ERROR
ZATCA-00026 Unauthorized Request (401)
The API request was rejected due to invalid or expired authentication credentials (CSID token).
⚠️ What Causes This Error?
Common reasons why you might see ZATCA-00026
- ✗ CSID certificate has expired and needs renewal
- ✗ Incorrect API credentials (username/password mismatch)
- ✗ Using production CSID on sandbox environment or vice versa
- ✗ Certificate not renewed after the compliance check phase
✅ How to Fix This Error
Follow these steps to resolve ZATCA-00026
1
Check Certificate Expiry
Verify the CSID certificate is not expired by checking the validity date.
2
Verify Environment
Ensure you are using the correct credentials for the target environment (sandbox vs production).
3
Re-issue CSID
If the certificate is expired, complete the onboarding process again to obtain a fresh CSID.
4
Check Authorization Header
Verify the Authorization header format: Basic base64(username:password).
Fix ZATCA Errors Automatically
Qeemah validates invoices before submission and prevents ZATCA-00026 errors from happening.