Why the GST application is routed through the resilient tech

Hi everyone!

I have been exploring the new GST India compliance application which has been contributed by resilient tech and the team.
There is one question that I have in my mind.

Why the APIs are routed from a company’s server but not directly to GST suvidha portal?
the concerns are known to everyone as security and data leaks etc.

Looking forward discuss this through.

Thank you.

Hello Prashant,

We have answered this multiple times in other places. But let me answer it in this forum as well.

Why is the API not routed directly through government servers?

GST APIs are not distributed directly by the government. They are distributed by authorized GSPs and ASPs.

Note that Resilient Tech has registered as an ASP with Adaequare GSP, and is required to follow the guidelines prescribed for ASPs.

Why is the API not routed through GSPs like it used to be done in v13?

Multiple reasons:

1. UX

• Instead of making users purchase different APIs like e-Waybill API, e-Invoice API, Public API, GST Returns API separately from the GSP, we wanted to provide a consistent UX and bundle all APIs into a simple package.
• There is a Minimum Order Qty (MOQ) that needs to be purchased for each API when purchasing from a GSP. This makes sense due to the scale at which GSPs work, but it can be excessive for SMEs using ERPNext. With our offering, we wanted to make the APIs accessible to more users.
• Through our offering, we’re also providing the feature to roll over existing API credits at the next purchase.
• We believe that APIs as critical as these should be easily accessible. The end user shouldn’t be expected to get in touch, negotiate, and come to an agreement with GSPs for each API.

2. Reliability and Sustainability

• We wanted an architecture that makes it easy to switch over to another GSP should the need arise.

• We wanted a stable revenue stream to sustain the development and maintenance of the app. Given the criticality and the dynamic nature of taxation rules and regulations in India, this is a must.

  We are hoping to be able to help ERPNext be a reliable solution for Indian business in the long run.

I have concerns about security, data leaks, etc.

• We do not ask for and store passwords. We went for e-mail authentication instead.
• We do not log transaction level data. Our logs are limited to API access, which is used only internally for billing purposes. We do not share these with a third party unless legally required.
• The access logs are not stored on our server. They are stored as AWS Cloudwatch Logs. We only query them to retrieve the count of API credits consumed.
• Additionally, we are working to open source the Frappe app that we use to manage our API very soon. Anyone is free to inspect the source code.
• We are happy to submit to regular security and privacy audits from the Frappe team (Frappe uses our offering for their enterprise customers). We are also happy to submit to audits by an independent third party, if anyone here wants to sponsor the same.

Considering above points, I would argue that our offering doesn’t require trust at all. We are in the process of drafting our T&C and Privacy Policy to make these things explicit.

I hope I was able to address your questions / concerns. Do let me know if you need further clarification.

Hi Sagar! Thank you so much for responding.
I am satisfied with your answer and I must say you guys have done a commendable job building the GST app.

my main concern is still there!
here is one situation I have been in recently hence the reason behind this topic as well.

I was consulting with a prospect for their implementation. They were quite interested in how ERPNext handles GST. I gave them a complete demo of the whole process, told them that they have to purchase credits for their transactions.

Next, they raise the question of security and they are not comfortable with their data going through the intermediary server. I assured them that this is all secured and your data is not being captured.

He said even WhatsApp provides end-to-end encryption but people have problems trusting that.

See, the point here is to gain the trust of people while implementing a solution for them.
they feel like they are being bound to the solution (this is the only way to do GST in ERPNext, not the feeling of open source).
People ask for alternatives and there should be options.

I am again thankful to the team for building this application and I am personally using it but the question stays there.

Thanks & Regards,

You’re confusing two different aspects here, Prashant.

India Compliance, just like ERPNext, is fully Open Source and available for anyone to use, modify and distribute under the terms of the GNU GPLv3 license. All features being made are available free of cost.

However, Open Source does not mean open to anything and everything that the users wish for.

Let’s put India Compliance aside for a moment and take the example of the e-Commerce Integrations app. It provides integrations with a lot of operators like Flipkart and Amazon through Unicommerce, a paid aggreagator of sorts. Most of the times, these operators do individually provide free APIs to integrate with. But whether or not any feature or fix is implemented is always at the maintainers’ discretion.

This is the whole reason why forks exist. You are free to modify and redistribute as long as you confirm with the app’s GPLv3 license and release the modified source code. Your colleague @Maheshwari_Bhavesh is already working on this, AFAIK.

For reasons that I’ve already mentioned in the above reply, and the fact that we don’t have the demand and resources to cater to this requirement, we don’t intend to implement it within the app as of now.

This can always change, and nothing is set in stone. Perhaps the government will start providing the API directly and we will decide to integrate with that instead. Or perhaps you want to sponsor something like this?

FWIW, I hope you guys choose to go with the current solution. I am open to setting up a screen sharing call to walk your team and client through our current offering, it’s backend implementation and the details about precisely why it is secure and privacy-friendly. Even more so than integrating with some GSPs directly.

At the same time, I don’t intend to engage in this conversation further, unless you want to sponsor it. I’d rather focus on building features that a majority of users are asking for, willing to sponsor, and will genuinely benefit from.

Peace

Peace be upon everyone @snv .

I may not affirm to the fact that you are comparing GST (a bare necessity for using ERP in India) with Unicommerce.
I am happy to get on the call and we can actually discuss the sponsorship thing.
What say @Maheshwari_Bhavesh?

Yes we can @aa_prashant

@snv my concern is that India Compliance minimum credits are 2000 every year for ₹ 1000 + GST. So it is effectively a SaaS charge for using the GST API. While I would like to support resilient-tech for the work you have done and continue to do for the GST integration. Asking all small enterprises/startups to pay 1k per year for an Open Source solution is excessive.

Hi,

• The source code of India Compliance is open and freely available, but services which aren’t available for free cannot be passed on for free.

• You don’t necessarily need the API unless you want to automate retrieving or uploading data from GST servers. You can make use of the JSON export/import features without purchasing API access.

• The API is bundled for all subscribers of Frappe Cloud at no extra cost.

Nonetheless, I thank you for sharing your concern. We will discuss it internally.

Hi,

Don’t get be wrong, you guys have a big thumbs up. I am a big open source supporter and I think your app is fab for being open source, much like EN.

Point is, I am not looking for the services for free. But for bootstrapped startups who are self deploying to keep costs low, the minimum threshold for ₹ 1k per year to keep the credits going where we might not even have consumed half becomes a high bar.

We don’t want to get data manually for JSON export/import. We want to use the good work you have done, while paying for the API cost that you have (and the little extra to support Open Source).

I would suggest lowering the maintenance top up to keep the credit going to something trivial like ₹ 100 as a token to keep the APIs going. Since you aren’t providing support individually to anyone, this is all automated and just keeps the service going.

Larger players who are using API heavily will anyways buy more credits.

Right now it feels like you’re taking a SaaS charge much like Frappe Cloud which is exactly what those of us buying credits from you directly did not wish to do.

Thanks for discussing it internally, have given you more points to talk about.

Sorry to jump in this discussion. But…

If you feel the charges are exorbitant then just do not use their Automatic GST filing feature.

It is as simple as that.

And why should they lower their charges. They have already done a fantastic job building a solid GST solution for ERPNext and giving it for free to use.

Your logic can be extended to any amount they might wish to charge.

If one has to pay a fixed amount per year, its not free to use the API connectivity. And a web based platform should use GST connectivity in 2024. Heck, every ERP has it nowadays.

I have already appreciated the work they have done in equally glowing words.

I am suggesting a better way to price it as for larger users they will still get the amount they need. Since their usage will be higher

I am not asking them to lower their charges. Just not have an arbitrary minimum number of credits every time or not expire them.

This 1k minimum and annual expiry is just a clever way of hiding an annual subscription charge and its not expected from the authors of a good open source product, effectively making it a SaaS premiumware

Sorry I don’t agree here. Most ERPs will allow users to download the GSTR1/3 in JSON format and the users have to login to the GST portal and them manually upload them.

While Resilient is offering a one click solution for filing GSTR.

And all the third party GST service providers that I have checked are charging.

Here is an example of one such provider that one of our client uses.

image1339×308 21.1 KB

I generally exercise healthy discretion when responding on the forum, but since you’re new here, let me make an exception.

Response to criticism

It appears that you’re misinformed about some facts:

• It’s incorrect to say that we don’t provide support for each API user. E-mail support for API related issues is available for all users of the service. I think it’s quite accessible too, just one click away from your India Compliance Account page.
• The costs of providing an API service are not linear to it’s usage. This is very easy to verify, you just need to contact some GSPs and ask for their pricing. This is also one of the reasons why our pricing is slab-based.
• Another benefit of retrieving pricing from GSPs is that you can observe how their pricing compares to our offering. If you think 1000₹ per annum (a dollar a month) is excessive, the base price they quote will definitely come as a shock.
• It’s naive to assume that those who use the API more are bound to be “large players”. Many large businesses have very limited transactions, and many businesses that have a large number of transactions have incredibly tight margins.

On empowerment

• We believe that the FOSS movement is fundamentally about empowerment. We take that responsibility very seriously. I don’t think anyone in their right mind would maintain an open source project as dynamic and complex as India Compliance unless they prioritised empowerment over money.
• We understand that business in India is hard, especially for SMEs that don’t have the resources to pay for exorbitant license fees. That’s why we chose India Compliance as our first FOSS project - to make it a little bit easier.
• Prioritising empowerment is also why we built the API service in the first place, it’s neither convenient nor affordable for every ERP user to buy it directly from a GSP.

About our base pricing

We’ve been providing the API service for 2+ years now, and this is the first time a user has raised concerns about the base price.

Upon evaluation of our API usage data, I noted that around 3% of our subscribers did use 1000 or less API credits every year. So we had an internal discussion, and to better empower these users, we’ve decided to slash the base cost by 50% to ₹500 per annum (or half a dollar every month).

• This decision is final, and we will not indulge in any further debate about it unless some of the factors that went into this change.
• This will be accompanied by some other not-yet-finalised changes and is not expected to be effective before 15th August.

Since you’re new here

• Please be civil. More people will value your inputs and respond to you. It’s okay to disagree, but refrain from repetition that doesn’t add to the conversation’s value and knee-jerk contradictions.
• Please create a new topic rather than taking an existing topic in a radically different direction.

All the best for your bootstrapped startup!

Just to add.

Pricing is designed to ensure that any unused credits are carried forward with next purchase. This way, you still can use this at any time in the future when you need more credits.

Annual billing once helps us estimate annual usage and make corresponding purchase.

This feature is still under development. Currently, it’s limited to helping reconcile filed returns and helps with JSON export for filing.

I don’t think I have been ‘uncivil’. If something came out that way, I take it back.

I believe you have found a very good niche for India Compliance and the API route allows for monetization, while adding a value that can only be had at scale. GSPs are prohibitively expensive for individual companies, so the ability to club all the individual FOSS user’s usage is a good idea.

Like I have said before, I like the work. I just feel you might not have needed to put this minimum cap and expiry as your source pricing does not need it. The minimum and expiry make it effectively into a SaaS pricing out of something which is a good FOSS.

And the argument that don’t use it (which triggered the debate) is often given in FOSS to make people not discuss contentious issues. I don’t think thats a healthy debate

Fully aware of the rollover of credits. But its unlikely that a company that did not need the 2000 credits in a year will suddenly need that many in the future.

It would have been just as well to have a minimum buy in which didn’t expire.

My point is monetization for good FOSS shouldn’t be based on locking people in. That’s what apple does with the open source. Good money, bad ethics.

You are entitled to your opinion.

We have clarified some of the reasons as to why a minimum cap is unavoidable. We don’t believe there is merit in further disclosure or debate.

I don’t agree with your argument that the product is comparable to SaaS services because a minority of the features require a subscription to some API. By extension, one could argue that any FOSS product that integrates with paid third-party APIs shouldn’t be considered FOSS.

monetization for good FOSS shouldn’t be based on locking people in

Anyone who doesn’t like the built-in API service is free to perform any modification allowed by it’s license. There is no compulsion or lock-in.

The only way to build something that everyone likes fully is to not build anything.

Like I’ve been saying, thanks for the good FOSS work. Even with the subscription it is still Open source and always worthy of a thumbs up.

Keep it up, and do revise the base price to ₹500. Here’s wishing that the adoption is so good that you don’t need to set a reserve price at all.