API Documentation 7 min read
API Authentication Guide
Authentication Overview
The NRS MBS e-Invoicing API uses OAuth 2.0 authentication combined with TLS encryption for secure communication between ERP systems and NRS.
Security Protocols
- TLS Encryption: All API communication is encrypted using TLS (Transport Layer Security)
- OAuth 2.0: Industry-standard authorization framework for secure API access
- Cryptographic Signing: Each invoice is digitally signed using the taxpayer's cryptographic keys
API Communication Flow
- Obtain Access Token: Authenticate with your API credentials to receive an OAuth 2.0 bearer token
- Include Token in Requests: Send the bearer token in the Authorization header of all API requests
- Token Refresh: Tokens expire after a set period; use the refresh token to obtain a new access token
- Secure Transmission: All data is transmitted over HTTPS with TLS 1.2 or higher
Best Practices
- Store API credentials securely (never in client-side code)
- Implement token refresh logic to avoid authentication failures
- Use environment-specific credentials (sandbox vs production)
- Log API calls for debugging but never log sensitive tokens
- Implement retry logic with exponential backoff for transient failures