DOCS/FLUX/Vat Filing

Single Filing

Authentication Required

This endpoint requires a valid API key. Include your API key in the x-api-key header of every request. You can generate a test key in your developer dashboard.

The Single VAT Filing API processes an individual Value Added Tax (VAT) transaction for compliance tracking. This is optimal for point-of-sale systems or individual e-commerce checkout flows where immediate tax filing triggers are required by your downstream orchestration.

Integration Flow

1Encrypt Credentials: Generate your encryptedPayload to securely carry credentials.
2Submit Transaction: Send the itemized VAT details, amount, and related metadata.
3Handle Result: Track the vat.filing.success webhook for the final state confirmation.

HTTP Request

POSThttps://api.taxstreem.com/v1/flux/vat-filing/single

Request Body

The following parameters are required for this action.

Parameter	Type	Required	Description
encryptedPayload	string	Required	Your Base64-encoded, AES-256-GCM in-flight encrypted TaxPromax credentials (email and password). See Encryption Section for generation steps.
filingId	string	Required	Your unique internal ID representing this VAT filing request. Limits duplicate filings (Idempotency Key).
month	number	Required	Numeric month you are filing for. Valid values: `1` to `12`. Late filings may incur penalties from the authority.
year	number	Required	4-digit year for the filing (e.g. `2024`).
vatStatus	number	Required	Determines tax treatment. Valid values: `0` (VATABLE), `1` (ZERO RATED), `2` (VAT EXEMPT).
amount	number	Required	The total invoice or item amount exclusive of VAT.
item	string	Required	Name or category of the exchanged product/service (e.g. `Enterprise Software License`).
narration	string	Optional	Detailed context or invoice reference line for the item. Helps your finance team during auditing.
taxId	string	Optional	The customer's TIN. If the customer isn't registered or it's a B2C transaction, provide `"0"`.
beneficiary	string	Optional	Customer name. If blank/B2C, default system value is `"Retail Customer"`.

Encrypted Payload (In-Flight Encryption)

FLUX requires sensitive credentials to be encrypted at the application layer before transmission. This provides defense-in-depth on top of HTTPS.

The encryptedPayload field must contain a Base64-encoded AES-256-GCM encrypted JSON object.

Encryption Specification

Property	Value
Algorithm	AES-256-GCM
Key Derivation	SHA-256(sharedSecret)
IV (Nonce)	12 bytes (96-bit) random
Auth Tag	16 bytes (128-bit)
Encoding	Base64

Payload Format

The final transmitted value must be:

Base64( IV[12] || Ciphertext || AuthTag[16] )

IV is randomly generated per request
Ciphertext is encrypted JSON
AuthTag is automatically appended by GCM

Response Documentation

A successful invocation of this endpoint returns a 202 Accepted or 200 OK. Since filing operations are processed asynchronously alongside tax gateways, the immediate response acknowledges successful receipt and enqueueing of the schedule payload.

Field Name	Type	Description
status	string	The high-level outcome of the request context. Value is typically `accepted` indicating payload validation passed.
message	string	A human-readable confirmation note (e.g. "schedule accepted successfully").
data.id	string	The tracking UUID for this schedule. This precise ID correlates to the `filingId` in downstream webhook events.
data.created_at	string (date-time)	Timestamp marking the instant the schedule safely enqueued, in ISO 8601 format.

Error Handling

The API applies standard HTTP status codes indicating success or failure. In case of an anomaly, the response body contains an errors array detailing specific field-level validation issues to facilitate rapid integration debugging.

HTTP Status	Error Key	Cause & Resolution
400	Bad Request	Cause: Missing required fields, invalid attributes (e.g. malformed TIN), or structural JSON anomalies. Resolution: Traverse the `errors` array in the response to target the invalid field constraints, format properly, and re-submit.
401	Unauthorized	Cause: The API key credential is missing, malformed, or revoked. Resolution: Ensure your `x-api-key` is populated in the request header and that you are matching the correct environment bounds (live vs test).
403	Forbidden	Cause: Properly authenticated, but the key context is lacking specific scope permissions or the merchant account represents restricted access. Resolution: Review integration scopes within the dashboard to assure capability rights correspond to FLUX operations.
429	Too Many Requests	Cause: Network volume exceeds the rate envelope associated with your tier configuration. Resolution: Gracefully throttle via exponential backoff semantics checking the `Retry-After` header variable, or upgrade capacity constraints.

Example Request

curl -X POST https://api.taxstreem.com/v1/flux/vat-filing/single \
  -H "x-api-key: txsm_test_SK489c..." \
  -H "Content-Type: application/json" \
  -d {
        "encryptedPayload": 'encrypted_string_...',
        "filingId": '123-abuiod-90',
        "month": 1,
        "year": 2024,
        "data": [
           {
               "vatStatus": 1,
               "amount": 5000,
               "item": "Baby diapers",
               "narration": "Bought kisskid diaper",
               "taxId": "2345544-0001",
               "beneficiary": "Retail Customer"
           }
        ]
     }

Example Response

202 Accepted

{
  "status":  "accepted",
  "message":  "schedule accepted successfully",
  "data":  {
    "id":  "xaee2ddf-effvkfes",
    "created_at":  "2026-02-20T10:00:00Z"
  }
}