Poland — preparing for e-invoice onboarding
Poland — preparing for e-invoice onboarding
What Staple needs from you
To receive e-invoices on your behalf through KSeF (Krajowy System e-Faktur) — Poland’s national e-invoicing platform — Staple needs to connect to KSeF for each Polish entity you operate. KSeF requires a valid authentication certificate to authorise this connection.
The certificate must be generated by you. KSeF requires login with your Trusted Profile (Profil Zaufany), which is tied to your organisation’s identity — it cannot be delegated to Staple.
For each Polish entity, please generate two sets of credentials: one on the KSeF Demo portal (used during the testing phase) and one on the KSeF Production portal (used in live operation).
Each set consists of three items:
- A KSeF authentication certificate file
- The matching private key file
- The password you set when generating the certificate
We strongly recommend generating both sets at the same time so there is no delay when you are ready to go live.
Before you start
Please make sure you have:
- A valid Polish Tax Identification Number (NIP) for the entity you want to register.
- Access to the entity’s Trusted Profile (Profil Zaufany) — Poland’s government digital identity system, used to log in to KSeF. If your organisation does not yet have a Trusted Profile set up, follow the Trusted Profile setup tutorial.
- The right person generating the certificate. The certificate must be generated from the company’s main KSeF account, or from an account that has been granted both InvoiceRead and InvoiceWrite permissions in KSeF. Otherwise the connection from Staple to KSeF will fail with a permissions error.
- A secure place to store the files and password — for example, your organisation’s password manager. Treat the certificate, private key, and password the same way you would treat a login credential to KSeF.
Step-by-step: generate a KSeF certificate
The process below applies to both the Demo and Production portals — only the portal URL changes. Please repeat the same steps twice, once on each portal.
Log in with your Trusted Profile
Authenticate to the KSeF portal using your Trusted Profile (Profil Zaufany).
Generate the certificate
Once logged in to the KSeF 2.0 application:
- Navigate to the certificate generation section.
- Enter a certificate name and a password.
- Save the password. You will need it later when uploading the certificate to Staple.
- The private key will be generated and downloaded automatically.
- Save the private key file.
- Select “KSeF Authentication” as the certificate type.
- Set the start date to today or earlier.
- ⚠️ A start date in the future will cause an error.
- The certificate file will be generated and downloaded to your device.
- Save the certificate file.
What you should have at the end
After completing the steps on both portals, you should have two complete sets stored securely. Each set contains:
Keep each set together and clearly labelled (Demo vs. Production). Each set only works as a complete trio, and the two sets are not interchangeable — Demo credentials only authenticate against the Demo environment, and Production credentials only authenticate against the live environment.
What happens next
When you are ready to register, contact Staple support at support@staple.io with:
- Your company information — legal entity name, NIP, and optionally address
- Your KSeF credentials — the appropriate set for the environment you are starting in (Demo credentials during the testing phase, Production credentials when moving to live operation)
Staple will connect to KSeF using your credentials and start receiving e-invoices addressed to your NIP.
If any issue is encountered during connection (for example, missing permissions on the certificate), Staple will contact you using the email address you provided.