Your GST Returns data is available on GST system. For better security and empowering the taxpayer to take control of data sharing, any application that seeks to get your data from GST system directly, you need to give an explicit consent
Only GST Suvidha Providers (GSPs) can connect directly to GST system.
As a taxpayer, you need to give two types of consents
- One-time consent by enabling API access
This consent means that your data can be fetched using APIs by any application but via a GSP and after a secured session is established via OTP. Unless API access is enabled no applications nor GSPs are authorised to get the data
While enabling API access, you also need to set the duration of the secured session. This duration will be applicable on on-going basis.
- OTP based consent on need basis
Just enabling API access does not mean your data can be fetched by any system. To get data from GST system or send data, authenticity of taxpayer and taxpayers’ systems needs to be established. This helps to avoid misuse of data and keeps in check unauthorised access.
Once the authenticity of taxpayer and the requesting application is established via OTP, any interaction with GST system can be performed for the duration as set for secured session. After the duration expiry, a new session needs to be established via OTP.
The session duration can be set as either 6 hours or 30 days. It is important to note, once your start a session via OTP it is effective for 6 hours. You can extend the validity without the need for OTP within 24 hours of OTP generation.
|Duration Set on GST portal||Effective duration of OTP session||Extension of session without OTP||Activating GST session again|
|6 hours||6 hours||Not applicable||After 6 hours – Need OTP|
|30 days||6 hours||
OTP based consent adds a layer of security.
It should be noted that OTP is sent to the mobile and email registered on GST portal. Also check the common issues that you could face in OTP generation and resolution for the same.