Automation for self-employed: how to integrate the tax with the IT project

From January 1, 2019, a law was adopted for four constituent entities of the Russian Federation (Moscow, Moscow and Kaluga regions, as well as the Republic of Tatarstan) introducing a new Professional Work Tax (NPA) pilot project. In short, his main task is to save professional figures from all the difficulties of small business: a tax of 6% (in the case of individual entrepreneurs), mandatory pension contributions, the amount of which every year only for one person itself approaches 50 thousand rubles, a tax declaration. Thus, the state supports small business, providing low-cost start-up entrepreneurs (4% for income from individuals and 6% from legal). If you want more details - you can see detailed information on the Internet.

NPA is entitled to use even individuals who work in the field of IT. How can this help? For example, you have developed a service that works on the Internet, you want to accept payments. You do not have to register a legal entity for the sake of such business activities and solve a bunch of questions right from the start. It is enough to register as a self-employed person and on a word of honor to manually hammer in each service or product. At the same moment, the developer of the service thinks: “Is it possible to automate this process?”. And the answer here - "Of course, you can!". The article, in fact, is to tell you how this is done.
Important note: the author of the article uses the knowledge gained from the study of the application, only for good - automation of routine. He wishes you the same motives.

Step 1. Determining HTTP traffic

Here you will need the official application of the taxpayer "My Tax". You can download it through Google Play.

For this article, it will be sufficient to determine the sourceDeviceId (I suspect that this is the same as the android id) and refreshToken, however, you can explore absolutely all the API methods proposed by the application to the study. To determine it, you need to receive HTTPS requests from your smartphone. For a stock device without root rights, you can use a computer, the free Fiddler program. To understand the work of the program, I took advantage of a not quite relevant guide , however, it was enough to intercept https traffic of the smartphone and display the work of the application on the computer screen.

After installing all the necessary you need to register as a taxpayer and close the application. Then activate the Fiddler program, establish a proxy connection on the smartphone and start the application again. The application will make an authorization request with a refresh token, which at the time of this article is created with an indefinite validity period:


As you can see in the screenshot, the application has the base domain (a subdomain of the tax service website of the Russian Federation) and an API version 1. Authorization for methods are used by Bearer, the token for it is generated via the / auth / token method. The data from the sourceDeviceId and refreshToken request fields are extremely necessary. I checked the work of refreshToken'a 3 days after the experiment - it works, therefore, the token for 1 hour can be safely taken, knowingly having one actual refreshToken.

The method of sending a parish itself looks like this and has all the necessary fields:


Note that all fields are required. The services field may make you want to send several services in an array, but only the first service will appear on the check, although the final cost will be complete. Still, the service is rather damp, and it was launched only recently, we will not dwell on it (although it’s a shame actually, several positions are sometimes necessary).

It is also worth paying attention to the answer: approvedReceiptUuid: the field contains a unique check code, which can be obtained without any difficulties from your TIN and UUID check.

Step 2. Script development

To quickly demonstrate the concept of automation, Python 3.7.2 is used with the requests library:

import requests
import datetime
import shutil
TIME_OFFSET = '+03:00'
TOKEN = ''
INN = ''defDO(method, params):
    headers = {"Authorization":"Bearer "+TOKEN} if TOKEN != ''else {}
    r =, json=params, headers=headers)
    return r.json()
    reqparam = {
	"deviceInfo": {
            "appVersion": "1.0.0",
	    "metaDetails": {
		"browser": "",
                "browserVersion": "",
                "os": "android"
            "sourceDeviceId": DEVICE_ID,
            "sourceType": "android"
	"refreshToken": REFRESH_TOKEN
    res = DO('auth/token', reqparam)
    # TODO: сохранять tokenExpireIn и не вызывать авторизацию каждый разreturn res['token']
# TODO: научиться нормально программировать
TOKEN = get_token()
defnew_transaction(service, amount):
    trans_time =[:-3]+TIME_OFFSET
    reqparam = {
	"ignoreMaxTotalIncomeRestriction": False,
	"operationTime": trans_time,
	"paymentType": "CASH",
	"requestTime": trans_time,
	"services": [
                "amount": amount,
		"name": service,
		"quantity": 1
	"totalAmount": amount
    res = DO('income', reqparam)
    return res['approvedReceiptUuid']
    headers = {"Authorization":"Bearer "+TOKEN}
    r = requests.get(
    with open('receipt.png', 'wb') as f:
        r.raw.decode_content = True
        shutil.copyfileobj(r.raw, f)
if __name__ == '__main__':
    rec = new_transaction('Тестовая услуга', '1.00')

Substitute the necessary values ​​- the script will work as it should. You can add error handlers and improve delivery - the above script only shows how to work with the NAP tax API.
Note It is possible that the tax agency will publish the API in the future, but now it does not do it just because few people need it. Therefore, this case is postponed until later. However, I hasten to note that if the official manual is published, it will contain either similar information or slightly improved information, in terms of authorization for sure.


In conclusion, I would like to note: do not repeat this at home; nothing is impossible. Even such a routine thing can be safely automated. Copy the code, modify in your own way. Perhaps, then I implement the library so that the automation will be much more accessible to everyone. I am waiting for your objective criticism and continue to dig in the direction of the API. My next goal is to idealize the principle of authorization and create a library for Python.

Also popular now: