Product Information
Generating an Authorization Token in Romania’s ANAF Portal Using Postman
Note: The steps and processes described here are accurate as of the time of writing, but it’s essential to stay updated with any changes on the ANAF portal that may affect this procedure.
In this blog post, I will guide you through the process of generating an authorization token from Postman and ANAF’s portal. This authorization token is essential for establishing a connection between SAP Document and Reporting Compliance, cloud edition and ANAF. This will allow you to submit and monitor electronic invoices from eDocument cockpit.
ANAF, which stands for Agenția Națională de Administrare Fiscală (National Agency for Fiscal Administration), enables you to electronically send and receive electronic invoices through their e-Invoicing platform.
Prerequisites:
- You should be a registered user on the ANAF portal with a qualified digital certificate, holding one of the SPV PJ rights (legal representative, designated representative, or authorized representative). You can register in the SPV by visiting this link: https://www.anaf.ro/InregPersFizicePublic/#tabs-2.
- After completing the registration process on the ANAF portal, you will receive a Client ID and Client Secret, which are required for the subsequent steps.
Now, let’s go over the management URLs used for generating the authorization token:
- Authorization Endpoint: https://logincert.anaf.ro/anaf-oauth2/v1/authorize
- Token Issuance Endpoint: https://logincert.anaf.ro/anaf-oauth2/v1/token
Once you are registered on the ANAF portal, follow these steps to generate an authorization token:
- Open Postman application and create a GET operation for the Authorization Endpoint.
- Under the Authorization tab, complete the required fields as shown below:
Grant Type Authorization Code Callback URL <Use the default URL generated by Postman> Auth URL https://logincert.anaf.ro/anaf-oauth2/v1/authorize Access Token URL https://logincert.anaf.ro/anaf-oauth2/v1/token Client ID <Enter the Client ID received during the registration process> Client Secret <Enter the Client Secret received during the registration process> Client Authentication Send as Basic Auth Header – Check the ‘Authorize using Browser’ checkbox.
- Click the ‘Get New Access Token’ button.
- Since you’ve checked ‘Authorize using Browser’ in step 2, your browser will automatically open, and you will be prompted to select your certificate for authentication.
Note: Make sure you disable the pop-up blocker in the browser. - After a successful authentication, provide your ANAF portal username and password as prompted by the browser and click the ‘OK’ button.
- A new token will be generated, and you will see a success message in the browser.
- You will be automatically redirected back to Postman with a popup displaying the newly generated authorization token. Click the ‘Use Token’ button.
- The new token will automatically populate the token field.
To configure the generated token with in the Business Technology Platform(BTP) portal, follow the documentation provided below:
- If your business system is SAP S/4HANA Cloud, refer to Managing Communication Settings | SAP Help Portal.
- If your business system is SAP S/4HANA or SAP ERP, refer to Managing Communication Settings | SAP Help Portal
I hope you find this information useful. You can leave a comment on this blog or follow us for more information about SAP Document and Reporting Compliance here in SAP Community.
Very useful, thanks for sharing!
Hi Olivia,
Thank you for your feedback. I am glad you found it useful.
Hi Mahesh,
As of now, there is no automated procedure in DRC cloud edition to renew the access token using refresh token upon expiry.
Is there any plans to integrate this feature in DRC? Considering DRC, cloud edition comes with SAP Integration suite which already have this capability to renew the OAUTH access token based on access token automatically?
Thanks,
Vignesh Sridhar.
Hi Vignesh,
As of now, we haven't committed to any specific timelines for integrating the auto-renewal of access tokens in DRC. However, it is a topic under discussion for our future development plans. We will keep our customers informed through our communication channels once we have a concrete plan in place.
Best regards,
Mahesh Varma
Fantastic Mahesh Varma Kalidindi ! Super Essencial document. May I suggest to include this blog into following MAIN SAP note ?
3262931 - eDocument Romania: Overview Note
I believe if in any country comes with this Blog/guidance facilitate life to everyone!
BR
Gaspar
Hi Gaspar,
Thank you for your positive feedback. Appreciate your input and am glad to hear that the content has been helpful to you.
However, I wanted to clarify that we don't add blogs to SAP Notes, as it's not the appropriate channel for such content. The blog has been added to the Romania workzone, which is accessible to customers, to make it more widely available and useful.
Best Regards
Mahesh Varma
Hello Mahesh, Then end-goal of my suggestion is to have all necessary's in 1 place becauase now you have the SAP Overview note, this fantastic Blog, Help Portal and Workzone (non mentioned in the MAIN SAP know so how to know this info is there) with Key info.
I give you the feedback from Customer side.
BR
Gaspar
Hi Mahesh,
Thanks for sharing such a document.
In anaf.ro official documentation it is easy to be lost.
Yet, I have an issue at step 4 of your instruction. After pressing "Get New Access Token" button we do not see the popup window for selection of the certificates (yet the pop-up blocked is disabled in the browser),
Later, in Console in Postman I see: 'Error: access_denied'
So, it seems like there is no even attempt to seek for a certificate.
Tried to do it from the user who is a registered user on the ANAF portal with a qualified digital certificate, holding one of the SPV PJ rights (legal representative, designated representative, or authorized representative). Tried to do it from my PC (I am not the authorized user at anaf.ro).
The result is the same.
Could you please provide some advice here?
Hi Piotr,
I assume you've already checked the 'Authorize using Browser' checkbox in Postman, which should allow you to generate a token using your browser. However, if you're still unable to select certificates, I recommend that you raise an incident with SAP, specifying the component as 'CA-GTF-CSC-EDO-RO'. This will route the issue to our team, and we can then investigate your specific problem and provide you with the necessary assistance.
Hello Mahesh, thanks for your reply.
Yet, the issue seems to be solved.
In our case, user had the digital certificate stored physically (kind of flash-USB).
It seems initially system just did not see the certificate.
The second time we initially checked if the certificate is visible in the certificate list in browser, and it worked properly.
Nevertheless, thank you for your help!
Hi Mahesh,
thank you for sharing. We are issuing a problem with the following step:
After completing the registration process on the ANAF portal, you will receive a Client ID and Client Secret, which are required for the subsequent steps.
Our contact in Romania can't find on the ANAF website where the client ID and secret should be generated.
Could you help me?
Francesca
Hello Francesca, That person should received an email or SMS with the information I understand. I suggest to double check if contact information where updated at ANAF Portal 1st.
Gaspar
Hi Gaspar,
thank you for your response. We are a private company already registered on the ANAF portal, not an individual.
Best regards,
Francesca
I got that. we faced the situation you are mentioned. For sure someone register their ID and have to received the information you are looking for.
That why I suggest to check who is authorization at ANAF in your company. That person should received it.
BR
Gaspar