeds or fails: is your system truly ready on the technical side? Many businesses complete the administrative readiness steps, then are caught off guard when the platform rejects their first invoice because of an XML formatting error or an invalid certificate. This guide gives you a technical self-check to confirm that your system and its integration are ready for the second phase of e-invoicing, before you attempt the actual connection with the Authority.

This guide focuses on system and technical integration readiness: API connectivity, CSID certificate validity, testing invoices in the simulation environment, validating UBL output, and generating the QR code and cryptographic stamp. As for the general administrative readiness of the business (team, documents, timeline), we covered that in a separate guide: E-Invoicing Readiness Checklist: Is Your Business Prepared?. Read this technical guide after closing out the administrative checklist, or in parallel with it if you have a technical team.

The difference between administrative readiness and technical readiness

Administrative readiness answers the question: “Do I know what is required of me and when?” Technical readiness answers a harder question: “Can my system actually produce an invoice that the Fatoora platform accepts on the first try?” The difference is fundamental. A business may be fully ready administratively, yet its connection fails because its system does not generate the hash of the previous invoice correctly, or because its technical compliance certificate has expired.

The second phase of e-invoicing is not merely issuing a digital invoice. It is a direct software integration between your system and the Authority’s platform. Every invoice passes through a series of strict technical checks before it is accepted. That is why verifying readiness requires a technical diagnostic methodology, not an administrative task list.

The danger lies in the fact that technical problems only surface at the first real connection attempt. A business may think it is ready because it has been issuing digital invoices since Phase One, but Phase One did not require any direct integration with the platform. The gap between “issuing a digital invoice” and “issuing an invoice that passes the platform’s checks” is exactly what the technical check we present here reveals.

A good technical check reveals the problem in a safe environment before it affects your actual operations. Instead of discovering a hash-chain error after you have already delivered hundreds of invoices to customers, you discover it in the simulation environment on a single test invoice. That difference alone justifies the time you invest in systematic verification.

To understand the full regulatory context before diving into the technical side, review the guide Phase Two Requirements for E-Invoicing. This guide assumes you know the basics of Phase Two, and takes you straight to the technical check.

The five technical pillars of readiness

Before you issue your first invoice in the production environment, you must pass five technical pillars. Any missing pillar means a potential failure at connection time. These pillars are the self-check map we will follow throughout this guide.

Technical self-check list

The five technical pillars of system readiness
Five technical checks that confirm your system is ready to connect with the Authority.
Technical readiness pillars

Connection to the Fatoora platform interface (API)

Validity of the CSID/PCSID certificate

A successful test invoice in the simulation environment

Correct XML output per UBL 2.1

Generation of the QR code and cryptographic stamp

Passing all five pillars means your system is technically ready for live issuance.

The pillars follow a logical order. Connection first, then the certificate, then an actual test in the simulation environment, then validation of the output, and finally the visual and cryptographic signature elements. Do not move to a pillar before passing the one before it, because each pillar builds on the one preceding it.

Pillar one: API connection to the Fatoora platform

The foundation of the Phase Two connection is a direct software link between your system and the Fatoora platform interfaces (APIs). If your system cannot reach the Authority’s endpoints, no connection will happen at all. That is why the technical check starts here.

Verify the following points before anything else:

  • The system’s ability to reach the endpoints: Your system must reach the Fatoora platform interfaces designated for compliance and production over a secure protocol (HTTPS).
  • Correct authentication: Every request needs an authorization header built on the credentials associated with your technical certificate.
  • Handling responses: Your system must understand the platform’s responses, whether an acceptance or a rejection with an error message, and act accordingly.
  • Firewall settings: Make sure your network firewall does not block outbound traffic toward the Authority’s domains.

The simplest test to confirm the connection is sound is to send a compliance check request to the simulation environment. If the response comes back successful, you clear the first pillar. If the connection fails, the problem is usually in the credentials or the network settings, not in the invoice itself.

Note that a connection failure confuses many businesses, because they start fixing the invoice while the problem is in a much lower layer. That is why a systematic check always starts from the connection. First confirm that your system reaches the platform and exchanges responses with it, then move on to the invoice content. This order saves you hours of diagnosing in the wrong direction.

If you use a compliant accounting system, this layer is managed automatically and needs no manual connection setup. But if you build the integration yourself, be sure to document the endpoints you connect to and the credentials associated with each environment, so you do not mix up the simulation environment with the production environment.

Pillar two: validity of the technical compliance certificate (CSID)

The CSID certificate (Cryptographic Stamp Identifier for compliance) is your system’s digital identity before the Authority. Without it, your system cannot sign any invoice with an approved signature. Verifying the validity of this certificate is a pillar that admits no leniency.

Phase Two deals with two types of certificates. The technical compliance certificate used in the simulation environment during testing, and the production certificate (PCSID) used after passing the tests for actual operations. Confusing the two is a common mistake that leads to invoice rejections.

Review the detailed guides for each type of certificate to understand its role precisely:

When checking this pillar, confirm three things: that the certificate is genuinely issued by the Authority, that its validity has not expired, and that you are using the certificate appropriate for the environment you are operating in. An expired certificate means all invoicing operations stop suddenly, so track expiry dates before they arrive.

How do you know your certificate is ready?

The lifecycle of the readiness certificate
How to make sure your certificate is ready for production.
1

Generate a CSR

2

Compliance certificate (CCSID) and simulation testing

3

Production certificate (PCSID)

4

Live issuance with a stamp and QR code

Readiness is complete only with a valid production certificate after passing compliance.

The move from the compliance certificate to the production certificate does not happen automatically. Your system must first pass the Authority’s series of checks in the simulation environment. This is a pivotal point in verifying readiness: do not request the production certificate before you confirm that test invoices are fully accepted.

Pillar three: a successful test invoice in the simulation environment

The simulation environment is the Authority’s official testing environment. It lets you send structurally real invoices without any actual tax impact. This pillar is the beating heart of technical readiness verification, because it shows you exactly how the platform will behave with your invoices in production.

The goal of this stage is to produce at least one test invoice of each type and confirm it is accepted. Handling invoices in Phase Two splits into two technically very different tracks:

  • The standard tax invoice (B2B): It goes through the clearance mechanism. It must be sent to the platform and cleared instantly before it is delivered to the buyer.
  • The simplified tax invoice (B2C): It goes through the reporting mechanism. It is delivered to the buyer directly, then reported to the platform within 24 hours.

Test both tracks together if your business issues both types. Success in clearance does not guarantee success in reporting, since each track has different validation rules. To understand the difference in depth, review the guides Clearance andReporting.

When you send the test invoice, watch the platform’s response carefully. The response is not limited to “accepted” or “rejected.” It may come back with warnings that do not prevent acceptance but point to non-ideal values, or with errors that prevent acceptance and require immediate correction. A truly ready invoice is one that is accepted with no errors and no critical warnings.

Start today

Try the technical connection with a system ready for Phase Two

Qoyod manages the cryptographic stamp certificate and generates UBL invoices compliant with the Authority automatically, so you skip most of the technical check steps without any coding.

Start your free trial and test your system’s readiness

Pillar four: validating the UBL XML output

Every invoice in Phase Two is generated in the UBL 2.1 format, a structured XML format defined precisely by the Authority. Validating this output is a fundamental technical pillar, because the smallest deviation in the structure leads to the invoice being rejected.

You do not need to write the XML manually. A compliant system generates it automatically per the Authority’s specification. But verifying readiness means confirming that the output actually matches what the platform requires. Focus on the following elements:

  • Completeness of the mandatory fields: The seller’s name, the VAT number, the timestamp, the invoice line items, the tax amount, and the total.
  • The unique identifier (UUID): Every invoice has a unique, non-repeating identifier. Make sure your system generates it correctly for each invoice.
  • The hash of the previous invoice: Each invoice is linked to the one before it through a cryptographic hash that ensures the continuity of the chain. This is the element non-compliant systems get wrong most often.
  • Accuracy of the tax calculations: The 15% VAT rate calculated accurately at both the line-item level and the total, with no rounding differences.

The most common error in this pillar is a hash-chain error. If the chain breaks (for example, by deleting an invoice or reordering it), the platform rejects the following invoices. That is why your system must be able to store the hash chain in a continuous, tamper-proof manner.

The structure of a compliant invoice

The structure of a compliant invoice
The elements your system must produce in every compliant invoice.
Components of a compliant invoice

An XML file per the UBL 2.1 standard

The invoice’s unique identifier (UUID)

15% VAT calculated accurately

The hash of the previous invoice

The cryptographic stamp and the QR code

Producing all of these elements is a condition for the invoice to be accepted by the Authority.

This layered structure is what the platform inspects with every invoice. Verifying readiness means confirming that your system builds each layer of it correctly and completely, not merely producing an invoice that looks visually correct.

To dig deeper into how the platform validates the invoice, review the guide E-Invoice Validation, which explains how the Authority inspects each invoice individually.

Pillar five: generating the QR code and cryptographic stamp

The final pillar concerns two cryptographic elements your system must produce with every invoice: the cryptographic stamp and the QR code. Both prove the invoice’s authenticity and link it to your technical certificate.

The cryptographic stamp is a digital signature created using a private key associated with the CSID certificate. Its correct presence proves that the invoice was issued by an approved system and was not altered after issuance. As for the QR code, it carries the invoice’s basic data and the signature data in a machine-readable form.

When checking this pillar, confirm:

  • Generation of the cryptographic stamp for every invoice: Without exception, and using the correct certificate for the environment.
  • Correctness of the QR code content: It must contain the fields the Authority requires and be readable via the official verification app.
  • The appearance of the QR code on the simplified invoice (B2C): This is mandatory to enable the buyer to verify it.

For the complete technical details of each element, review the guides The Cryptographic Stamp in the E-Invoice andThe QR Code.

A step-by-step self-check methodology

After understanding the five pillars, here is a practical methodology for conducting the self-check. Follow the same order every time, because each step reveals problems that surface in the step after it.

Step one: confirm the working environment. Determine whether you are testing in the simulation environment or intending to move to production. Do not mix the two environments during the check.

Step two: check the connection. Send a simple compliance check request and confirm a successful response comes back. This proves the network and authentication are sound.

Step three: verify the certificate. Review the certificate type and its expiry date before any actual submission.

Step four: send a test invoice of each type. A standard invoice for clearance and a simplified invoice for reporting, and watch the response carefully.

Step five: inspect the output. Scrutinize the resulting XML: the mandatory fields, the unique identifier, the hash chain, and the calculations.

Step six: verify the cryptographic elements. Read the QR code with the official verification app and confirm the presence of the cryptographic stamp.

Turn the check result into immediate action. Every pillar failure has a clear correction path. A connection failure leads you to review the network and credentials. A certificate failure leads you to renew or reissue it. A rejected test invoice leads you to correct the XML errors. And do not move to production until you have passed all five pillars without exception.

Keep a log of every check cycle you run: what you tested, what response came back, and what correction you applied. This log saves you time if the same problem appears later, and it helps you if you need technical support from your system provider or from the Authority.

Common technical errors that delay readiness

From recurring rejection patterns, most technical readiness problems concentrate in a limited number of errors. Knowing them in advance saves you long testing cycles:

  • Using a wrong-environment certificate: Attempting to submit to production with a compliance certificate, or vice versa.
  • A broken hash chain: Deleting an invoice or changing its order breaks the chain and causes what follows to be rejected.
  • Rounding differences in the tax: A slight difference between the sum of the line-item tax and the total tax is enough for rejection.
  • Missing mandatory fields: The absence of the timestamp or the seller’s VAT number.
  • Ignoring warnings: Treating warnings as unimportant, while some of them turn into errors in production.
  • Neglecting the certificate’s expiry date: So invoicing stops suddenly when it expires.

The common thread among these errors is that they are purely technical, and have nothing to do with your administrative readiness. A perfectly organized business may stumble on any of them because its system does not adhere precisely to the Authority’s specification. That is why the technical check remains an indispensable step no matter your level of administrative readiness.

Most of these errors disappear entirely when you use a compliant accounting system that manages the technical side on your behalf, instead of building the integration manually. A compliant system adheres to the specification on every invoice, and updates itself when the Authority’s requirements change, shifting the burden of technical compliance from your shoulders to the provider.

How Qoyod helps you pass the technical check

The technical check we have explained assumes you are building the integration yourself or overseeing it. But most businesses do not have a technical team to manage certificates, XML formats, and hash chains. This is where a Phase Two-ready accounting system like Qoyod comes in.

Qoyod handles the technical aspects that usually require specialists:

  • Managing the cryptographic stamp certificate: Qoyod manages the Cryptographic Stamp Identifier for compliance (CSID) automatically, so you do not handle cryptographic keys manually.
  • Generating compliant UBL invoices: Qoyod produces XML in the Phase Two specification format (UBL 2.1) with no manual writing.
  • Instant clearance of standard invoices: Qoyod connects B2B invoices to the Fatoora platform for instant clearance before they are delivered to the buyer.
  • Reporting within 24 hours for simplified invoices: Qoyod reports B2C invoices automatically within the regulatory window.
  • Preserving the hash chain: Qoyod stores the sequential invoice hashes to verify the integrity of the chain.
  • Generating the cryptographic stamp and QR code: With every invoice, without any extra setup from you.

Qoyod’s role does not remove your responsibility to register with the Authority. The step of registering your technical certificate with the Authority remains on you, but Qoyod guides you through it. With a compliant system, the five pillars turn from a technical project into a one-time initial setup.

For the full onboarding and connection mechanism with the platform, review the guide Onboarding and Connecting with the Fatoora Platform.

After passing the technical check

Passing the five pillars means your system is technically ready for production. After that, you request the production certificate and begin actual invoicing. But readiness is not a one-time event; it is a state you maintain.

Monitor three things continuously after moving to production: certificate expiry dates, any updates to the Authority’s specification, and any change in the structure of your invoices that may affect the output. A compliant system tracks these updates on your behalf, while a manually built integration needs continuous maintenance.

Make the periodic check a habit, not an emergency event. Recheck the pillars whenever you add a new invoice type, change your system’s settings, or the certificate renewal date approaches. A proactive check is far cheaper than dealing with rejected invoices after they have been delivered to customers, because rejection in production can disrupt your workflow and unsettle your relationship with your customers.

Technical readiness, in the end, is not an obstacle you clear once, but a capability you build and maintain. The closer your system is to full adherence to the Authority’s specification, the smoother your transition between the simulation and production environments, and the less prone your invoices are to rejection.

Remember that technical readiness is part of a bigger picture. Complete your business’s administrative readiness too through the E-Invoicing Readiness Checklist, and understand the full regulatory context through Qoyod’s E-Invoicing Page.

Frequently Asked Questions

What is the difference between this guide and the general readiness checklist?

This guide focuses on the technical verification of the system and integration: the connection, the certificate, simulation testing, XML output, and the cryptographic elements. The general readiness checklist, on the other hand, covers the administrative preparation of the business in terms of team, documents, and timeline. The two guides complement each other.

Do I need a technical team to run the check?

If you are building the integration manually, then yes, you need technical expertise in APIs, certificates, and the UBL format. But if you use a compliant accounting system like Qoyod, most of the pillars are managed automatically, and your role shrinks to the initial setup and tracking updates.

What is the simulation environment and why should I test in it?

The simulation environment is the Authority’s official testing environment that lets you send structurally real invoices without any actual tax impact. You test in it to make sure your invoices will be accepted in production, and to correct errors before they affect your real business.

What does a rejected test invoice mean?

Rejection means your invoice did not pass the platform’s checks. The error message comes back explaining the reason for the rejection, such as a missing field, a hash-chain error, or a difference in the tax calculation. Correct the cause and resubmit until it is accepted without errors.

Does the standard invoice differ from the simplified one in the check?

Yes. The standard invoice (B2B) goes through instant clearance before it is delivered to the buyer, while the simplified one (B2C) is delivered directly and then reported within 24 hours. Each track has different validation rules, so test both types if you issue them.

How long does the readiness verification process take?

That depends on the integration method. With a compliant system, the setup may complete within hours. But building the integration manually may take weeks of testing and correction until you pass all the pillars without errors.

Guides

Continue your learning journey

Explore the rest of Qoyod’s guides, or start applying what you’ve learned.

Live webinars hosted by the Qoyod team to help you use the software easily and answer your questions.

Discover Qoyod’s latest updates, ongoing improvements, and new features in one place.

Our team is ready to help you and provide instant support for any issue you face, around the clock.