In order to use the National e-Invoice System (KSeF), user authentication is required. This applies whether you are using commercial tools or an application provided by the Ministry of Finance.
Authentication Methods in KSeF
The use of the National e-Invoice System is possible through the following authentication methods:
- Qualified electronic signature
- Qualified electronic seal (equivalent to a company stamp)
- Trusted signature
- Token (a string of alphanumeric characters, excluding punctuation marks) generated by
the system after authentication through one of the above methods.
Once authenticated, KSeF can be used for various purposes such as viewing, issuing and receiving structured invoices. Additionally, an entity authorized by the entrepreneur, such as an accounting office, can also operate in the system.
Authentication for Individuals
For individuals, such as sole proprietorships, authorization can be done with a qualified electronic signature, a trusted signature (Trusted Profile) or through an API and a pre-generated token.
If the electronic signature does not include the TIN and PESEL, authentication is possible by reporting the unique data identifying the signature (the so-called fingerprint) in the ZAW-FA notification, which should be sent to the tax office.
Authentication for Companies
In the case of entities that do not have the ability to authenticate electronically, granting or revoking rights to use the KSeF may be done by submitting a ZAW-FA notification. The notification indicates the person to whom we grant or revoke the right to use the KSeF. The notification also serves to report the identifying data of the electronic signature (so-called fingerprint) in the case of persons who have an electronic signature that does not include either the NIP or PESEL.
The rights granted via the ZAW-FA notification will be entered into the system by the appropriate tax office, which will initially check the notification for formalities (mainly whether the notification is signed by the appropriate number of authorized representatives). Then the official will enter the notification into the system – immediately upon receipt.
Anonymous Access to Invoices
KSeF also provides an option for anonymous access to a single e-invoice (without prior authentication in the system). To use this option, the following data must be provided on the dedicated page:
- The number identifying a given invoice in the National e-Invoice System
- Invoice number
- NIP number or other identifier of the purchaser, or information on the lack thereof
- The name or surname of the purchaser, or information about the absence of such data;
- The total amount due.
To use A-Cube PL API with KSeF, a user is required to provide a valid token from a government web application. This token acts as a form of authentication and ensures that only authorized individuals or entities are able to access and utilize the system. Without a valid token, access to the KSeF will be denied. To obtain a token, the user must first register and go through an electronic authentication process on the government web application. Once authenticated, the user will be provided with a unique token that is valid until revoked by the user.