Authentication

Base URL and paths

The API is served at the root of the host — no /api path prefix. Use api.esnadapi.com (or https://api-dev.esnadapi.com for develop) and paths like /v1/invoices, /v1/egs. Swagger UI (develop only) is at /docs.

All ZATCA API requests are authenticated with an API key. There is no username/password auth for the API—only the API key.

Getting your API key

Log in to the Esnad dashboard at app.esnadapi.com. In the dashboard, open API Keys and create a new key. The key is shown only once—store it securely. Use it in the Authorization header for every request.

Authorization: Bearer YOUR_API_KEY

Sandbox vs production

When creating an API key in the dashboard, you choose:

Sandbox key — prefix zatca_test_. Use for testing and development. All EGS units and invoice submissions using this key go to ZATCA sandbox (developer-portal).
Production key — prefix zatca_live_. Use for live ZATCA e-invoicing. All EGS units and submissions using this key go to ZATCA production (Fatoora core).

The key prefix determines the environment. When you submit an invoice, the EGS unit you use (either from the request body or from the key's default) must match: sandbox key → sandbox EGS unit only; production key → production EGS unit only. See Flow & integration for diagrams and patterns.

Dashboard vs API

Dashboard (portal) login uses email + password and returns a JWT for the web app only. That JWT is not used for the ZATCA API. This documentation covers only the API key–based integration.