Reference
EFRIX | URA Technical Brief
EFRIS Certified Integrator Accreditation Package
Prepared by: Xtellar Systems Co. Limited
Product: EFRIX – Electronic Fiscal Receipting Integration Exchange
Document Version: 1.0
Date: January 2026
Executive Summary
EFRIX is a certified middleware solution developed by Xtellar Systems Co. Limited that enables Ugandan businesses to achieve seamless compliance with URA's Electronic Fiscal Receipting and Invoicing Solution (EFRIS). EFRIX serves as a translation and security layer between client business systems (POS, ERP, custom applications) and URA's EFRIS infrastructure, handling all technical complexity of fiscalization while providing clients with a simple, RESTful API interface.
Key Capabilities:
- Real-time invoice fiscalization via system-to-system integration
- Support for all EFRIS document types (invoices, credit notes, debit notes)
- Per-TIN certificate management and cryptographic operations
- Automated retry logic with configurable failure handling
- Comprehensive audit logging with 10-year retention
- Sandbox environment for client integration testing
1. System Architecture
1.1 Architecture Overview
EFRIX operates as a middleware layer with three primary zones:
| Zone | Components | Responsibility |
|---|---|---|
| Client Zone | POS, ERP, Custom Apps, E-commerce | Transaction origination |
| EFRIX Zone | API Gateway, Validation, Transformation, Queue, Certificate Manager, Audit DB | Request processing, security, compliance |
| URA Zone | EFRIS Server | Fiscalization, FDN generation, QR codes |
1.2 Data Flow
1.3 Component Description
| Component | Function |
|---|---|
| API Gateway | Authenticates API keys, enforces rate limits, routes requests |
| Invoice Service | Handles invoice, receipt, credit note, and debit note processing |
| Goods & Stock Service | Manages product registration and stock movements with EFRIS |
| Customer Service | TIN/BRN/NIN validation and customer data synchronization |
| Cryptography Engine | PKI signing (RSA) and AES-256 encryption/decryption |
| Key Management | Automated daily key rotation via T104 interface |
| Job Queue | Queues failed submissions for automatic retry |
| Audit Logs | Immutable logs of all transactions for compliance |
2. Supported Transaction Types
EFRIX supports the following fiscal document types as defined by URA EFRIS:
| Transaction Type | EFRIS Code | Description | Use Case |
|---|---|---|---|
| Sales Invoice | T109 | Standard VAT invoice | B2B, B2G, B2C sales |
| Sales Receipt | T109 | POS receipts for walk-in customers | Retail |
| Credit Note | T110 | Reversal/cancellation | Returns, corrections |
| Debit Note | T111 | Additional charges | Price adjustments |
| Goods Registration | T130 | Product/service registration | Inventory setup |
| Stock-In | T131 | Inventory additions (purchase, import) | Stock management |
| Stock Adjustment | T132 | Inventory corrections | Stock reconciliation |
Supported Payment Modes
- Cash
- Credit
- Cheque
- SWIFT Transfer
- Mobile Money (MTN, Airtel)
Supported Currencies
UGX, USD, EUR, GBP, CNY (as per EFRIS specification)
3. Data Validation & Error Handling
3.1 Pre-submission Validation
EFRIX validates all requests before transmission to EFRIS:
| Validation Layer | Checks Performed |
|---|---|
| Schema Validation | JSON structure, required fields, data types |
| Business Rules | TIN format (10 digits), tax rate accuracy (0%, 18%), currency codes |
| Referential Integrity | Original invoice reference for credit/debit notes |
| Duplicate Detection | Idempotency key verification |
3.2 Failure Handling & Retry Logic
Retry Parameters:
| Parameter | Value |
|---|---|
| Initial Delay | 30 seconds |
| Retry Schedule | 30s → 2min → 5min → 15min → 1hr |
| Max Retries | 5 attempts |
| Dead Letter | Alert client via webhook |
3.3 Failure Categories
| Category | EFRIS Codes | EFRIX Action |
|---|---|---|
| Transient | Network timeout, 5xx errors | Auto-retry with backoff |
| Validation | 2001-2099 (data errors) | Return to client for correction |
| Certificate | 100-102 (auth errors) | Alert admin, pause TIN |
| Rate Limit | 429 | Queue and throttle |
4. Security Architecture
4.1 Certificate Handling
EFRIX implements URA's required PKI infrastructure:
| Component | Implementation |
|---|---|
| Certificate Storage | AES-256 encrypted vault, separate from application DB |
| Private Key Protection | Hardware Security Module (HSM) integration available |
| Thumbprint Management | SHA-256 fingerprint verification on each request |
| Certificate Renewal | Automated alerts 30 days before expiry |
4.2 Per-TIN Isolation
Each registered business (TIN) maintains complete isolation:
4.3 Data Protection
| Layer | Protection Mechanism |
|---|---|
| In Transit | TLS 1.3 minimum, certificate pinning to EFRIS |
| At Rest | AES-256 encryption for all stored data |
| Application | Input sanitization, parameterized queries |
| Access Control | Role-based access, MFA for admin functions |
5. Audit & Compliance Logs
5.1 Data Retention
| Data Element | Retention | Purpose |
|---|---|---|
| Full request payload | 10 years | Dispute resolution, audit trail |
| Full response payload | 10 years | FDN verification, compliance |
| FDN/Verification codes | 10 years | Quick lookup, validation support |
| Error logs | 10 years | Troubleshooting, pattern analysis |
| API access logs | 10 years | Security audit, usage tracking |
| Certificate operations | 10 years | Key management audit |
5.2 Audit Log Schema
Each transaction log record follows this standardized schema:
{
"transaction_id": "uuid",
"timestamp": "ISO-8601",
"tin": "1000000001",
"document_type": "T109",
"request_hash": "sha256",
"response_hash": "sha256",
"fdn": "EFRIS-123456789",
"status": "SUCCESS|FAILED|PENDING",
"error_code": null,
"processing_time_ms": 234,
"efris_response_time_ms": 189,
"client_ip": "masked",
"api_version": "v1"
}
| Field | Description |
|---|---|
transaction_id | Unique UUID for each transaction |
timestamp | ISO-8601 formatted timestamp (UTC) |
tin | Client taxpayer identification number |
document_type | EFRIS transaction code (T109, T110, etc.) |
request_hash | SHA-256 hash of sanitized request payload |
response_hash | SHA-256 hash of EFRIS response |
fdn | Fiscal Document Number assigned by EFRIS |
status | Transaction outcome |
error_code | URA error code if applicable |
processing_time_ms | Total EFRIX processing time |
efris_response_time_ms | Time for EFRIS to respond |
client_ip | Masked client IP for privacy |
api_version | API version used |
5.3 URA Audit Support
EFRIX provides the following capabilities for URA audits:
| Audit Requirement | EFRIX Capability |
|---|---|
| Transaction Lookup | Search by TIN, date range, FDN, or invoice number |
| Export Formats | JSON, CSV, PDF reports |
| Real-time Access | Read-only audit portal for authorized URA officers |
| Integrity Verification | SHA-256 hash chain for tamper detection |
| Compliance Reports | Automated monthly summaries per TIN |
6. EFRIX API Reference
6.1 Base URLs
| Environment | URL |
|---|---|
| Production | https://gateway.tarifix.xtellar.app/efrix/v1 |
| Sandbox | https://gateway.tarifix.xtellar.app/efrix/v1/sandbox |
6.2 Authentication
All requests require header authentication:
X-EFRIX-API-Key: efrix_live_xxxxx
X-EFRIX-API-Secret: sk_live_xxxxx
6.3 API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/invoices | POST | Submit sales invoice for fiscalization |
/invoices/{id} | GET | Retrieve invoice by ID |
/invoices | GET | List invoices with filters |
/invoices/{id}/void | POST | Void an invoice |
/credit-notes | POST | Submit credit note |
/credit-notes/{fdn} | GET | Retrieve credit note by FDN |
/debit-notes | POST | Submit debit note |
/debit-notes/{fdn} | GET | Retrieve debit note by FDN |
/goods | POST | Register goods/services with EFRIS |
/goods | GET | List registered goods |
/goods/{id} | PUT | Update goods details |
/stock/in | POST | Record stock increase |
/stock/adjust | POST | Adjust stock levels |
/taxpayer/info | GET | Fetch taxpayer details by TIN |
/customers/{tin} | GET | Lookup customer by TIN/BRN/NIN |
/customers | POST | Save customer details |
/exchange-rate | GET | Get current URA exchange rates |
/reports/daily | GET | Daily transaction summary |
/reports/reconciliation | GET | EFRIS reconciliation report |
/health | GET | API health check |
/webhooks | POST | Configure callback notifications |
6.4 Sample Request/Response
POST /invoices
// Request
{
"invoice_number": "INV-2026-0001",
"invoice_date": "2026-01-10",
"buyer_tin": "1000000002",
"buyer_name": "ABC Company Ltd",
"currency": "UGX",
"items": [
{
"description": "Professional Services",
"quantity": 1,
"unit_price": 1000000,
"tax_rate": 18,
"product_code": "99-001"
}
],
"payment_mode": "Credit",
"idempotency_key": "unique-client-reference"
}
// Response
{
"success": true,
"data": {
"fdn": "EFRIS-987654321",
"verification_code": "ABCD1234",
"qr_code": "base64-encoded-qr",
"invoice_id": "URA-INV-123456",
"fiscalized_at": "2026-01-10T14:30:00Z",
"gross_amount": 1180000,
"tax_amount": 180000,
"net_amount": 1000000
}
}
6.5 Response Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Created successfully |
400 | Validation error |
401 | Authentication failed |
403 | Insufficient permissions |
429 | Rate limit exceeded |
500 | Server error |
502 | EFRIS temporarily unavailable |
7. Demo & Sandbox Evidence
7.1 Sandbox Environment
EFRIX maintains a fully functional sandbox environment connected to URA's EFRIS test server:
| Component | Sandbox Details |
|---|---|
| URL | https://gateway.tarifix.xtellar.app/efrix/v1/sandbox |
| EFRIS Test Portal | https://efristest.ura.go.ug |
| Test TINs | Provided upon sandbox registration |
| Test Certificates | Auto-generated for sandbox accounts |
| Data Reset | Nightly reset of test data |
7.2 Available Demo Evidence
| Evidence Type | Description | Format |
|---|---|---|
| Screenshots | Step-by-step fiscalization flow | PNG/PDF |
| API Logs | Sample successful transactions | JSON |
| Video Walkthrough | Integration demo | MP4/Zoom |
| Postman Collection | Pre-configured API test suite | JSON |
| Sample Integration | Reference implementation code | GitHub |
7.3 Test Transaction Sample
{
"request": {
"buyer": {
"tin": "1000000001",
"legal_name": "Test Company Ltd"
},
"items": [
{
"description": "Test Product",
"quantity": 1,
"unit_price": 50000,
"tax_rate": 18
}
],
"payment_mode": "CASH"
},
"response": {
"success": true,
"fiscal_document_number": "TEST-FDN-2026-001234",
"qr_code": "https://efristest.ura.go.ug/verify/...",
"antifake_code": "ABC123XYZ",
"timestamp": "2026-01-10T12:00:00Z"
}
}
7.4 Test Transaction Logs (Sandbox)
[2026-01-10 10:15:23] INFO Request received: POST /invoices
[2026-01-10 10:15:23] INFO TIN: 1000000001 | Invoice: TEST-001
[2026-01-10 10:15:23] INFO Validation: PASSED
[2026-01-10 10:15:24] INFO EFRIS submission initiated
[2026-01-10 10:15:24] INFO EFRIS response: SUCCESS
[2026-01-10 10:15:24] INFO FDN: EFRIS-TEST-123456789
[2026-01-10 10:15:24] INFO Processing time: 856ms
8. Client Onboarding Checklist
For Commercial Deployment
| # | Step | Responsible | Documents Required |
|---|---|---|---|
| 1 | Client signs EFRIX service agreement | Client | Signed contract |
| 2 | Verify client VAT registration status | Xtellar | TIN certificate |
| 3 | Client obtains EFRIS certificate from URA | Client | URA certificate (PFX) |
| 4 | Create EFRIX tenant for client TIN | Xtellar | — |
| 5 | Upload certificate to EFRIX vault | Client/Xtellar | Certificate + passphrase |
| 6 | Generate API credentials | Xtellar | API key issued |
| 7 | Configure webhook endpoints | Client | Callback URLs |
| 8 | Sandbox integration testing | Client | Test results |
| 9 | UAT sign-off | Client | Approval form |
| 10 | Production go-live | Xtellar | Cutover confirmation |
| 11 | Post-go-live monitoring (7 days) | Xtellar | Health report |
| 12 | Handover to support | Xtellar | Support contact info |
Technical Prerequisites
- Client system can make HTTPS REST API calls
- Client can store and manage API tokens securely
- Client can handle webhook callbacks (recommended)
- Client has valid URA-issued EFRIS certificate
- Client TIN is registered for system-to-system integration with URA
9. Appendices
A. EFRIS Interface Codes Supported
| Code | Interface | Description |
|---|---|---|
| T104 | Key Exchange | Daily AES key rotation |
| T109 | Invoice Upload | Sales invoice fiscalization |
| T110 | Credit Note | Credit note submission |
| T111 | Debit Note | Debit note submission |
| T119 | Exchange Rate | Currency rate lookup |
| T127 | Product Query | EFRIS product code search |
| T130 | Goods Registration | Product/service registration |
| T131 | Stock-In | Inventory additions |
| T132 | Stock Adjustment | Inventory corrections |
B. Error Code Reference
| EFRIX Code | EFRIS Code | Description | Resolution |
|---|---|---|---|
| E001 | — | Invalid request schema | Check JSON format |
| E002 | — | Authentication failed | Verify API token |
| E003 | — | Certificate not found | Upload TIN certificate |
| E100 | 100 | AppID error | Contact support |
| E101 | 101 | RequestTime error | Sync system clock |
| E2001 | 2001 | TIN format invalid | Verify buyer TIN |
| E2020 | 2020 | Invoice already exists | Check idempotency key |
| E2075 | 2075 | Amount exceeds limit | Split into multiple invoices |
C. Compliance Statement
EFRIX is developed and operated in accordance with:
- URA EFRIS Interface User Requirements Specifications v1.5
- Section 73A and 73B of the Tax Procedures Code Act 2014
- Uganda Data Protection and Privacy Act 2019
10. Contact Information
Xtellar Systems Co. Limited
Kampala, Uganda
| Channel | Details |
|---|---|
| Technical Support | support@systems.xtellar.co |
| Website | https://tarifix.xtellar.app |
| API Documentation | https://tarifix.xtellar.app/docs |
Document Classification: URA Confidential
Prepared by: Xtellar Systems Co. Limited
Revision: 1.0
Last Updated: January 2026
This document is submitted in support of Xtellar Systems' application for EFRIS Certified Integrator accreditation renewal with the Uganda Revenue Authority.