Skip to main content
Guide for the transfer of tax information electronically to Public Administrations for the exercise of their powers (PROTGEN)

3.3.3. Description of this information provision route

Web service technology involves computer developments by the entity requesting information, for the implementation of the information obtaining system in its applications.

The ECOT AND NIVRENTI web services can be used with its own infrastructure or with a third party in charge of processing admitted by the Tax Agency and with whom the transferee has signed a legal act that guarantees the appropriate security and protection measures for personal data in the terms established by the EU General Data Protection Regulation (Intermediation Platform).

According to the intermediation model, both the client organizations (information requesters) and the information providers (in this case the Tax Agency) will communicate with each other through a Data Intermediation Platform, which will be in charge of channeling communications between both. To use the Data Intermediation Platform of the General State Administration, it is necessary that the organizations requesting the information have access to the SARA network.

Once developed by the IT services, the authorized body will enter in its certificate request application the identifying data of the interested party from whom it wishes to obtain information, the purpose of the request and the type of certificate requested. Before sending the request to the web service of the issuing body, you must sign the request message.

The signing of the request message will follow the XML-DSig protocol, except in the case of intermediated web services, for which it will be signed under WS-Security.

To send the request, a secure channel (SSL tunnel) will be established. The Tax Agency web services require client authentication when establishing this channel. To successfully establish this tunnel, it is necessary that the electronic certificate used for this purpose has been authorized by the AEAT.

Therefore, to send a request one or more electronic certificates will be used in two moments: for the signing of the petition and for the establishment of the secure channel. It is not necessary that these actions be carried out with the same certificate, but it is necessary that said situation be communicated to the AEAT, which will associate them with the requesting body.

Once the request message is generated and sent by the requesting body, the issuing body will verify that it is authorized to invoke the requested web service. Once this verification has been carried out, the issuing body will process the request, issuing an electronically signed response (document in XML format that contains all the related data) that will be sent to the requesting body synchronously.

Technical information about this project (specifications, libraries, schematics and WSDL files describing this system) can be found at:

https://administracionelectronica.gob.es/ctt/scsp New window

For more information you can contact: