13.1 APIs for Compliance Artifacts

Complete suite of APIs providing all mandatory compliance artifacts including IRN generation, QR codes, digital signatures, and comprehensive archiving capabilities.

Invoice Reference Number (IRN)

Generated automatically by BluelightSmartAPI as part of clearance cycle, ensuring unique identification for every invoice submitted to FIRS.

QR Codes

Embedded in invoice PDF or XML, returned as base64 image and stored in archive for compliance verification and audit readiness.

Digital Signatures

PKCS#7 signatures created for every payload, ensuring non-repudiation and integrity of invoice data throughout the compliance lifecycle.

RESTful API Endpoints

Comprehensive APIs available for submission, status retrieval, archive fetch, and reconciliation operations with full OpenAPI specification.

SmartAPI Services Lifecycle - Complete Invoice Processing Pipeline
SmartAPI Services Lifecycle

End-to-end invoice processing from submission to archive, covering all FIRS compliance requirements

13.2 Data Resource Libraries

Comprehensive data libraries ensuring accurate mapping and synchronization with FIRS reference data for seamless compliance validation.

Product Library

Client product catalog mapped to HS (Harmonized System) codes as per FIRS reference tables with automatic updates.

Customer Library

Stores customer master data with validated TINs, synchronized with FIRS registry for real-time accuracy verification.

Tax Code Library

Maps client ERP tax codes (e.g., SAP condition records) to FIRS tax codes with configurable business rules.

Service Codes

Configurable library for industry-specific service codes, aligned to regulator references with automated validation.

Reference Synchronization

Automatic refresh from FIRS resource APIs (where available), with client override controls and conflict resolution.

13.3 Hosting and Residency Options

Flexible hosting models meeting local residency requirements with enterprise-grade disaster recovery and high availability options.

Default NG OPCO Hosting

Services hosted in NG OPCO server when regulator mandates local residency requirements, ensuring full compliance with data sovereignty.

Bluelight Managed Cloud

Private tenants on AWS, Azure, or GCP with region lock to Nigeria for optimal performance and scalability.

Dedicated VPC

Available for Platinum tier clients needing isolation, network controls, and BYO (Bring Your Own) security stack integration.

Disaster Recovery

Active-passive failover across regions within Nigeria, with RPO 15 minutes and RTO 2 hours for business continuity.

13.4 Performance and Throughput Targets

Enterprise-grade performance metrics designed to handle high-volume invoice processing with consistent low-latency response times.

< 500ms
Median processing latency within SmartAPI
< 1.5s
P95 latency excluding regulator response time
500K+
Invoices per day per tenant with autoscaling
< 2s
Webhook callbacks median delivery time
50K
Invoices per batch with checksum validation

13.5 High Availability and Reliability

Tiered SLA commitments with comprehensive reliability features ensuring zero invoice loss and maximum uptime for business-critical operations.

99.9%
Gold/Platinum SLA
99.5%
Silver Tier SLA
99.0%
Bronze Tier SLA
Zero
Invoice Loss Guarantee

Reliability Features

  • SmartAPI endpoints load balanced and geo-redundant
  • Daily health checks and synthetic monitoring from multiple regions
  • Queuing and replay mechanisms ensure zero invoice loss during regulator downtime

13.6 Security Controls (Summary)

Multi-layered security architecture with enterprise-grade controls ensuring data protection, authentication, and continuous monitoring.

Transport Security

TLS 1.3 with mTLS or OAuth2 for secure data transmission and authentication between all system components.

Authentication

OAuth2 JWT, client certificates, or both for robust identity verification with multi-factor authentication support.

Authorization

RBAC and MFA for dashboard access with granular permission controls and audit logging capabilities.

Data Protection

AES-256 encryption at rest, tamper-evident logs, immutable WORM archive ensuring data integrity and compliance.

Monitoring

SIEM integration, anomaly detection, real-time alerts for security events with automated response capabilities.

Governance

Certificate expiry monitoring, quarterly security audits, semi-annual penetration testing with compliance reporting.

13.7 Integration Readiness

"No ERP left behind" - comprehensive integration capabilities covering modern APIs to legacy print spoolers with proven methodologies and templates.

ERP Integration Decision Tree - Universal Compatibility Matrix
ERP Integration Decision Tree

Flexible integration paths for all enterprise environments ensuring seamless connectivity regardless of ERP maturity

SAP ECC 6.0

IDoc INVOIC02 via PI/PO integration templates with proven methodology and migration-safe architecture for S4 transition.

SAP S4/HANA

CPI iFlows using Billing Document API for modern SAP environments with cloud-native integration patterns.

Oracle EBS/Fusion

XML adapters for EBS, REST for Fusion with comprehensive data mapping and transformation capabilities.

Microsoft Dynamics

OData integration and CSV batch support for seamless data flow with Power Platform integration options.

Legacy ERPs

BlueBox capture from print spool, folders, or network ports - achieving compliance with zero ERP changes required.

No ERP Environments

BlueInvoice SaaS or Email Connector plug-and-play solutions for subsidiaries and small business units.

13.8 Reconciliation and Regulatory Change Management

Automated reconciliation processes and adaptive architecture ensuring continuous compliance as regulations evolve.

Reconciliation & Reporting
  • Daily and intraday reconciliation across ERP, SmartAPI, and FIRS
  • Exception queues for mismatches with Finance workflows for correction
  • Digitally signed reconciliation reports archived alongside invoice evidence
  • Dashboards for Finance, IT, and Compliance with drill-down and export options
Regulatory Change Absorption
  • Schema versioning and backward compatibility built into SmartAPI
  • Feature flags enable rapid rollout of regulator changes without ERP disruption
  • Hotfix deployment pipeline ensures compliance updates within days, not months
  • Client systems continue submitting canonical payloads unaffected

13.10 Why Clients Benefit

Four key promises that ensure your technical investment delivers lasting value and competitive advantage.

No Gaps

Every regulator requirement is covered, down to HS codes and QR codes - complete compliance assurance with audit-ready evidence.

No Rework

SmartAPI absorbs regulator changes centrally - your systems remain stable and unchanged while staying compliant.

No Disruption

Works with ECC today, S4 tomorrow, and legacy forever - future-proof integration protecting your IT investments.

Audit Ready

Evidence bundles and signed reports at the click of a button - compliance made simple for Finance teams.

Technical Excellence Promise

Complete technical coverage of every FIRS requirement with enterprise-grade performance, security, and reliability that evolves with regulatory changes while protecting your existing IT investments.

Previous: Detailed Scope of Work
Next: Systems Requirements by Option