Skip to main content
Guide for the transfer of tax information electronically to Public Administrations for the exercise of their powers (PROTGEN)

3.3.3. Description of this information supply channel

Web service technology involves computer developments by the entity requesting information, for the implementation of the information collection system in its applications.

The ECOT AND NIVRENTI web services can be used with its own infrastructure or with a third party in charge of processing admitted by the Tax Agency and with whom the transferee has signed a legal act that guarantees the appropriate security and protection measures for personal data in the terms established by the EU General Data Protection Regulation (Intermediation Platform).

According to the intermediation model, both the client organizations (information requesters) and the information providers (in this case the Tax Agency) will communicate with each other through a Data Intermediation Platform, which is responsible for channeling communications between the two. In order to use the Data Intermediation Platform of the General State Administration, the organisations requesting the information must have access to the SARA network.

Once developed by the IT services, the authorised body will enter into its certificate request application the identification data of the interested party from whom it wishes to obtain information, the purpose of the request and the type of certificate requested. Before sending the request to the issuing body's web service, you must sign the request message.

The signature of the request message will follow the XML-DSig protocol, except in the case of intermediated web services, for which it will be signed under WS-Security.

To send the request, a secure channel (SSL tunnel) will be established. The Tax Agency's web services require client authentication when establishing this channel. To successfully establish this tunnel, the electronic certificate used for this purpose must have been authorized by the AEAT.

Therefore, to send an application, one or more electronic certificates will be used at two times: for the signing of the petition and for the establishment of the secure channel. It is not necessary for these actions to be carried out with the same certificate, but it is necessary that this situation be communicated to the AEAT, which will associate them with the requesting body.

Once the request message has been generated and sent by the requesting body, the issuing body will check that it is authorized to invoke the requested web service. Once this check has been carried out, the issuing body will process the request, issuing a response (a document in XML format containing all the related data) electronically signed, which will be sent to the requesting body synchronously.

Technical information about this project (specifications, libraries, schemas and WSDL files describing this system) can be found at:

https://administracionelectronica.gob.es/ctt/scsp New window

For more information, please contact: