Skip to main content
POST
/
apps
/
gov-pl
/
v1
/
entry
/
{silo_entry_id}
/
certificate
cURL
curl --request POST \
  --url https://api.invopop.com/apps/gov-pl/v1/entry/{silo_entry_id}/certificate \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "password": "MySecurePassword123!",
  "private_key": "aSDinaTvuI8gbWludGxpZnk=",
  "certificate": "aSDinaTvuI8gbWludGxpZnk="
}
'
{
  "message": "<string>"
}
The certificate, private key, and password must be generated client-side following the standard KSeF certificate generation process:
  1. Log into the KSeF Portal (production) or KSeF Demo Portal (demo)
  2. Generate the certificate with authentication enabled for KSeF
  3. Download the certificate file and private key file
  4. Save the password used during generation
All three components are required for authentication with the KSeF system. The uploaded credentials are securely stored and used to sign and submit invoices on behalf of the registered party.
This endpoint should only be used after running the party registration workflow. The entry must be in a state where it is waiting for certificate upload.
The certificate and private key must be base64-encoded. Ensure the certificate start date is not in the future, and that the certificate and private key match.

Authorizations

Authorization
string
header
required

Use the Bearer scheme with a valid JWT token to authenticate requests. Example: Authorization: Bearer <token>

Path Parameters

silo_entry_id
string
required

ID of the party silo entry to upload the certificate for.

Example:

"5b45453c-cdd0-11ed-afa1-0242ac120002"

Body

application/json
password
string
required

The password set during certificate generation in the KSeF portal.

Example:

"MySecurePassword123!"

private_key
string<byte>
required

Base64 encoded private key file downloaded from the KSeF portal. The private key must match the certificate and be properly formatted.

certificate
string<byte>
required

Base64 encoded certificate file downloaded from the KSeF portal. The certificate must be valid, with a start date that is not in the future, and must be configured for "Authentication in the KSeF system".

Response

Certificate uploaded successfully and validated.