Introduction

On July 13, 2017, the Financial Secretary to the Treasury and Paymaster General in the United Kingdom announced that Making Tax Digital (MTD) for value-added tax (VAT) will take effect on April 1, 2019.

To support the MTD for VAT requirements on Dynamics AX 2012 R3 the hotfix was released: KB 4488588.

Additionally, HM Revenue and Customs (HMRC) introduced compulsory to supply header information for VAT API from April 2019 to prevent fraud. For more information, see Fraud prevention.

To prevent fraud, APIs of the HMRC provide HTTP headers that must be used to pass audit data. Support of fraud prevention headers which can be automatically defined by the system was released in KB 4505299.

Overview

As it is explained in the KB 4505299, for Dynamics AX 2012 R3 fraud prevention headers for “DESKTOP_APP_VIA_SERVER” connection method are implemented. Following headers system (KB 4505299) can define automatically:

HTTP header

Description

Gov-Client-Device-ID

An identifier unique to an originating device.

Gov-Client-User-IDs

A key-value data structure containing the user identifiers.

Gov-Client-Timezone

The local time-zone of the originating device.

Gov-Client-Screens

Information related to the originating device’s screens. The fields include:

  • width is the reported width of the screen, in pixels

  • height is the reported height of the screen, in pixels

  • scaling-factor is the reported scaling factor of the screen.

  • color-depth is the color depth of the screen, in bits.

Gov-Client-Window-Size

The number of pixels of the window on the originating device in which the user initiated (directly or indirectly) the API call to HMRC.

Gov-Client-User-Agent

An attempt to identify the operating system family, version, device manufacturer and model of the originating device.

Gov-Vendor-Version

A key-value data structure of software versions involved in handling a request.

Gov-Client-MAC-Addresses

The list of MAC addresses available on the originating device.

The following headers are required for “DESKTOP_APP_VIA_SERVER” connection method but system cannot define them automatically:

HTTP header

Description

Gov-Client-Public-IP

The public IP address (IPv4 or IPv6) from which the originating device makes the request.

Gov-Client-Public-Port

The public TCP port that the originating device uses when initiating the request.

Gov-Client-Local-IPs

A list of all local IP addresses (IPv4 and IPv6) available to the originating device.

Gov-Vendor-License-IDs

A key-value data structure of hashed license keys relating to the vendor software initiating the API request on the originating device.

Gov-Vendor-Public-IP

The public IP address of the servers to which the originating device sent their requests.

Gov-Vendor-Forwarded

A list that details hops over the internet between services that terminate TLS.

This hotfix provides changes in the “Web service parameters” form for system admin to set up fraud prevention headers which cannot be defined by the system automatically.

Setup

When you activate (KB 4505299) transmission of fraud prevention headers during interoperating with API of the HMRC, your requests to HMRC will start transmitting with fraud prevention headers which can be defined automatically.

If you decide to transmit additionally fraud prevention parameters which cannot be defined automatically, open “Web service parameters” form and select “Fraud prevention” tab:

image.png

Click “Populate” button to automatically add the fraud prevention headers currently requested by HMRC for “DESKTOP_APP_VIA_SERVER” connection method which cannot be defined automatically:

image.png

Specify values in the “Value” column for those headers which you want to be sent to HMRC as part of Https requests to VAT API.

You can delete from this list or leave empty values for those headers which you don’t want to send to HMRC as part of Https requests to VAT API.

You can add manually a header and a value for it to send it to HMRC as part of Https requests to VAT API.

If “Sandbox base URL” field on “General” tab is filled in with address of a sandbox web application, you can validate them with “Test Fraud Prevention Headers API” provided by HMRC: https://developer.service.hmrc.gov.uk/api-documentation/docs/api/service/txm-fph-validator-api/1.0 .

Click “Validate” button, to review collected headers’ values:

image.png

Validation endpoint path” field contains predefined value: “/test/fraud-prevention-headers/validate”. This is address of “Test Fraud Prevention Headers API” for sandbox web applications. It is not recommended to change this value unless HMRC would change this address and officially announced the new one. Click “OK” button to address your fraud prevent headers to “Test Fraud Prevention Headers API” for validation. “Test Fraud Prevention Headers API” will send response in JSON format informing results of the validation.

When “Include fraud prevention parameters" parameter is marked on “General” tab, dialog-box with automatically defined and supplementary defined by system admin fraud prevention parameters will be shown.

It is recommended to address API requests to HMRC with complete scope of fraud prevention headers.

Hotfix information

A supported hotfix is available from Microsoft. There is a "Hotfix download available" section at the top of this Knowledge Base article. If you are encountering an issue downloading, installing this hotfix, or have other technical support questions, contact your partner or, if enrolled in a support plan directly with Microsoft, you can contact technical support for Microsoft Dynamics and create a new support request. To do this, visit the following Microsoft website:

https://mbs.microsoft.com/support/newstart.aspx

You can also contact technical support for Microsoft Dynamics by phone using these links for country specific phone numbers. To do this, visit one of the following Microsoft websites:

Partners

https://mbs.microsoft.com/partnersource/resources/support/supportinformation/Global+Support+Contacts

Customers

https://mbs.microsoft.com/customersource/support/information/SupportInformation/global_support_contacts_eng.htm

In special cases, charges that are ordinarily incurred for support calls may be canceled if a Technical Support Professional for Microsoft Dynamics and related products determines that a specific update will resolve your problem. The usual support costs will apply to any additional support questions and issues that do not qualify for the specific update in question.

How to obtain the Microsoft Dynamics AX updates files

This update is available for manual download and installation from the Microsoft Download Center.

Download update for Microsoft Dynamics AX 2012 R3

Prerequisites

You must have one of the following products installed to apply this hotfix:

  • Microsoft Dynamics AX 2012 R3

Restart requirement

You must restart the Application Object Server (AOS) service after you apply the hotfix.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.