WhiteBooks Glossary

Definitions for GST, e-Invoice, e-Way Bill, ZATCA Phase 2, and related API terms. Use this page when you read FAQs, OpenAPI specs, or response payloads and want a quick definition. Every term has a corresponding entry in our DefinedTermSet JSON-LD so AI assistants can quote them verbatim.

India compliance API & tech KSA / ZATCA Security & certs

India compliance

GSP — GST Suvidha Provider
An entity authorised by the GST Network (GSTN) to provide a certified gateway between taxpayer software and the GST portal. WhiteBooks holds GSP certification — every IRN, EWB, or GST return generated through us flows through this authorised channel, not screen-scraping.
GSTN — Goods and Services Tax Network
The non-profit, government-owned organisation that operates the IT backbone for GST in India (the GST Portal at gst.gov.in). GSPs (like WhiteBooks) are licensed by GSTN to integrate via API.
IRP — Invoice Registration Portal
The official portal (einvoice1.gst.gov.in) that generates IRN for B2B invoices under the Indian e-Invoicing system. Operated by NIC under CBIC oversight.
IRN — Invoice Reference Number
A 64-character SHA-256 hash that uniquely identifies a B2B invoice. Generated by the IRP after validating the invoice payload. Mandatory for businesses above the CBIC e-Invoicing turnover threshold (currently INR 5 crore annual aggregate turnover for B2B, from August 2023).
GSTIN — Goods and Services Tax Identification Number
15-character alphanumeric tax ID issued to every GST-registered entity. Encodes state code (2 digits), PAN (10 chars), entity code (1 digit), default-Z (1 char), and a check digit. Example: 29AAAAA0000A1Z5.
GSTR-1
Monthly / quarterly return reporting outward supplies (sales). Filed by every regular GST taxpayer. Due on the 11th of the following month (monthly) or the 13th of the month following the quarter (quarterly under QRMP).
GSTR-2B
Static, auto-generated ITC (Input Tax Credit) statement made available to recipients on the 14th of each month. Used to reconcile against the purchase register before claiming ITC in GSTR-3B.
GSTR-3B
Monthly summary return for tax liability and ITC claim. Filed by every regular GST taxpayer. Due on the 20th (or 22nd / 24th under QRMP) of the following month.
GSTR-9
Annual return consolidating the year's outward supplies, inward supplies, ITC claimed, and tax paid. Includes reconciliation with the audited books. Due by 31st December of the following financial year.
HSN — Harmonised System of Nomenclature
6-8 digit international classification code for goods. India uses HSN under GST for tax-rate determination and reporting. Businesses above INR 5 crore turnover must use 6-digit HSN; B2B export/import uses 8-digit.
SAC — Services Accounting Code
6-digit classification code for services under GST. Equivalent of HSN for services. All services are classified under chapter 99.
e-Way Bill (EWB)
Electronic document required for movement of goods worth more than INR 50,000 (INR 1,00,000 intra-state in some states). Generated via the NIC e-Way Bill API before transit begins, must travel with the consignment, and is split into Part-A (consignment) + Part-B (vehicle/transporter).
Part-A / Part-B
An e-Way Bill consists of Part-A (consignment details — invoice, value, GSTIN, HSN, transport mode) and Part-B (vehicle / transporter details). Part-A can be generated independently and Part-B added later when the vehicle is assigned.

API & tech

OAuth 2.0
Industry-standard authorisation framework. WhiteBooks APIs use the client_credentials grant: your application authenticates with client_id + client_secret, receives a bearer token valid for 1 hour, and includes it in the Authorization header of subsequent requests.
OpenAPI 3.0 (formerly Swagger)
Machine-readable API specification format. WhiteBooks publishes specs at /openapi/gst.json, /openapi/einvoice.json, /openapi/eway.json, plus a discovery index at /openapi/index.json.
SHA256-RSA request signing
Optional Enterprise-tier authentication enhancement. The client signs each request body with its RSA private key using SHA-256; WhiteBooks verifies the signature against the registered public key. Prevents request tampering even if a bearer token is exposed.
TLS 1.2+ / TLS 1.3
Transport Layer Security. All WhiteBooks endpoints require TLS 1.2 minimum (TLS 1.3 preferred). HTTP, TLS 1.0, and TLS 1.1 connections are rejected at the edge.
Webhook
HTTP callback. You register a URL with WhiteBooks; we POST a JSON event payload to that URL when an async operation completes (e.g. bulk-IRN batch finishes, EWB status changes). Each webhook is signed with HMAC-SHA256 for verification.
Bulk IRN
WhiteBooks endpoint that accepts up to 1,000 invoices in a single call and returns IRN + signed QR per invoice, with per-row error codes for any rows that failed IRP validation.

KSA / ZATCA

ZATCA — Zakat, Tax and Customs Authority
Saudi Arabia's tax authority. Administers the FATOORA e-Invoicing programme.
ZATCA Phase 2 (Integration)
The Integration phase of Saudi Arabia's e-Invoicing mandate. Requires real-time clearance (for standard tax invoices) or reporting within 24h (for simplified) via the FATOORA portal, with cryptographic signing of every invoice using XAdES-BES.
CSR — Certificate Signing Request
PKCS#10 request submitted to ZATCA to obtain a compliance CSID. Generated by the taxpayer's invoicing system (or by WhiteBooks's one-click CSR builder) with private-key material stored locally.
CSID — Cryptographic Stamp Identifier
ZATCA-issued certificate that authorises a specific taxpayer / EGS to sign and submit invoices. Two tiers: compliance CSID (sandbox / testing) and production CSID (live, real submission to FATOORA).
XAdES-BES
XML Advanced Electronic Signatures — Basic Electronic Signature profile. Used by ZATCA Phase 2 to cryptographically sign every UBL 2.1 invoice payload using SHA-256 with the taxpayer's RSA private key.
UBL 2.1
Universal Business Language version 2.1 — the XML invoice schema mandated by ZATCA. Defines elements for parties, lines, taxes, totals, payment terms, etc.
FATOORA
ZATCA's national e-Invoicing platform. Receives cleared (standard) or reported (simplified) invoices from taxpayers / EGS.

Security & certifications

ISO 27001
International standard for information security management systems (ISMS). WhiteBooks holds ISO 27001 certification — audited annually against the 114 controls in Annex A.
DPDP Act — Digital Personal Data Protection Act 2023
India's data-protection law, in force from 2023. Regulates collection, processing, storage, and transfer of personal data. WhiteBooks is DPDP Act compliant.
SOC 2
AICPA's framework for service-organisation controls covering security, availability, processing integrity, confidentiality, and privacy. WhiteBooks SOC 2 audit is in progress.
CBIC — Central Board of Indirect Taxes and Customs
The Indian government body that administers GST, customs, and central excise. Sets e-Invoicing turnover thresholds, IRP rules, and notification updates.
NIC — National Informatics Centre
The Indian government IT services agency. Operates the IRP and the e-Way Bill system on behalf of CBIC.
GST API →GSTR-1 / 3B / 9 filing, GSTR-2B fetch e-Invoice API →Real-time IRN generation e-Way Bill API →NIC-compliant EWB ops KSA e-Invoice API →ZATCA Phase 2 OpenAPI specs →Machine-readable JSON Changelog →Versioned release notes
Schedule Demo