Documentation Center
Submission-ready technical, security, API, continuity, and evidence documentation.
Submission Documentation
ASP Documentation Center
This page consolidates the platform explanation needed for technical evaluation: architecture, DCTCE role, PINT AE intake, validation, XML preparation, security controls, webhooks, audit ledger, backup, restore, and submission evidence.
Official application evidence checklist
- 1Trade Licence
External legal document. - 2Proof of Paid-Up Capital
External corporate evidence. - 3Corporate Tax Registration Certificate
UAE tax registration proof. - 4Legal Representative Authorization
Official authorization document. - 5eInvoicing Experience Proof
Projects, test results, references, screenshots. - 6Peppol Agreement / Authority Agreement
External Peppol evidence. - 7ISO 22301 and ISO 27001
Continuity and information security certificates. - 8Technical Environment Design
Prepared by this portal. - 9MFA, Encryption, Security Monitoring
Security control documentation. - 10Support, Maintenance, Update Procedures, Insurance
Operational and external documents.
Platform role in DCTCE
Al Yamamah ASP Core acts as an independent service-provider gateway. Supplier ERP systems send invoice data to the ASP through authenticated APIs. The ASP validates, prepares XML, preserves evidence, and can exchange/report statuses through webhooks and future official network integrations.
Corner 2-ready design PINT AE intake Validation XML preparation Evidence package Not officially accredited until approvalTechnical environment design
| Area | Implementation | Evidence / Page |
|---|---|---|
| Application | Independent Laravel ASP Core under asp.mazenofficial.net. | Dashboard / Health Center |
| Integration | ERP communicates by API only. No shared ERP database. | Developers / API Clients |
| Authentication | API key, key rotation, expiry, per-client controls. | API Clients |
| Source controls | Allowed IPs and allowed source tenant domains. | API Clients / API Logs |
| Validation | PINT AE fields, parties, payment, lines, tax breakdown, totals. | Documents / Validation Events |
| XML | XML generation/download and XML evidence. | Documents / Evidence Package |
| Webhooks | Signed webhook events and retry log. | Webhooks |
| Audit | Hash-chained audit ledger and anchor files. | Audit Ledger |
| Continuity | Backup, offsite backup, restore runbook, verification commands. | Backups / Restore Runbook |
Security controls
- ✓HTTPS/TLS
Encryption in transit. - ✓API secrets
Keys shown once, rotated when needed, never exposed in docs. - ✓Idempotency
Safe retries using Idempotency-Key. - ✓Duplicate guard
Duplicate invoice protection. - ✓Webhook HMAC
Signed outgoing events. - ✓Redacted API logs
Sensitive headers are not shown.
Continuity commands
php artisan asp:backup:run --keep=14 php artisan asp:backup:offsite --keep=30 php artisan asp:backup:verify php artisan asp:ledger:verify php artisan asp:ledger:anchors:verify php artisan asp:pages:audit