E-Invoice Test API

Complete testing API for Indian E-Invoicing system with realistic sample data. Perfect for developers testing GST integration.

FREE FOREVER TESTING ONLY AUTH REQUIRED
View Samples
--
Total Invoices
--
API Status
7
Test Samples
--
Total Value

Core Features

Generate Invoices

Create E-Invoices with auto-generated IRN and QR codes

Validate Data

Validate invoice data against business rules

Cancel Invoices

Cancel generated invoices with proper audit trail

QR Generation

Auto-generate QR codes for invoice verification

Test Samples

Stable, predictable test data for consistent testing scenarios

API Endpoints

GET/health
GET/api/e-invoice/invoices
GET/api/e-invoice/samples
GET/api/e-invoice/sample/1
GET/api/e-invoice/stats
GET/api/e-invoice/schema
POST/api/e-invoice/generate
POST/api/e-invoice/generate-dynamic
POST/api/e-invoice/validate
POST/api/e-invoice/cancel

JSON Validation Schema

Use this strict JSON Schema to validate your payload structure before sending requests. This schema matches the output of /api/e-invoice/sample/1.

XML Testing Support

Test the XML output and schema validation for REST Assured integration.

Advanced Filtering

Available Filter Parameters:
Basic Filters:
  • ?status=Generated
  • ?supplyType=B2B
  • ?sellerState=29
  • ?buyerState=07
  • ?documentType=INV
Multiple Values (OR logic):
  • ?supplyTypes=B2B,EXPWP,SEZWP
  • ?statuses=Generated,Cancelled
Special Filters:
  • ?interstate=true
  • ?reverseCharge=false
  • ?totalValue=lt:1000
  • ?totalValue=gt:50000
  • ?search=INV/2024
Pagination & Sorting:
  • ?page=2&limit=20
  • ?sortBy=totalValue&sortOrder=desc
  • ?dateFrom=2024-01-01&dateTo=2024-12-31
  • ?minValue=1000&maxValue=10000
Filter Testing Examples:

Quick Testing

Note: Protected endpoints automatically use the default API Key for this demo.

Authentication Playground

Test various API authentication methods securely.

1. Get Test Credentials

Click to see the valid API Keys, Usernames, and Passwords for testing.

API Key

Uses x-api-key header.

Basic Auth

Base64 encoded username:password.

Bearer / OAuth 2.0

1. Login to get a token. 2. Use token to access protected route.

Token

Edge Case Playground

Test tricky scenarios like Headers, CSRF, Token Expiry, and Session Fixation.

Headers & MIME Types
Strict Content-Type Check
Custom & Conditional Headers
Token & Scope Traps
Bearer Token States
Scope & Permissions
Cookies & Sessions
Cookie Override

Server sets duplicate cookies. Last one should win.

Session Fixation

Attempt to force a session ID.

Session Auth

Validate JSESSIONID name enforcement.

Rate Limiting
Enforce Logic (Max 5/min)

Spam the button to trigger 429 Too Many Requests.

Chaining / Token Reuse
Login → Extract → Reuse

Simulate typical automation flow.

  • Step 1: POST /login (Get Token)
  • Step 2: Extract Token from JSON
  • Step 3: GET /protected w/ Token

Automation Ready Endpoints

Use these strict endpoints in your automation scripts to validate edge cases.

Method Endpoint Required Headers / Params Edge Case Test
POST /api/edge-cases/strict-post Content-Type: application/json X-CSRF-TOKEN: [token] Strict Content-Type Check
✅ Valid Request (200)
❌ Missing Content-Type (400/415)
GET /api/e-invoice/invoices Accept: application/xml Accept Header Trap
❌ Requesting XML (406 Not Acceptable)
GET /api/edge-cases/custom-header X-Tenant-Id: [missing] Custom Header
❌ Missing X-Tenant-Id (400)
GET /api/edge-cases/conditional-auth ?type=guest Authorization: [any token] Guest Logic
❌ Guest should not send Auth (400)
GET /api/auth/test/bearer Authorization: Bearer expired-token Token Expiry
❌ Expired Token (401)
GET /api/auth/test/bearer Authorization: valid-token Token Format
❌ Missing 'Bearer' Prefix (401)
GET /api/edge-cases/scope-protected Authorization: Bearer read-only-token Scope Validation
❌ Write access denied (403)
POST /api/edge-cases/cookie-override - Cookie Override (Last One Wins)
POST /api/edge-cases/session-fixation ?session_id=hacked Session Fixation Vulnerability
GET /api/auth/test/session Cookie: JSESSIONID=[valid] Session Auth Strict Name
GET /api/edge-cases/rate-limit - Rate Limiting
🚗 Check Headers (Limit/Remaining)
🏎️ Spam >5/min → 429 Too Many Requests
POST /api/auth/login {"username":"admin", "password":"..."} Chain Step 1: Login
Returns token for reuse
GET /api/auth/test/bearer Authorization: Bearer [token] Chain Step 3: Reuse
Proof of session continuity

1. Introduction

Welcome to the E-Invoice Test API.

This API is a high-fidelity Sandbox environment designed to mimic the standards and behaviors of the Indian Goods and Services Tax (GST) E-Invoicing system (IRP). It automates the generation of complex JSON structures, IRNs (Invoice Reference Numbers), and QR codes, allowing developers to test their ERP integrations without needing credentials for the live government portal.

Goal: To provide a stable, zero-setup environment for testing Validation Logic, Parsing, and Error Handling.

2. Authentication

The API follows a "Universal Auth" policy, meaning it accepts credentials in multiple formats to suit your preferred testing style.

Supported Methods
Method Header Key Value Format Description
API Key x-api-key ei_demo_... Simplest for scripts/Postman.
Bearer Authorization Bearer [token] Standard OAuth pattern.
Basic Authorization Basic [base64] Legacy systems (User/Pass).

3. Core Endpoints

Complete list of available operations for testing.

READ (GET)
GET /health
Check API availability and system status.
GET /api/e-invoice/invoices
Retrieve list of generated invoices (Paginated).
GET /api/e-invoice/samples
Get list of static sample JSON identifiers.
GET /api/e-invoice/sample/1
Fetch specific sample payload by ID.
GET /api/e-invoice/stats
View dashboard statistics (Total Value, Count).
WRITE (POST)
POST /api/e-invoice/generate
Create invoice from static sample data.
POST /api/e-invoice/generate-dynamic
Generate fresh random invoice with IRN/QR.
POST /api/e-invoice/validate
Validate JSON schema compliance.
POST /api/e-invoice/cancel
Cancel an active IRN.

4. Data Model Deep Dive

Here is an explanation of the output from /api/e-invoice/sample/1:

  • TaxSch: "GST" (Tax Scheme)
  • SupTyp: "B2B", "B2C", "EXP" (Supply Type)
  • RegRev: "Y"/"N" (Reverse Charge Applicable?)

  • Gstin: 15-digit Tax ID (State Code + PAN + Entity Code)
  • LglNm: Legal Name of the entity
  • Pos: Place of Supply (State Code)
  • Addr1, Loc, Pin: Address details

  • AssVal: Taxable Value
  • CgstVal, SgstVal, IgstVal: Tax Breakdowns
  • TotInvVal: Final Invoice Value (inclusive of taxes)

5. Filtering & Search

Advanced Filtering

Available Filter Parameters:

Basic Filters:
?status=Generated ?supplyType=B2B ?sellerState=29 ?buyerState=07 ?documentType=INV
Special Filters:
?interstate=true ?reverseCharge=false ?totalValue=lt:1000 ?totalValue=gt:50000 ?search=INV/2024
Multiple Values (OR logic):
?supplyTypes=B2B,EXPWP,SEZWP ?statuses=Generated,Cancelled
Pagination & Sorting:
?page=2&limit=20 ?sortBy=totalValue&sortOrder=desc ?dateFrom=2024-01-01&dateTo=2024-12-31 ?minValue=1000&maxValue=10000

6. Edge Cases & Errors

We simulate specific failure scenarios to help you build robust error handling.

Headers & MIME Types
Strict Content-Type Check
valid JSON + CSRF
Missing Content-Type (400/415)
Accept: application/xml (406)
Custom & Conditional Headers
Missing X-Tenant-Id (400)
Guest + Auth Header (400)
Token & Scope Traps
Bearer Token States
Expired Token (401)
Missing 'Bearer ' Prefix (401)
Scope & Permissions
Read-Only Token vs Write API (403)
Write Token vs Write API (200)
Rate Limiting (429)

If you exceed 5 requests/minute on specific endpoints, you get a 429 Too Many Requests.

Payload Too Large (413)

Sending a JSON body > 100kb will trigger a 413 error, simulating server protection limits.

Not Acceptable (406)

Requesting Accept: application/xml will fail because we only support JSON.

Strict Methods (405)

Sending POST to a GET-only endpoint yields 405 Method Not Allowed.

Important Notice

This is a testing API only. All generated IRNs and QR codes are simulated and have no legal validity. Do not use for production purposes or actual GST filing.