SandBox
About PRAL's Sandbox
What is the PRAL Sandbox?
Think of a sandbox as a safe, isolated testing environment. It’s a replica of the live FBR production system, but it uses dummy data and does not affect your real tax records or compliance status.
Its primary purpose is to allow software developers (and the businesses they work for) to:
Test their software integration (POS, ERP, accounting systems) with the FBR’s API.
Ensure their invoice data is formatted correctly (JSON schema) before going live.
Identify and fix any errors in a risk-free setting.
Simulate the entire process of sending an invoice, receiving an IRN, and canceling an invoice.
Why is the Sandbox Mandatory?
The FBR requires all software solutions to be thoroughly tested and certified in the sandbox environment before they are granted access to the live production system. This is to ensure:
Stability: Prevents buggy software from flooding and crashing the live FBR system.
Data Quality: Ensures all incoming data is in the correct format, preventing errors in the national database.
Smooth Rollout: Minimizes disruptions for businesses when they finally switch to live transmission.
Key Features and Functionality of the Sandbox
The sandbox environment mimics the full functionality of the live system:
User Registration & Management: You can create test user accounts with specific roles.
API Endpoints: It provides test URLs (endpoints) for all key operations:
Authentication API: To get a secure access token.
Invoice Registration API: To send invoice data and receive a test IRN.
Invoice Cancellation API: To test canceling an invoice.
Search/Inquiry API: To search for test invoices you’ve submitted.
Dummy Data: You use dummy NTN numbers and other data for testing. No real customer or business data should be used here.
Simulated Responses: The sandbox will respond with the same success or error messages that the live system would, such as:
200 OKwith an IRN for a successful submission.400 Bad Requestfor malformed data.401 Unauthorizedfor invalid credentials.
How to Get Access to the Sandbox?
Access is typically managed by your software developer or vendor. The general process is:
Software Company Registration: The software company (ISV – Independent Software Vendor) must first register itself with the FBR/PRAL.
Request Sandbox Access: The registered software company then requests access credentials (Client ID and Client Secret) for the sandbox environment for their specific software solution.
Testing and Certification: The developers use these credentials to connect their software to the sandbox API and perform comprehensive testing. They must test various scenarios (valid invoices, invalid invoices, cancellations, etc.).
Certification: Once the software successfully passes all tests and consistently generates correct API calls, the vendor can request certification from PRAL/FBR to go live.
As a business owner, you won’t directly handle the sandbox. Your responsibility is to ensure your software vendor is FBR-approved and has successfully completed the sandbox testing and certification process.
Steps for a Business to Prepare (Using the Sandbox indirectly)
Confirm Your Obligation: Check the latest FBR notifications to see if your business is required to integrate.
Choose a Compliant Software Vendor: Select a POS/ERP provider that is already FBR-certified or is actively working on it. Ask them for proof of their sandbox testing progress.
Test in Your Environment: Once your vendor has a certified solution, they will help you install it. You should then run your own internal tests using the vendor’s system (e.g., creating test sales) to ensure everything works smoothly on your end before the “go-live” date.
Go Live: After successful internal testing and upon receiving the “production” credentials from your vendor, you can switch from the test mode to the live FBR system.
Important Resources and Links
PRAL/FBR Developer Portal: This is the central hub for all technical documentation.
Primary Website: https://iris.fbr.gov.pk
Direct Link to Developer Section/Sandbox Info: Look for the “For Developers” or “Documentation” tab on the IRIS portal. This is where you’ll find the all-important:
API Documentation
JSON Schema (the exact format for invoices)
Sandbox Registration Process
Step-by-Step Integration Guide
