Comment on page
Learn E-Invoicing API Basics
The Invoice Reference Number (IRN) is a unique number (also known as hash) generated by the e-invoice system using a hash generation algorithm. For every document such as an invoice or debit or credit note to be submitted on the e-invoice system, a unique 64 characters Invoice Reference Number (IRN) shall be generated which is based on the computation of hash of GSTIN of supplier of the document (invoice or credit note, etc.), Year, Document type and Document number (like the invoice number). This shall be unique to each invoice and hence be the unique identifier for each invoice for the entire financial year in the entire GST System for a taxpayer.
The digitally signed invoice is one that has been digitally or electronically signed by the IRP after the taxpayer (supplier) uploads the invoice. That is, the government is authenticating the genuineness of the invoice submitted/registered by the taxpayer.
The digitally signed QR code of the invoice is one that has been digitally or electronically signed by the IRP after the taxpayer (supplier) uploads the invoice. That is, the government is authenticating the genuineness of the invoice, by preparing the important information of the invoice in QR Code form and signing it so that the invoice can be verified offline by anyone using offline tools.
The QR code will consist of the following e-invoice parameters:
- GSTIN of Supplier
- GSTIN of Recipient
- Invoice number as given by Supplier
- Document Type
- Date of the generation of invoice
- Invoice value (taxable value and gross tax)
- The number of line items.
- HSN Code of the main item (the line item having the highest taxable value)
- Unique Invoice Reference Number (hash)
- IRN generation date
The signed QR code contains the unique IRN (hash) along with some
important parameters of the invoice and digital signature so that it can be verified by an
offline app. This will be helpful for tax officers checking the invoice on the roadside where the internet may not be available all the time.
ClearTax will get the 'Signed QR Code' from IRP and provide it as part of the response to the request
made by the taxpayer for the IRN generation.
The content of the signed QR code can be easily verified by the taxpayers or tax officials to ascertain whether the invoice is registered with the IRP and is digitally signed by the IRP itself. By validating the content of the QR code data with the digitally signed content (which is part of the QR code itself) one can check the authenticity of the content. If the content of the QR code has tampered, the e-Invoice will become invalid and signature verification will fail. The Signed QR Code can be verified by anyone using the offline app provided on the IRP portal.
Yes, the seller must place the QR Code on the top right corner of the invoice. This will enable the recipient to validate it.
The QR code sent by the IRP will not be an image but rather a JWT (JSON Web Token) string, which the accounting/billing software or the ERP will read and convert into a QR Code image.
The size of the printed signed QR code can be 2 X 2 inches. However, it depends on the size of the space available on the invoice and the print resolution. Anyway, it should be printed in a way that is readable by the QR
code scanners.
When it is printed it will look like as follows:

The signed QR Code is in the form of JWT. It has three parts – signature parameters, data and signature. These parts are separated by a DOT in between as shown below.
"SignedQRCode": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjExNUY0NDI2NjE3QTc5MzhCRTFCQTA2REJFRTkxQTQyNzU4NEVEQUIiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJFVjlFSm1GNmVUaS1HNkJ0dnVrYVFuV0U3YXMifQ
.eyJkYXRhIjoie1wiU2VsbGVyR3N0aW5cIjpcIjM3QlpOUE05NDMwTTFLTFwiLFwiQnV5ZXJHc3RpblwiOlwiMDNCWk5QTTk0MzBNMUtMXCIsXCJEb2NOb1wiOlwiQ1RETjIzNDU2XCIsXCJEb2NUeXBcIjpcIklOVlwiLFwiRG9jRHRcIjpcIjA1LzA4LzIwMjBcIixcIlRvdEludlZhbFwiOjE2NjUwLFwiSXRlbUNudFwiOjEsXCJNYWluSHNuQ29kZVwiOlwiMzkyMzEwMTBcIixcIklyblwiOlwiYWZkY2MzMmEwZWFhM2EwNTRjZmZjZDI1MTg4NGQzZTNmNGY3MjZiNzVjODk0M2U3ZDM1ZmJhYmM4MmYwNWQ4YVwifSIsImlzcyI6Ik5JQyJ9
.Wb0zhfPKW2dRY4ocTbDnD4Bspz4cZoQ9To_HmWxA2xmVdVBK_57H-9AWwTNvjFyFwMx0PWV_4CQjcajxTUjsA9DxOe4r6XCi86XEuXmXDt49gCNY3dZTeoZyueyYAOsRoOZ4ETtDuqvHQGDVsc7Lyaj9qMbyn0NnSH_KwUUrK6Qt8tmcqocv0CvCKZEN5NmeICseCEh0ndJSOmK2kb41sQgAjhNq9-xRz8f7oOrWaC6yf9DMPhYWVcux0E9JLABoNtX3Qb326dd0J1BOMUbhIrAt9QdamaMmHKgO1h-3974d7uUBzz4e6jrclUjZX2XGvH2oXgBwmvgMHwW62Q"
On decoding the above "Signed QR Code", it looks like as shown below:
{
"alg": "RS256",
"kid": "115F4426617A7938BE1BA06DBEE91A427584EDAB",
"typ": "JWT",
"x5t": "EV9EJmF6eTi-G6BtvukaQnWE7as"
}
{
"data": "{\"SellerGstin\":\"37BZNPM9430M1KL\",\"BuyerGstin\":\"03BZNPM9430M1KL\",\"DocNo\":\"CTDN23456\",\"DocTyp\":\"INV\",\"DocDt\":\"05/08/2020\",\"TotInvVal\":16650,\"ItemCnt\":1,\"MainHsnCode\":\"39231010\",\"Irn\":\"afdcc32a0eaa3a054cffcd251884d3e3f4f726b75c8943e7d35fbabc82f05d8a\"}",
"iss": "NIC"
}
.[Signature]
One can verify the above signature with this data by using the related Digital Signature Certificate from
the government portal. The above "Signed QR Code" can be verified using the Public Key as given below.
"PublicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxd93uLDs8HTPqcSPpxZrf0Dc29r3iPp0a8filjAyeX4RAH6lWm9qFt26CcE8ESYtmo1sVtswvs7VH4Bjg/FDlRpd+MnAlXuxChij8/vjyAwE71ucMrmZhxM8rOSfPML8fniZ8trr3I4R2o4xWh6no/xTUtZ02/yUEXbphw3DEuefzHEQnEF+quGji9pvGnPO6Krmnri9H4WPY0ysPQQQd82bUZCk9XdhSZcW/am8wBulYokITRMVHlbRXqu1pOFmQMO5oSpyZU3pXbsx+OxIOc4EDX0WMa9aH4+snt18WAXVGwF2B4fmBk7AtmkFzrTmbpmyVqA3KO2IjzMZPw0hQIDAQAB"
The government may update or issue new public keys.
No, in addition to the important information of the invoice, the JWT also includes the digital signature by the IRP. That is, the government is authenticating the genuineness of the invoice, by signing it so that it can be verified offline by anyone using offline tools or on the central portal. This will be helpful for tax officers checking the invoice on the roadside where the internet may not be available all the time. If the QR Code is decoded, the signature will be lost thereby making it unverifiable and defeating the purpose. Therefore the QR Code must be printed with the JWT in the payload without any decoding.