Provisions government portal credentials for an organization and jurisdiction. OpenFiskal stores the credentials encrypted at rest and uses them only to submit fiscal data on the merchant’s behalf.
The portal_type discriminates the credential shape:
fisconline — Italian Fisconline (Codice Fiscale holder, B2C RT):
pin + password + tax_id_number. Password expires every 60 days.entratel — Italian Entratel (accountants, corporate filers):
pin + password + tax_id_number. Same rotation cadence as Fisconline.finanz_online — Austrian BMF portal (RKSV):
participant_id + user_id + pin. Expires annually.After provisioning, call /validate to confirm the credentials work
against the live portal before commissioning any registers.
Credentials are write-only — raw values are never returned after this
call. Only masked representations (e.g. pin: "****3") are returned
on subsequent reads.
Platform API key sent as Authorization: Bearer ofk_platform_....
Platform integrators also pass OpenFiskal-Organization: org_xxx
to act on behalf of a merchant.
Identifies the government portal and determines the expected credential shape.
fisconline — Italian AdE portal for natural persons and
businesses. Used for RT commercial document transmission.entratel — Italian AdE portal for accountants and large
corporate filers. Functionally similar to Fisconline but
separate authentication system.finanz_online — Austrian BMF portal. Required for RKSV
registration, TSE certificate management, and annual
transmission reports.fisconline, entratel, finanz_online ISO 3166-1 alpha-2 country code
IT, AT "IT"
Portal-specific credential fields. Shape is determined by
portal_type. All values are stored encrypted and never
returned after creation.
Optional human-readable label for internal reference
"Acme S.r.l. – Fisconline"
Credentials provisioned
"fpc_01HXYZ"
"fiscal_portal_credential"fisconline, entratel, finanz_online IT, AT Lifecycle state of the credentials.
unvalidated — provisioned but not yet tested against the portal.
Fiscal transmission will be attempted but may fail.valid — last validation succeeded. Credentials are working.expiring_soon — credentials are valid but the password expiry
is within the warning window (14 days for Fisconline/Entratel,
30 days for FinanzOnline). Renew at the government portal and
rotate via PATCH.expired — password has passed its expiry date. Fiscal
transmission is blocked. Merchant must renew at the portal
and rotate via PATCH.invalid — last validation failed (wrong credentials, account
locked, or portal-side issue). Transmission blocked. Investigate
via validation_error.unvalidated, valid, expiring_soon, expired, invalid Masked representations of the stored credential fields. Never contains raw secret values. Useful for confirming which values are on file without requiring re-entry.
Projected credential expiry date, calculated from the last
validation timestamp and the known rotation period for this
portal type (Fisconline/Entratel: 60 days; FinanzOnline: 365 days).
null if the credential has never been validated.
Timestamp of the most recent successful validation attempt against the government portal.
Human-readable error message from the last failed validation
attempt. null if the last validation succeeded.
"PIN or password incorrect (AdE error code: 401)"