Professional Documents
Culture Documents
Corporate Office: 4th Floor, East Wing, World Mark 1, Aero City,
New Delhi 110037.
GST Suvidha Provider
Contents
Acronyms ......................................................................................................................................................................... 2
1. INTRODUCTION .................................................................................................................................................... 3
1.1 Introduction to GST System .............................................................................................................................. 3
1.2 Introduction to GSTN ........................................................................................................................................ 3
1.3 Role of third party developed applications ....................................................................................................... 4
2. GST SYSTEM ........................................................................................................................................................... 6
2.1 Design Consideration for GST system ............................................................................................................... 6
2.1.1 Ecosystem Approach .......................................................................................................................................... 6
2.4 API Approach ...................................................................................................................................................... 8
2.4.1 Security & Privacy ............................................................................................................................................. 10
2.4.2 Configurability .............................................................................................................................................. 10
2.4.3 Data Distribution Service .............................................................................................................................. 11
2.5 Advantage of the API based Approach ............................................................................................................. 11
3. GST SYSTEM ARCHITECTURE PRINCIPLES .................................................................................................... 13
4. HIGH LEVEL ARCHITECTURE OF GST SYSTEM ............................................................................................. 15
4.1 Architecture Overview ....................................................................................................................................... 15
4.2 GST System accessibility through Ecosystem ..................................................................................................16
5. API FRAMEWORK FOR GST SYSTEM ................................................................................................................18
5.1 Set up, Operationalize and Maintain Systems and Process for APIs .............................................................19
5.2 API Metering ..................................................................................................................................................... 24
5.3 Data Integrity .................................................................................................................................................... 25
API List .......................................................................................................................................................................... 28
1
GST Suvidha Provider
Acronyms
Item Description
API Application Program Interface
BPM Business Process Management
CBEC Central Board of Excise and Customs
CGST Central Goods and Service Tax
DDS Distributed Data Service
ETL Extract Transform and Load
GST Goods and Services Tax
GSTN Goods and Services Tax Network
GSTIN Goods and Services Tax identification Number
GSP GST Suvidha Provider
IGST Inter State Goods and Service tax
IPsec Internet Protocol Security
MIS Management Information System
MSP Managed Service provider ( Selected by GSTN to design, develop and operate
GST System Project)
MSDG Mobile Service Delivery Gateway
NSDG National e-Governance Services Delivery Gateway
OLAP Online analytical processing
ORM Object-relational mapping
PKI Public Key Infrastructure
REST Representational State Transfer
RFP Request For Proposal
SGST State Goods and Service Tax
SLA Service Level Agreement
SOP Standard Operating Procedure
SOA Service Oriented Architecture
SSL Secure Socket Layer
SSDG State Service Delivery Gateway
TLS Transport Layer Security
TRP Tax Return Preparers
UUID Universally Unique identifier
VPN Virtual Private Network
XKMS XML Key Management Specification
2
GST Suvidha Provider
1. INTRODUCTION
1.1 Introduction to GST System
The Goods and Services Tax (GST), which will replace the State VAT, Central Excise, Service
Tax and a few other indirect taxes, will be a broad-based, single, comprehensive tax levied
on goods and services. It will be levied at every stage of the production distribution chain by
giving the benefit of Input Tax Credit (ITC) of the tax remitted at previous stages. GST is
based on a destination-based taxation system, where tax is levied on final consumption. It
is expected to broaden the tax base, foster a common market across the country, reduce
compliance costs, and promote exports. The GST demands a well-designed and robust IT
system for realizing its potential in reforming indirect taxation in India. The IT system for
GST would be a unique system, which will integrate the Central and State tax
administrations.
3
GST Suvidha Provider
GSTN has embarked on a journey to implement from ground up a modern, automated, fully
digital tax infrastructure also called as GST System. The importance of this initiative and
the resulting considerations are as follows:
a) It would have a large social and economic impact
b) It has adequate potential to be a major driver for the local tech ecosystem if designed
and architected carefully
c) While architectural scalability is enormous, the required technologies are available to
build an open system
d) Convenience and user experience via ecosystem provided applications to provide
multiple options to taxpayers
e) Convenience and user experience are key to overcome resistance from the taxpayers
f) Seamless end-to-end interaction with the infrastructure is paramount
The GST System is being developed by Infosys, the Managed Service Provider (MSP). The
work consists of development of GST Core System, provisioning of required IT
infrastructure to host the GST System and running and operating the system for five years.
The proposed GST envisages all filings by taxpayers electronically. To achieve this, the
taxpayer will need tools for uploading invoice information, matching of input tax credit
(ITC) claims, creation of party-wise ledgers, uploading of returns, payment of taxes, signing
of such document with digital signature etc.
The GST System will have a G2B portal for taxpayers to access the GST Systems, however,
that would not be the only way for interacting with the GST system as the taxpayer via his
choice of third party applications, which will provide all user interfaces and convenience via
desktop, mobile, other interfaces, will be able to interact with the GST system. The third
party applications will connect with GST system via secure GST system APIs. All such
applications are expected to be developed by third party service providers who have been
given a generic name, GST Suvidha Provider or GSP.
The taxpayers will need to electronically sign the documents before uploading and thus will
need digital signature certificates or equivalent which is easy to use. A big chunk of taxpayers
does not use automated systems for billing, accounting, inventory management, invoicing
etc. We need innovative solutions for them which is easy to use and has lower cost overheads.
4
GST Suvidha Provider
In short, smooth deployment of GST in India requires a strong eco-system consisting of the
following:
Areas of work Possible Candidates
1 GST Solutions which enable Companies who provide or would like to provide all
online filing of tax invoice these functionalities to taxpayers thru their portal
information, returns, online or Apps or offline tools. They could become our
registration etc. GSPs
2 GST compliant Accounting Companies having accounting software products
software products where additional functionalities could be added to
enable online filing. They could also become GSPs
3 Tax accounting software Companies who are working with ERP product
products which would companies to enable their users to file variety of
interface with ERP systems returns under indirect tax regime (Central Excise,
and generate GST returns Service Tax, State VATs etc.) today.
etc.
4 Payment solutions/products Innovative solutions for small and micro payments
specially for those who do not have online banking
facilities
5 Digital signature certificates All electronic documents are to be digitally signed.
/e-signatures Those providing easy solutions for digitally signing
the returns/invoice data etc.
6 Innovative solutions for New age companies who would like to come up with
inventory management, cloud and mobile based solutions for taxpayers who
billing and accounting etc. are small in size and averse to using PCs but are
for small taxpayers who are familiar with mobile/Tab based solutions.
not using automated tools
etc.
Thus the GST Eco-System will consist of players who could become GST Suvidha Providers
as well as those who operate in specific areas but contribute to smooth operationalization of
GST. GSTN proposes to release APIs for various functions to the industry to enable them to
make their existing products GST compliant as well as to enable new companies to come up
with innovative solutions to cater to these requirements. The process needs extensive
consultation and handholding and in this regard GSTN proposes to organize a series of
workshops, first of which, is proposed to be organized at Bangalore in the last week of
January 2016.
5
GST Suvidha Provider
2. GST SYSTEM
2.1 Design Consideration for GST system
While conceptualizing the GST solution following design considerations have been
considered.
A common GST system will provide linkage to all State/UT Commercial Tax departments,
Central Tax authorities, Taxpayers, Banks and other stakeholders. It will be a common medium
of information sharing with standardized forms, formats, payment challans,
acknowledgements, certificates etc.
6
GST Suvidha Provider
Taxpayers will interface with GST System via GST system portal or via GSP ecosystem provided
by way of applications for activities such as Registration, Tax payments, Returns filing and other
information exchange with GST core system. Information captured on the GST System will be
shared with the respective State/Union Territories (UTs) and Centre (CBEC) for further
processing. State/UTs and Centre will process the information in their respective tax
administrative systems and re-transmit the processed information to GST system which will be
available for Taxpayers for viewing various MIS reports via their choice of applications.
The GSP developed Apps will connect with the GST system via secure GST system APIs. This
architectural approach has been taken as the UI based integration through a ubiquitous web
portal. It requires manual interaction and does not fit most consumption scenarios. The
following benefits are envisaged from API based integration,
c) Ability to adapt to changing taxation and other business rules and end user usage models
d) Integration with customer software (ERP, Accounting systems) that tax payers and
others are already using for their day to day activities.
The GSPs will become the user agencies of the GST system APIs and build applications and web
portals as alternate interface for the tax payers.
7
GST Suvidha Provider
8
GST Suvidha Provider
The high level view of stakeholders interaction with the GST system as common data hub
interfacing all communication via Open APIs is depicted below. State infrastructure
communicates with GST system to download, process, and upload data.
9
GST Suvidha Provider
GSP provided
Security and privacy of tax data is fundamental in design of GST system without
sacrificing utility of the national indirect tax system. When creating a national indirect
tax system of this scale, it is imperative that handling of privacy and security of taxpayer
data are not afterthoughts, but designed into the strategy of the system from day one.
This principle will also apply to GSPs who will act as extended arm of GSTN.
2.4.2 Configurability
GSPs need to design the Applications in such a way that any change in policy can be
pushed to the applications. Say for example, if the rate of a commodity or service gets
changed, the GST system should be able to push this information and the new rate gets
reflected in the applications.
10
GST Suvidha Provider
The GST system shall be able to provide data on subscription-publication basis. The
organization of the information exchange between GST System and GSPs is fundamental
to publish-subscribe (PS) systems. The PS model connects anonymous information
producers (publishers) with information consumers (subscribers). The overall distributed
application (the PS system) is composed of processes. The goal of the DDS architecture is
to facilitate efficient distribution of data in a distributed system. Participant using DDS
can read or write data efficiently and naturally with a typed interface. Underneath, the
DDS middleware will distribute the data so that each reading participant can access the
most current values. Various sub-systems of GST system are also going to follow this
approach.
i. Choice/Flexibility: Users across the GST ecosystem gets the choice and flexibility of
using their preferred application and user interface without having to depend on a single
portal. This provides them the choice of using a single ERP or Tax application within
their organization for all their work including GST related activities. In addition, this
provides a choice to end users/organizations to choose the most appropriate business
process, customize workflows, etc. within their system rather than depending on a single
portal for all their work. Having a healthy and competitive application provider
ecosystem is best for tax payers and other users.
iii. Agility: When entire system is loosely coupled via components exposing APIs, it allows
individual API implementations to change without having to affect the rest of the system.
API driven approach allows encapsulation of components and data models without every
other part of system knowing the details. API based design also allows automated testing
of the entire system to ensure changes are quickly tested in a completely automated way
to avoid regression.
iv. Manageability: API based systems allow easy manageability in terms of monitoring,
auditing, and performance analysis. In addition, individual APIs can be versioned and
deployed/upgraded/rolled-back instead of entire application being released, tested, and
deployed.
v. Scale: For national GST system to scale, load has to be distributed across various
systems. This is key for responsive user experience as well as core system scaling. Instead
11
GST Suvidha Provider
of entire application being monolithic and access via web portal, if should be built with
stateless APIs that can be scaled horizontally. Most critically, user interface load is
distributed to external applications making GST System truly a lean platform that can be
scaled to countrys need. All users will not be forced to use a single web portal which will
have huge performance implications during tax filing period. Instead providing stateless
APIs allow load balancing across data centers for scale and distributing user interface
load to 3rd party applications.
vi. Data consistency: Providing APIs to access all data models and functionality ensures
data is not duplicated unnecessarily. This offers a single source of truth of data to be
managed via common APIs. In addition, providing centralized data validation, digital
signature, etc. ensures data is consistent and accurate across the system.
vii. Security: Data security is paramount to GST system. Accessing data only via APIs
ensure centralized management of security controls. Encapsulating access control,
auditing, confidentiality (via encryption), and integrity (via signatures) is only possible
via common APIs.
12
GST Suvidha Provider
GST system is being built as a platform. This means that GST system will be built entirely
with open APIs from day one, and the system features can be accessed via any user interface
(internal or 3rd party applications) that works on top of these APIs. Hence the GST system
is envisaged as a faceless system with 100% API driven architecture at the core of it. GST
portal will be one such application on top of these APIs, rather than being fused into the
platform as a monolithic system.
Openness: Adoption of open API and open standards will ensure the system to be
lightweight, scalable and secure. Openness comes from use of open standards and
creating vendor neutral APIs and interfaces for all components. All the APIs will be
stateless. Data access must be always through APIs, no application will access data
directly from the storage layer or data access layer. For every internal data access also
(access between various modules) there will be APIs and no direct access will be there.
No Vendor lock-in and Replace-ability:
o Software vendor neutrality
o Use of commodity hardware
Security and Privacy: The system will ensure privacy and data integrity and must
disseminate data to authenticated and authorized users only (both internal and external
users).
Scalability: For achieving massive scale it is critical that technology choices are kept
simple, open, multi-vendor, and standards based.
Loose coupling through open stateless API and messaging: GST system is conceived as a
common platform on which many applications will be built/ interfaced, it is critical that
all third party interfaces be fully interoperable without any affinity to platforms,
programming languages, network technologies. Such open interoperability is an
absolute requirement for GST system to be widely adopted as a national tax platform.
13
GST Suvidha Provider
Reliability: The system must have appropriate measures to ensure processing reliability
for the data received or accessed through the solution. As the system will be API driven
the APIs built both by internal and external authorities should go through performance
and security measures to increase reliability.
It will be necessary that the following issues be taken care properly.
a) Prevent processing of duplicate incoming files / data
b) Zero loss of data ( data already saved / date at rest should also not be lost)
c) Unauthorized access and alteration to the Data uploaded in the GST system shall
be prevented
14
GST Suvidha Provider
a. The GST core system (i.e. system without user interface- GST portal) is a faceless system
consisting of a set of services exposed via APIs for storing and processing all the relevant
data. It includes all the business and functional services. It is optimized for reliability,
scalability and performance. Other components can access the core system only through
its APIs.
c. GST system landscape also includes a web portal for direct, browser-based access by
taxpayers or government employees. The UI and access functionalities for the taxpayers
and the government authorities should be different. The web portal access the
functionality of the system through the exact / same set of APIs as any other external
application.
15
GST Suvidha Provider
d. GST system APIs are meant to be consumed by a variety of client applications and
platforms, including mobile devices, POS machines, embedded clients in on premise or
on-cloud ERP systems, etc.
The following diagram depicts the layers involved in providing the GST APIs to the last
mile.
a. First Layer- GST Core System: The core business and functional services
reside in this layer. As mentioned before these services are loosely coupled and
16
GST Suvidha Provider
are surrounded by the API layer. This layer interacts with the external world
through the API layer.
b. Second Layer API Layer: Production API layer should not be exposed to
internet; accordingly there should be no threat of DDOS attack. API layer will
make sure that the access and feature control are verified through functionality
key. API key has information regarding feature, organization, expiry date, etc. are
embedded. After the licenses key is validated, the structure of data is validated.
API layer validates below for each data / request that comes i.e.:
i. License key of the caller (organization, features, expiry, etc.)
ii. Structure
iii. Size
iv. Digital signature of the API calling entity
v. Integrity of data to ensure that the data is not changed in between
c. Third Layer- Access to IT Infrastructure layer inside Data Centre:: This
layer encompasses IT infrastructure serving incoming and outgoing requests. At
this layer GST system will be secured through stringent network and security
infrastructure.
d. Fourth Layer- Access Layer for GSP community: This layer is considered
for GSPs. They uses GST authentication to enable its services and connects to the
GST system through an MPLS/ VPN connectivity. A GSP needs to enter into a
formal contract with GSTN. There can also be sub agencies desiring to use GST
APIs to enable its services through an existing GSP. Ex: a tax payer association
can become a GSP and TRP could access through it. State / CBEC / banks systems
can also access GST System through this layer whom GSTN provides licenses key.
e. Fifth Layer: This layer provides access to all end users including tax agency
employees, banks etc., taxpayers, state authorities against authentication and
authorizations granted on GST services as per the system .This layer is used by
users of the apps and portal provider. All the small and large business users fall
under this layer.
17
GST Suvidha Provider
b. All external users (including officials / taxpayers) will connect to GSTN portal through
SSL Layer of authentication along with user id, single sign authentication / OTP etc.
c. All APIs level access either to department systems or to Servers of GSPs ( for users
accessing the system through the GSPs) should be through HTTPS and through either
of the below mode of connectivity:
i. MPLS or
d. GSPs /Large tax payers will sign up with GSTN and get the access of license key for
accessing the system through either of the channels namely MPLS or VPN over internet.
The GSPs in turn will enter into an agreement with GSTN to provide sub-licenses to
smaller organizations and start-ups to call the APIs through their apps.
e. GST system will have provision to support issuance of license key / sub licenses key
including validation of the same in the GST System
f. All data transfer from / to GST system will happen through APIs
g. App signature authentication will be through the license key + time stamp + app version
and other meta data
h. All the APIs would be stateless in nature, thus easy to load balance, even if hit through
portal is very high and this requires high end processing.
i. GSTN would prescribe the mechanism for empanelment of GSPs who will use the GSTN
APIs and build apps using the same
18
GST Suvidha Provider
j. MSP would deploy a developer sandbox for the GSPs to test the APIs with dummy data.
k. An API design document with the specification would be shared with the GSPs for them
to start developing the interfaces. The APIs would be RESTful services with XML payload
and would have the following minimum information in the design document.
i. Purpose of API
iv. Output
v. Error codes
GST System will be an API based solution where external agencies / GST Suvidha
provider (GSP)) will also build & manage APIs as well as will set up secured networks
(MPLS / VPN over internet) to access the GST system. Stakeholder can access GST
System through these agencies (GSPs) also apart from accessing the services through
GST portal. The MSP on behalf of GSTN will set up, manage and monitor the API services
for proper operation of GST system. Various functions performed by MSP in this regard
will be as follows:
The entities desirous of becoming a GSP will have to enroll with GSTN. Those who
express interest will have to participate in a screening process like participation in
hackathon. Those screened out will have to sign a formal contract with GSTN to become
GSP.
The GSPs will have to establish secure connectivity compliant with GSTNs standards
and specifications. GSPs will offer their GSTN-compliant network connectivity as a
service and transmit authentication requests to GST system. GSPs will also have their
own mechanism to issue license key to sub-GSPs.
19
GST Suvidha Provider
i. Only agencies contracted with GSTN as GSPs shall send authentication requests
to the GST solution; no other entity can directly communicate. Sub-GSPs will
communicate through GSPs.
ii. GSPs will use GST authentication to enable its services and connect to the GST
system through an MPLS/ VPN over internet connectivity after validation of
license key.
iii. GSPs will need to take following steps to use GST authentication
License Key is the ASCII pre-defined string that shall allow enabling of various services
for a given GSP. This License Key string shall also carry validity period for each service.
i. MSP on behalf of GSTN will create an administrative portal to enable GSPs to have
a user account called the GSP ID to manage their services through their
authorized persons.
ii. Admin portal shall enable GSTN to manage these license keys
iii. GSP ID, GSP's Digital Certificate shall help validate the License Key and the
authorization validations shall form the core of the API design.
20
GST Suvidha Provider
The MSP will create a bigger and permanent sandbox environment to be used by GSPs
for this purpose by November 2015. MSP will also develop the admin portal to be used
to create GSP Dev IDs that can be accessed by the GSPs for development, test and
integration. GSTN thru its MSP will provide a multi-tenant solution and for each tenant
multiple environments can be created, for example a dev sandbox environment for
verifying the functionality of the APIs and a developer pro sandbox environment for
further testing. Each environment represents a deployment target and APIs, once they
are developed, must be deployed to an environment and then published to selective
organisations to become available to consumers who belong to those organisations.
Environments are useful for separating Plans and APIs that GSP would like to test before
publishing the same.
ii. To configure authorisation policy for new APIs as they are introduced to the
framework.
iii. Allow user access the available APIs and associated properties in accordance with
his/her entitlements.
21
GST Suvidha Provider
iv. Allow Client app exposed to the API, resources data in accordance with the
configuration for that app.
v. Blacklist/Block Access
For example a taxpayer while using GSP provided App will authenticate himself using
Aadhaar before his data or query is sent to GST Systems.
22
GST Suvidha Provider
specified time interval, and what action should be taken when the threshold is exceeded.
The solution will support both a hard limit which will throttle the traffic and a soft limit
which will notify the administrator about the policy violation. The APIs load shall be
continuously and pro-actively monitored for suitable & prompt actions in case of
excessive loads, failures or performance bottlenecks.
GSTN / third party certifiers and auditors will be engaged for certification of Apps
developed by GSPs. STQC or one of their empaneled auditors could be used by GSTN
for this purpose.
The token generation will be used for validating the license key
b) Payload structure
23
GST Suvidha Provider
d) Data structure
Message Formats SOAP, XML, JSON, Non-XML
e) Data integrity
Achieve through digitally signing APIs. Also following actions need to be
performed Crypto (Sign/Verify/Encrypt/Decrypt), Validation, AAA, Filters,
Virus Check, Transform XML, Transform Bin, Routing, Backend Load
Balancing, SLM, Response Caching, SQL, Side Calls
b. Computing charges for each consumer based on the appropriate billing plan
As APIs are published & productized, applying limits around API becomes important policy
control point. This could be for various reasons such as controlling the usage, preventing
backend meltdown or towards monetization. These usage limits configured by the API
provider are then metered & monitored for usage. Typically API consumers like GSPs will sign
up for a plan which will provide them with some usage limits.
24
GST Suvidha Provider
Data in transit or data at rest must be protected from tampering. To handle the risks of
data being tampered by the external users and during transit, API design must ensure
checksum features and digital signatures to validate the data is secured. The API
documents explain these features in detail and all the sensitive data must adhere to
these principles. GST system shall ensure to validate integrity using the checksum and
digital signature validations before processing the data.
25
GST Suvidha Provider
6. Selection Process
Several larger companies use ERP systems of non-Indian companies. Such companies can also
become GSP provided they have a registered office in India. If they are a pure software
provider with no presence in India, then they can work with another GSP to become "Sub-
GSP".
We envisage two types of companies/firms becoming GSPs. One which are already providing
accounting software and for them becoming a GSP will be the next logical step. The second
group of companies/firms will be the new age Internet companies.
For the first group the criteria will be their being in the business of development and selling of
accounting software products currently in use in India with a user base of at least 5000. For
the second group GSTN proposes to conduct a hackathon or App development competition to
select 20 to 30 firms who could then develop various Apps for the taxpayers and other users of
GST System.
26
GST Suvidha Provider
7. Business Model
The GST Suvidha Providers (GSPs) are envisaged to provide innovative and convenient
methods to taxpayers and other stakeholders in interacting with the GST Systems from
registration of entity to uploading of invoice details to filing of returns. Thus there will be two
sets of interactions, one between the App user and the GSP and the second between the GSP
and the GST System.
The GSPs will be free to adopt business models they chose to recover the cost of operations
from their users and/or through advertisements. As far as the interaction between GSP and
the GST System is concerned, the same will be free in the first year of operation but will
become chargeable from the second year of operation. Based on data from various State Tax
departments, the average interaction between an average taxpayer and the GST System is
estimated as given in the table below:
As mentioned in the previous chapter, GSTN envisages API metering and thus usage by each
GSP will be measured and that will be used as the yardstick for recovery of cost.
27
GST Suvidha Provider
Annexure
API List
An illustrative list of APIs envisaged in the GST System is mentioned below. Please note
that these are indicative in nature and more APIs will be identified in due course.
28
GST Suvidha Provider
29
GST Suvidha Provider
30