No. Communication between Client and GSTN / NIC Ewb server is encrypted and GSP will not be able to read the data payload.

Though GST or eWayBill API is being pipelined through GSP (GST Suvidha Provider) or ASP (Application Suvidha Provider) provided connectivity, the security of both GST and EWB API is designed in such a way that the data channel established is encrypted end-to-end between client and GSTN/NIC server and GSP has no way to decrypt and read the client’s data. GSP just provides secure pipeline to connect to GST or eWayBill servers.

Let me explain this in more detail, both API requires getting AuthToken to start API access session valid for 6 hours. While getting AuthToken, client’s application, and GSTN or NIC server exchanges symmetric encryption key, encrypted by public key of GSTN or NIC, and only GSTN or NIC can decrypt this symmetric encryption key using their private key. Once established, symmetric encryption key (client and server having same encryption key) is then used by client to encrypt data to be sent to GSTN or NIC server. Server in turn send data encrypted with this symmetric encryption key, which only client knows and GSP does not know this symmetric encryption key and thus, its not possible for GSP to read data in the API payload.

Thus TaxPro GSP or any other GSP, unless he is doing above steps instead of client, does not have any means to read TaxPayer’s data being exchanged with GSTN or NIC eWayBill Servers.