ERROR ZATCA-00026

Unauthorized Request (401)

The API request was rejected due to invalid or expired authentication credentials (CSID token).

⚠️ What Causes This Error?

Common reasons why you might see ZATCA-00026

  • CSID certificate has expired and needs renewal
  • Incorrect API credentials (username/password mismatch)
  • Using production CSID on sandbox environment or vice versa
  • Certificate not renewed after the compliance check phase

How to Fix This Error

Follow these steps to resolve ZATCA-00026

1

Check Certificate Expiry

Verify the CSID certificate is not expired by checking the validity date.

2

Verify Environment

Ensure you are using the correct credentials for the target environment (sandbox vs production).

3

Re-issue CSID

If the certificate is expired, complete the onboarding process again to obtain a fresh CSID.

4

Check Authorization Header

Verify the Authorization header format: Basic base64(username:password).

Fix ZATCA Errors Automatically

Qeemah validates invoices before submission and prevents ZATCA-00026 errors from happening.

Book Guided Demo →
Chat with us on WhatsApp