Frequently Asked Questions

Answers to frequently asked questions about MyInvois system integration approach

Digital Signature

How to retrieve and verify company TIN number?

To facilitate the retrieval of Tax Identification Number (TIN), there are three (3) channels available for taxpayers:
• Check the TIN via the MyTax Portal (e-Daftar menu);
• Contact the HASiL Contact Centre (03-8911 1000); or
• Visit the nearest IRBM offices.

How to obtain Client ID and Client Secret for Sandbox?

The client ID and client secret can be obtained by submitting a request via email to together with all the information listed below:

  1. Tax Identification Number (TIN) - excluding Employer’s (E) No.
  2. New Business Registration Number
  3. Company Name
  4. Company Email Address
  5. Name of ERP System

What are the environment URLs?

Env Registration Portal Invoicing Portal System API Identity Service

How to submit an e-Invoice in the MyInvois portal?

There are two (2) options for taxpayers to submit their invoices via MyInvois Portal for IRBM validation:

Individual Creation: Taxpayers can create e-Invoices individually by completing a form with all the required fields; or
Batch Upload: Taxpayers can upload a certain number of e-Invoices in batches by uploading pre-defined Microsoft Excel spreadsheet to the portal, containing the necessary invoice information. The spreadsheet format will be available when MyInvois Portal is launched. Kindly visit to e-Invois microsite for latest information.

What are the various document statuses within the e-Invoice workflow?

The invoice is stored in the local database with a specific status. The status is an integer value, which could be one of the following:

Status Value Note
Submitted 1 This means the invoice has passed initial structure validations but is still pending additional validations to be completed
Valid 2 The status of a successful invoice validation
Invalid 3 The status of a submitted invoice with validation issues
Cancelled 4 The status of an invoice cancelled by the issuer

What are UBL JSON Value Mappings?

In the UBL JSON, every attribute value should be paired with a key “_” to be compliant with UBL.
For Example: value for InvoiceTypeCode should be represented as “_” : “02” which refers to the Credit Note Invoice Type code.

Which login API should be used by the Taxpayer or Intermediary?

Taxpayers should use the Login as Taxpayer System when submitting their own documents. However, taxpayers who act as service providers, submitting documents on behalf of their customers, should use the Login as Intermediary System.

What are the available APIs in the Sandbox Environment?

The table below provides details about the APIs available in the Sandbox environment. “Actual APIs” are functional and will return actual API responses, whereas “Stub APIs” are temporary endpoints that return mock API responses. Stubs serve as stand-ins until the actual API implementation is made available.

# API Actual / Stub
1 Login as Taxpayer System Actual
2 Login as Intermediary System Actual
3 Get All Document Types Stub
4 Get Document Type Stub
5 Get Document Type Version Stub
6 Get Notifications Stub
7 Validate Taxpayer’s TIN Actual
8 Submit Documents Actual
9 Cancel Document Actual
10 Reject Document Stub
11 Get Recent Documents Stub
12 Get Submission Actual
13 Get Document Actual
14 Get Document Details Actual
15 Search Documents Stub

How to test APIs via Postman?

The guidance on how to test the API’s can be found on the Postman Page.

How to get sample response from each API?

You can download the JSON collection file from the Postman page for the sample JSON request. Then, follow the steps on how to test the APIs to get the response for each APIs.

What to do if an Error 404 code appears in API when validating taxpayers’ TIN number?

This API returns HTTP status code 400(BadArgument) if the TIN or any of the input parameters does not match the argument structure. Taxpayers need to check their TIN number format is correct.

Where can taxpayers obtain guidance on Digital Signature?

The comprehensive guidance on Digital Signature creation and validation can be found on the Signature page.

How to acquire Digital Signature?

The issuer of the documents will have to use a valid digital certificate that is issued by a certificate authority (CA) in Malaysia as documented here List of Certification Authorities and Recognition.

You may also obtain the digital signature sample from this link:
• UBL 2.1 Invoice Sample XML with Signature:
• UBL 2.1 Invoice Sample JSON with Signature:

Disclaimer: The sample JSON file is for digital signature illustration purposes only. Taxpayers are advised to consult local laws and regulations for guidance on digital signature implementation.

Is it necessary to include a Digital Signature in the Sandbox environment?

Currently, Digital Signature is not needed in the Sandbox testing environment.

What are the best practices to integrate with API?

Refer to this page for more information Intergration-practices.

What is the Call Limit for each API?

The rate limiting functionality implementation is using the standard HTTP rate limiting headers. The Call Limit is based on the anticipated load and usage patterns of the API. Hence, the caller should handle the rate limiting headers that are returned to them by the API and retry the call as per these headers. The header would specify the current number of calls that are rate limited and the time period the caller should wait before they make the next call. Please, refer back Standard Headers Parameters to standard rate limiting headers definition.