A comprehensive Node.js client for Malaysia's MyInvois e-invoicing system with full digital signature support.
bun installCreate a .env file in the project root with your MyInvois credentials:
# MyInvois API Credentials (from MyInvois portal)
CLIENT_ID=your_client_id_here
CLIENT_SECRET=your_client_secret_here
# Your Certificate and Private Key (PEM format)
TEST_CERTIFICATE="-----BEGIN CERTIFICATE-----
your_certificate_content_here
-----END CERTIFICATE-----"
TEST_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
your_private_key_content_here
-----END PRIVATE KEY-----"
# Your MyInvois TIN (Tax Identification Number)
TIN_VALUE=IG12345678901
# Your NRIC/Business Registration Number
NRIC_VALUE=123456789012
# Additional test TINs for comprehensive testing
TEST_TIN_1=C12345678901
TEST_TIN_2=C98765432109
TEST_TIN_3=IG98765432109
# Test buyer information
BUYER_TIN_VALUE=IG00000000000
BUYER_NRIC_VALUE=000000000000bun testFor testing purposes, you can generate self-signed certificates with MyInvois-required fields:
Create myinvois-cert.conf:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = MY
ST = YOUR_STATE
L = YOUR_CITY
O = YOUR_COMPANY_NAME
CN = YOUR_COMPANY_NAME
emailAddress = YOUR_EMAIL
serialNumber = YOUR_BUSINESS_REGISTRATION_NUMBER
[v3_req]
keyUsage = keyEncipherment, dataEncipherment, digitalSignature, nonRepudiation
extendedKeyUsage = clientAuth, emailProtection
subjectAltName = @alt_names
[alt_names]
email.1 = YOUR_EMAIL
DNS.1 = YOUR_DOMAINopenssl genrsa -out myinvois-test-key.pem 2048# Basic certificate with SERIALNUMBER
openssl req -new -x509 -key myinvois-test-key.pem -out myinvois-test-cert.pem -days 365 -config myinvois-cert.conf
# Enhanced certificate with organizationIdentifier (OI) field for TIN
openssl req -new -x509 -key myinvois-test-key.pem -out myinvois-enhanced-cert.pem -days 365 \
-subj "/C=MY/ST=YOUR_STATE/L=YOUR_CITY/O=YOUR_COMPANY_NAME/CN=YOUR_COMPANY_NAME/serialNumber=YOUR_BUSINESS_REG/2.5.4.97=YOUR_TIN/emailAddress=YOUR_EMAIL"# Check certificate details
openssl x509 -in myinvois-enhanced-cert.pem -text -noout | grep -A 2 -B 2 "Subject:"
# Should show both:
# serialNumber=YOUR_BUSINESS_REG
# organizationIdentifier=YOUR_TINReplace the placeholders with your actual values:
YOUR_STATE:Kuala LumpurYOUR_CITY:Kuala LumpurYOUR_COMPANY_NAME:My Company Sdn BhdYOUR_EMAIL:admin@mycompany.comYOUR_BUSINESS_REG:202301234567(SSM registration)YOUR_TIN:IG12345678901(MyInvois TIN)YOUR_DOMAIN:mycompany.com
The client includes a built-in, per-clientId request queue that proactively
keeps each API category within the MyInvois-documented limits (e.g. submit
documents 100/min, get submission 300/min, cancel/reject 12/min). Requests that
would exceed a category's limit are queued and released as the sliding window
frees up — you can fire calls freely and the queue paces them.
These are intentional trade-offs for a dependency-free, in-process limiter. Plan around them for production deployments:
- In-process only. Limits are tracked in memory per Node.js process. If you run multiple instances/workers (clustered NestJS, PM2 cluster, serverless, multiple pods), each process tracks its own counts, so the combined traffic can exceed the MyInvois limit. For horizontally-scaled deployments, throttle upstream or route MyInvois calls through a single worker.
- Bursts within the cap. The limiter allows up to
maxrequests in the same instant (as long as the 60s window allows it). This is within the documented limit, but if you observe429s under heavy concurrency, reduce upstream concurrency. - No automatic
429/Retry-Afterback-off. The limiter is proactive only; it does not currently inspect rate-limit response headers and retry. - Login is not queued. Token requests (
/connect/token) bypass the queue. Cache and reuse the client so token refreshes stay infrequent.
- MSC Trustgate: https://www.msctrustgate.com/
- Digicert Sdn Bhd
- Cybersign Asia
The certificate must include:
organizationIdentifierfield with your TINSERIALNUMBERfield with your business registration number- Issued by a MyInvois-trusted CA
This project was created using bun init in bun v1.2.10. Bun is a fast all-in-one JavaScript runtime.