ksef-client-ts 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +70 -0
  3. package/dist/cli.js +10085 -0
  4. package/dist/cli.js.map +1 -0
  5. package/dist/index.cjs +7341 -0
  6. package/dist/index.cjs.map +1 -0
  7. package/dist/index.d.cts +2009 -0
  8. package/dist/index.d.ts +2009 -0
  9. package/dist/index.js +7243 -0
  10. package/dist/index.js.map +1 -0
  11. package/package.json +80 -0
package/dist/index.d.ts ADDED
@@ -0,0 +1,2009 @@
1
+ import * as crypto from 'node:crypto';
2
+
3
+ interface EnvironmentConfig {
4
+ apiUrl: string;
5
+ qrUrl: string;
6
+ lighthouseUrl: string;
7
+ }
8
+ declare const Environment: {
9
+ readonly TEST: {
10
+ readonly apiUrl: "https://api-test.ksef.mf.gov.pl";
11
+ readonly qrUrl: "https://qr-test.ksef.mf.gov.pl";
12
+ readonly lighthouseUrl: "https://api-latarnia-test.ksef.mf.gov.pl";
13
+ };
14
+ readonly DEMO: {
15
+ readonly apiUrl: "https://api-demo.ksef.mf.gov.pl";
16
+ readonly qrUrl: "https://qr-demo.ksef.mf.gov.pl";
17
+ readonly lighthouseUrl: "";
18
+ };
19
+ readonly PRD: {
20
+ readonly apiUrl: "https://api.ksef.mf.gov.pl";
21
+ readonly qrUrl: "https://qr.ksef.mf.gov.pl";
22
+ readonly lighthouseUrl: "https://api-latarnia.ksef.mf.gov.pl";
23
+ };
24
+ };
25
+ type EnvironmentName = keyof typeof Environment;
26
+
27
+ type TransportFn = (url: string, init: RequestInit) => Promise<Response>;
28
+ declare const defaultTransport: TransportFn;
29
+
30
+ interface RetryPolicy {
31
+ maxRetries: number;
32
+ baseDelayMs: number;
33
+ maxDelayMs: number;
34
+ retryableStatusCodes: number[];
35
+ retryNetworkErrors: boolean;
36
+ }
37
+ declare function defaultRetryPolicy(): RetryPolicy;
38
+ declare function calculateBackoff(attempt: number, policy: RetryPolicy): number;
39
+ declare function parseRetryAfter(header: string | null): number | null;
40
+ declare function isRetryableError(error: unknown, policy: RetryPolicy): boolean;
41
+ declare function isRetryableStatus(status: number, policy: RetryPolicy): boolean;
42
+ declare function sleep(ms: number): Promise<void>;
43
+
44
+ interface RateLimitConfig {
45
+ globalRps: number;
46
+ endpointLimits?: Record<string, number>;
47
+ }
48
+ declare class RateLimitPolicy {
49
+ private readonly globalBucket;
50
+ private readonly endpointBuckets;
51
+ private readonly endpointLimits;
52
+ private chain;
53
+ constructor(config: RateLimitConfig);
54
+ acquire(endpoint: string): Promise<void>;
55
+ private doAcquire;
56
+ }
57
+ declare function defaultRateLimitPolicy(): RateLimitPolicy;
58
+
59
+ interface AuthManager {
60
+ getAccessToken(): string | undefined;
61
+ setAccessToken(token: string | undefined): void;
62
+ getRefreshToken(): string | undefined;
63
+ setRefreshToken(token: string | undefined): void;
64
+ onUnauthorized(): Promise<string | null>;
65
+ }
66
+ declare class DefaultAuthManager implements AuthManager {
67
+ private token;
68
+ private refreshToken;
69
+ private readonly refreshFn;
70
+ private refreshPromise;
71
+ constructor(refreshFn: () => Promise<string | null>, initialToken?: string);
72
+ getAccessToken(): string | undefined;
73
+ setAccessToken(token: string | undefined): void;
74
+ getRefreshToken(): string | undefined;
75
+ setRefreshToken(token: string | undefined): void;
76
+ onUnauthorized(): Promise<string | null>;
77
+ }
78
+
79
+ interface KSeFClientOptions {
80
+ environment?: EnvironmentName;
81
+ baseUrl?: string;
82
+ baseQrUrl?: string;
83
+ lighthouseUrl?: string;
84
+ apiVersion?: string;
85
+ timeout?: number;
86
+ customHeaders?: Record<string, string>;
87
+ transport?: TransportFn;
88
+ retry?: Partial<RetryPolicy>;
89
+ rateLimit?: Partial<RateLimitConfig> | null;
90
+ presignedUrlHosts?: string[];
91
+ authManager?: AuthManager;
92
+ }
93
+ interface ResolvedOptions {
94
+ baseUrl: string;
95
+ baseQrUrl: string;
96
+ lighthouseUrl: string;
97
+ apiVersion: string;
98
+ timeout: number;
99
+ customHeaders: Record<string, string>;
100
+ }
101
+ declare function resolveOptions(options?: KSeFClientOptions): ResolvedOptions;
102
+
103
+ interface ExceptionDetails {
104
+ exceptionCode?: number;
105
+ exceptionDescription?: string | null;
106
+ details?: string[] | null;
107
+ }
108
+ interface ApiErrorResponse {
109
+ exception?: {
110
+ serviceCtx?: string;
111
+ serviceCode?: string;
112
+ serviceName?: string;
113
+ timestamp?: string;
114
+ referenceNumber?: string;
115
+ exceptionDetailList?: ExceptionDetails[];
116
+ };
117
+ }
118
+ interface UnauthorizedProblemDetails {
119
+ title: string;
120
+ status: number;
121
+ detail: string;
122
+ instance?: string;
123
+ traceId?: string;
124
+ }
125
+ type ForbiddenReasonCode = 'missing-permissions' | 'ip-not-allowed' | 'insufficient-resource-access' | 'auth-method-not-allowed' | 'security-service-blocked' | (string & {});
126
+ interface ForbiddenProblemDetails {
127
+ title: string;
128
+ status: number;
129
+ detail: string;
130
+ instance?: string;
131
+ reasonCode: ForbiddenReasonCode;
132
+ security?: Record<string, unknown>;
133
+ traceId?: string;
134
+ }
135
+
136
+ declare class KSeFError extends Error {
137
+ constructor(message: string);
138
+ }
139
+
140
+ interface ValidationDetail {
141
+ field?: string;
142
+ message: string;
143
+ }
144
+ declare class KSeFValidationError extends KSeFError {
145
+ readonly details: ValidationDetail[];
146
+ constructor(message: string, details?: ValidationDetail[]);
147
+ static fromField(field: string, message: string): KSeFValidationError;
148
+ static fromMessages(messages: string[]): KSeFValidationError;
149
+ }
150
+
151
+ declare class KSeFApiError extends KSeFError {
152
+ readonly statusCode: number;
153
+ readonly errorResponse?: ApiErrorResponse;
154
+ constructor(message: string, statusCode: number, errorResponse?: ApiErrorResponse);
155
+ static fromResponse(statusCode: number, body?: ApiErrorResponse): KSeFApiError;
156
+ }
157
+
158
+ declare class KSeFRateLimitError extends KSeFApiError {
159
+ readonly retryAfterSeconds?: number;
160
+ readonly retryAfterDate?: Date;
161
+ readonly recommendedDelay: number;
162
+ constructor(message: string, statusCode: number, errorResponse?: ApiErrorResponse, retryAfterSeconds?: number, retryAfterDate?: Date);
163
+ static fromRetryAfterHeader(statusCode: number, retryAfterHeader?: string | null, body?: ApiErrorResponse): KSeFRateLimitError;
164
+ }
165
+
166
+ declare class KSeFUnauthorizedError extends KSeFError {
167
+ readonly statusCode = 401;
168
+ readonly detail: string;
169
+ readonly traceId?: string;
170
+ readonly instance?: string;
171
+ constructor(problemDetails: UnauthorizedProblemDetails);
172
+ }
173
+
174
+ declare class KSeFForbiddenError extends KSeFError {
175
+ readonly statusCode = 403;
176
+ readonly detail: string;
177
+ readonly reasonCode: ForbiddenReasonCode;
178
+ readonly instance?: string;
179
+ readonly security?: Record<string, unknown>;
180
+ readonly traceId?: string;
181
+ constructor(problemDetails: ForbiddenProblemDetails);
182
+ }
183
+
184
+ declare class KSeFAuthStatusError extends KSeFError {
185
+ readonly referenceNumber?: string;
186
+ readonly statusDescription?: string;
187
+ constructor(message: string, referenceNumber?: string, statusDescription?: string);
188
+ }
189
+
190
+ declare class KSeFSessionExpiredError extends KSeFError {
191
+ constructor(message?: string);
192
+ }
193
+
194
+ declare class RouteBuilder {
195
+ private readonly apiVersion;
196
+ constructor(apiVersion: string);
197
+ build(endpoint: string, apiVersion?: string): string;
198
+ }
199
+
200
+ type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE';
201
+ declare class RestRequest {
202
+ readonly method: HttpMethod;
203
+ readonly path: string;
204
+ private _body?;
205
+ private _headers;
206
+ private _query;
207
+ private _presigned;
208
+ private _skipAuthRetry;
209
+ private constructor();
210
+ static get(path: string): RestRequest;
211
+ static post(path: string): RestRequest;
212
+ static put(path: string): RestRequest;
213
+ static delete(path: string): RestRequest;
214
+ body(data: unknown): this;
215
+ header(name: string, value: string): this;
216
+ headers(headers: Record<string, string>): this;
217
+ accessToken(token: string): this;
218
+ query(key: string, value: string): this;
219
+ presigned(flag?: boolean): this;
220
+ isPresigned(): boolean;
221
+ skipAuthRetry(flag?: boolean): this;
222
+ isSkipAuthRetry(): boolean;
223
+ getBody(): unknown | undefined;
224
+ getHeaders(): Record<string, string>;
225
+ getQuery(): [string, string][];
226
+ }
227
+
228
+ interface RestResponse<T> {
229
+ body: T;
230
+ headers: Headers;
231
+ statusCode: number;
232
+ }
233
+
234
+ interface PresignedUrlPolicy {
235
+ allowedHosts: string[];
236
+ requireHttps: boolean;
237
+ blockRedirectParams: boolean;
238
+ rejectPrivateIps: boolean;
239
+ }
240
+ declare function defaultPresignedUrlPolicy(): PresignedUrlPolicy;
241
+ declare function validatePresignedUrl(url: string, policy: PresignedUrlPolicy): void;
242
+
243
+ interface RestClientConfig {
244
+ transport?: TransportFn;
245
+ retryPolicy?: RetryPolicy;
246
+ rateLimitPolicy?: RateLimitPolicy | null;
247
+ authManager?: AuthManager;
248
+ presignedUrlPolicy?: PresignedUrlPolicy;
249
+ }
250
+ declare class RestClient {
251
+ private readonly options;
252
+ private readonly routeBuilder;
253
+ private readonly transport;
254
+ private readonly retryPolicy;
255
+ private readonly rateLimitPolicy;
256
+ private readonly authManager?;
257
+ private readonly presignedUrlPolicy?;
258
+ constructor(options: ResolvedOptions, config?: RestClientConfig);
259
+ execute<T>(request: RestRequest): Promise<RestResponse<T>>;
260
+ executeRaw(request: RestRequest): Promise<RestResponse<ArrayBuffer>>;
261
+ private sendRequest;
262
+ private doRequest;
263
+ private buildUrl;
264
+ private ensureSuccess;
265
+ }
266
+
267
+ /**
268
+ * All KSeF API v2 route definitions.
269
+ *
270
+ * Static routes are plain string literals.
271
+ * Parameterized routes are arrow functions returning template-literal `as const`.
272
+ */
273
+ declare const Routes: {
274
+ readonly TestData: {
275
+ readonly createSubject: "testdata/subject";
276
+ readonly removeSubject: "testdata/subject/remove";
277
+ readonly createPerson: "testdata/person";
278
+ readonly removePerson: "testdata/person/remove";
279
+ readonly grantPerms: "testdata/permissions";
280
+ readonly revokePerms: "testdata/permissions/revoke";
281
+ readonly enableAttach: "testdata/attachment";
282
+ readonly disableAttach: "testdata/attachment/revoke";
283
+ readonly changeSessionLimitsInCurrentContext: "testdata/limits/context/session";
284
+ readonly restoreDefaultSessionLimitsInCurrentContext: "testdata/limits/context/session";
285
+ readonly changeCertificatesLimitInCurrentSubject: "testdata/limits/subject/certificate";
286
+ readonly restoreDefaultCertificatesLimitInCurrentSubject: "testdata/limits/subject/certificate";
287
+ readonly rateLimits: "testdata/rate-limits";
288
+ readonly productionRateLimits: "testdata/rate-limits/production";
289
+ readonly blockContext: "testdata/context/block";
290
+ readonly unblockContext: "testdata/context/unblock";
291
+ };
292
+ readonly Limits: {
293
+ readonly currentContext: "limits/context";
294
+ readonly currentSubject: "limits/subject";
295
+ readonly rateLimits: "rate-limits";
296
+ };
297
+ readonly ActiveSessions: {
298
+ readonly session: "auth/sessions";
299
+ readonly delete: (ref: string) => `auth/sessions/${string}`;
300
+ readonly currentSession: "auth/sessions/current";
301
+ };
302
+ readonly Authorization: {
303
+ readonly challenge: "auth/challenge";
304
+ readonly xadesSignature: "auth/xades-signature";
305
+ readonly ksefToken: "auth/ksef-token";
306
+ readonly status: (ref: string) => `auth/${string}`;
307
+ readonly Token: {
308
+ readonly redeem: "auth/token/redeem";
309
+ readonly refresh: "auth/token/refresh";
310
+ };
311
+ };
312
+ readonly Sessions: {
313
+ readonly root: "sessions";
314
+ readonly byReference: (ref: string) => `sessions/${string}`;
315
+ readonly invoices: (ref: string) => `sessions/${string}/invoices`;
316
+ readonly invoice: (ref: string, invoiceRef: string) => `sessions/${string}/invoices/${string}`;
317
+ readonly failedInvoices: (ref: string) => `sessions/${string}/invoices/failed`;
318
+ readonly upoByKsefNumber: (ref: string, ksefNumber: string) => `sessions/${string}/invoices/ksef/${string}/upo`;
319
+ readonly upoByInvoiceReference: (ref: string, invoiceRef: string) => `sessions/${string}/invoices/${string}/upo`;
320
+ readonly upo: (ref: string, upoRef: string) => `sessions/${string}/upo/${string}`;
321
+ readonly Online: {
322
+ readonly open: "sessions/online";
323
+ readonly invoices: (sessionRef: string) => `sessions/online/${string}/invoices`;
324
+ readonly close: (sessionRef: string) => `sessions/online/${string}/close`;
325
+ };
326
+ readonly Batch: {
327
+ readonly open: "sessions/batch";
328
+ readonly close: (batchRef: string) => `sessions/batch/${string}/close`;
329
+ };
330
+ };
331
+ readonly Invoices: {
332
+ readonly byKsefNumber: (ksefNumber: string) => `invoices/ksef/${string}`;
333
+ readonly queryMetadata: "invoices/query/metadata";
334
+ readonly exports: "invoices/exports";
335
+ readonly exportByReference: (ref: string) => `invoices/exports/${string}`;
336
+ };
337
+ readonly Permissions: {
338
+ readonly Grants: {
339
+ readonly persons: "permissions/persons/grants";
340
+ readonly entities: "permissions/entities/grants";
341
+ readonly authorizations: "permissions/authorizations/grants";
342
+ readonly indirect: "permissions/indirect/grants";
343
+ readonly subunits: "permissions/subunits/grants";
344
+ readonly euEntities: "permissions/eu-entities/administration/grants";
345
+ readonly euEntitiesRepresentatives: "permissions/eu-entities/grants";
346
+ };
347
+ readonly Common: {
348
+ readonly grantById: (id: string) => `permissions/common/grants/${string}`;
349
+ };
350
+ readonly Authorizations: {
351
+ readonly grantById: (id: string) => `permissions/authorizations/grants/${string}`;
352
+ };
353
+ readonly Query: {
354
+ readonly personalGrants: "permissions/query/personal/grants";
355
+ readonly personsGrants: "permissions/query/persons/grants";
356
+ readonly subunitsGrants: "permissions/query/subunits/grants";
357
+ readonly entitiesRoles: "permissions/query/entities/roles";
358
+ readonly entitiesGrants: "permissions/query/entities/grants";
359
+ readonly subordinateEntitiesRoles: "permissions/query/subordinate-entities/roles";
360
+ readonly authorizationsGrants: "permissions/query/authorizations/grants";
361
+ readonly euEntitiesGrants: "permissions/query/eu-entities/grants";
362
+ };
363
+ readonly Operations: {
364
+ readonly byReference: (ref: string) => `permissions/operations/${string}`;
365
+ };
366
+ readonly Attachments: {
367
+ readonly status: "permissions/attachments/status";
368
+ };
369
+ };
370
+ readonly Certificates: {
371
+ readonly limits: "certificates/limits";
372
+ readonly enrollmentData: "certificates/enrollments/data";
373
+ readonly enrollments: "certificates/enrollments";
374
+ readonly enrollmentStatus: (ref: string) => `certificates/enrollments/${string}`;
375
+ readonly retrieve: "certificates/retrieve";
376
+ readonly revoke: (serialNumber: string) => `certificates/${string}/revoke`;
377
+ readonly query: "certificates/query";
378
+ };
379
+ readonly Tokens: {
380
+ readonly root: "tokens";
381
+ readonly byReference: (ref: string) => `tokens/${string}`;
382
+ };
383
+ readonly Peppol: {
384
+ readonly query: "peppol/query";
385
+ };
386
+ readonly Security: {
387
+ readonly publicKeyCertificates: "security/public-key-certificates";
388
+ };
389
+ readonly Lighthouse: {
390
+ readonly status: "status";
391
+ readonly messages: "messages";
392
+ };
393
+ };
394
+
395
+ declare const Nip: RegExp;
396
+ declare const VatUe: RegExp;
397
+ declare const NipVatUe: RegExp;
398
+ declare const InternalId: RegExp;
399
+ declare const PeppolId: RegExp;
400
+ declare const ReferenceNumber: RegExp;
401
+ declare const KsefNumber: RegExp;
402
+ declare const KsefNumberV35: RegExp;
403
+ declare const KsefNumberV36: RegExp;
404
+ declare const CertificateName: RegExp;
405
+ declare const Pesel: RegExp;
406
+ declare const CertificateFingerprint: RegExp;
407
+ declare const Base64String: RegExp;
408
+ declare const Ip4Address: RegExp;
409
+ declare const Ip4Range: RegExp;
410
+ declare const Ip4Mask: RegExp;
411
+ declare const Sha256Base64: RegExp;
412
+ declare function isValidNip(value: string): boolean;
413
+ declare function isValidVatUe(value: string): boolean;
414
+ declare function isValidNipVatUe(value: string): boolean;
415
+ declare function isValidInternalId(value: string): boolean;
416
+ declare function isValidPeppolId(value: string): boolean;
417
+ declare function isValidReferenceNumber(value: string): boolean;
418
+ declare function isValidKsefNumber(value: string): boolean;
419
+ declare function isValidPesel(value: string): boolean;
420
+ declare function isValidCertificateName(value: string): boolean;
421
+ declare function isValidCertificateFingerprint(value: string): boolean;
422
+ declare function isValidBase64(value: string): boolean;
423
+ declare function isValidIp4Address(value: string): boolean;
424
+ declare function isValidSha256Base64(value: string): boolean;
425
+
426
+ declare const REQUIRED_CHALLENGE_LENGTH = 36;
427
+ declare const CERTIFICATE_NAME_MIN_LENGTH = 5;
428
+ declare const CERTIFICATE_NAME_MAX_LENGTH = 100;
429
+ declare const SUBUNIT_NAME_MIN_LENGTH = 5;
430
+ declare const SUBUNIT_NAME_MAX_LENGTH = 256;
431
+ declare const PERMISSION_DESCRIPTION_MIN_LENGTH = 5;
432
+ declare const PERMISSION_DESCRIPTION_MAX_LENGTH = 256;
433
+
434
+ interface OperationResponse {
435
+ referenceNumber: string;
436
+ }
437
+ interface OperationStatusInfo {
438
+ code: number;
439
+ description: string;
440
+ details?: string[];
441
+ }
442
+ interface TokenInfo {
443
+ token: string;
444
+ validUntil: string;
445
+ }
446
+ interface FormCode {
447
+ systemCode: string;
448
+ schemaVersion: string;
449
+ value: string;
450
+ }
451
+ interface EncryptionInfo {
452
+ encryptedSymmetricKey: string;
453
+ initializationVector: string;
454
+ }
455
+ interface FileMetadata {
456
+ hashSHA: string;
457
+ fileSize: number;
458
+ }
459
+ type ContextIdentifierType = 'Nip' | 'InternalId' | 'NipVatUe' | 'PeppolId';
460
+ interface ContextIdentifier {
461
+ type: ContextIdentifierType;
462
+ value: string;
463
+ }
464
+ type SessionType = 'Online' | 'Batch';
465
+ type SessionStatus = 'Succeeded' | 'InProgress' | 'Failed' | 'Cancelled';
466
+ type SortOrder = 'Asc' | 'Desc';
467
+ type InvoicingMode = 'Online' | 'Offline';
468
+ type PermissionSubjectIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
469
+
470
+ interface AuthChallengeResponse {
471
+ challenge: string;
472
+ timestamp: string;
473
+ timestampMs: number;
474
+ clientIp: string;
475
+ }
476
+ interface AuthenticationInitResponse {
477
+ referenceNumber: string;
478
+ authenticationToken: TokenInfo;
479
+ }
480
+ interface AuthenticationTokensResponse {
481
+ accessToken: TokenInfo;
482
+ refreshToken: TokenInfo;
483
+ }
484
+ interface AuthenticationTokenRefreshResponse {
485
+ accessToken: TokenInfo;
486
+ }
487
+ type AuthenticationMethodInfoCategory = 'XadesSignature' | 'NationalNode' | 'Token' | 'Other';
488
+ interface AuthenticationMethodInfo {
489
+ category: AuthenticationMethodInfoCategory;
490
+ code: string;
491
+ displayName: string;
492
+ }
493
+ interface AuthenticationOperationStatusResponse {
494
+ startDate: string;
495
+ authenticationMethodInfo: AuthenticationMethodInfo;
496
+ /** @deprecated Required by spec but deprecated. */
497
+ authenticationMethod?: AuthenticationMethod;
498
+ status: OperationStatusInfo;
499
+ isTokenRedeemed?: boolean;
500
+ lastTokenRefreshDate?: string;
501
+ refreshTokenValidUntil?: string;
502
+ }
503
+ /**
504
+ * Subject identifier type for the XAdES auth XML request.
505
+ * This is XML-specific (not in the REST OpenAPI spec).
506
+ * Known value: 'certificateSubject' (used with qualified signatures/seals).
507
+ */
508
+ type XadesSubjectIdentifierType = 'certificateSubject' | (string & {});
509
+ interface AllowedIps {
510
+ ip4Addresses?: string[];
511
+ ip4Ranges?: string[];
512
+ ip4Masks?: string[];
513
+ }
514
+ interface AuthorizationPolicy {
515
+ allowedIps?: AllowedIps;
516
+ }
517
+ interface AuthTokenRequest {
518
+ challenge: string;
519
+ contextIdentifier: ContextIdentifier;
520
+ subjectIdentifierType: XadesSubjectIdentifierType;
521
+ authorizationPolicy?: AuthorizationPolicy;
522
+ }
523
+ interface AuthKsefTokenRequest {
524
+ challenge: string;
525
+ contextIdentifier: ContextIdentifier;
526
+ encryptedToken: string;
527
+ authorizationPolicy?: AuthorizationPolicy;
528
+ }
529
+ type AuthenticationMethod = 'Token' | 'TrustedProfile' | 'InternalCertificate' | 'QualifiedSignature' | 'QualifiedSeal' | 'PersonalSignature' | 'PeppolSignature';
530
+
531
+ interface AuthSessionInfo {
532
+ startDate: string;
533
+ authenticationMethodInfo: AuthenticationMethodInfo;
534
+ /** @deprecated Required by spec but deprecated. */
535
+ authenticationMethod?: AuthenticationMethod;
536
+ status: OperationStatusInfo;
537
+ isTokenRedeemed?: boolean;
538
+ lastTokenRefreshDate?: string;
539
+ refreshTokenValidUntil?: string;
540
+ referenceNumber: string;
541
+ isCurrent: boolean;
542
+ }
543
+ interface AuthenticationListResponse {
544
+ continuationToken?: string;
545
+ items: AuthSessionInfo[];
546
+ }
547
+
548
+ interface OpenOnlineSessionRequest {
549
+ formCode: FormCode;
550
+ encryption: EncryptionInfo;
551
+ }
552
+ interface OpenOnlineSessionResponse {
553
+ referenceNumber: string;
554
+ validUntil: string;
555
+ }
556
+ interface SendInvoiceRequest {
557
+ invoiceHash: string;
558
+ invoiceSize: number;
559
+ encryptedInvoiceHash: string;
560
+ encryptedInvoiceSize: number;
561
+ encryptedInvoiceContent: string;
562
+ offlineMode?: boolean;
563
+ hashOfCorrectedInvoice?: string;
564
+ }
565
+ interface SendInvoiceResponse {
566
+ referenceNumber: string;
567
+ }
568
+
569
+ interface BatchFilePartInfo {
570
+ ordinalNumber: number;
571
+ fileSize: number;
572
+ fileHash: string;
573
+ }
574
+ interface BatchFileInfo {
575
+ fileSize: number;
576
+ fileHash: string;
577
+ fileParts: BatchFilePartInfo[];
578
+ }
579
+ interface OpenBatchSessionRequest {
580
+ formCode: FormCode;
581
+ batchFile: BatchFileInfo;
582
+ encryption: EncryptionInfo;
583
+ offlineMode?: boolean;
584
+ }
585
+ interface PartUploadRequest {
586
+ method: string;
587
+ ordinalNumber: number;
588
+ url: string;
589
+ headers: Record<string, string | null>;
590
+ }
591
+ interface OpenBatchSessionResponse {
592
+ referenceNumber: string;
593
+ partUploadRequests: PartUploadRequest[];
594
+ }
595
+ interface BatchPartSendingInfo {
596
+ data: ArrayBuffer;
597
+ metadata: FileMetadata;
598
+ ordinalNumber: number;
599
+ }
600
+
601
+ interface SessionsFilter {
602
+ referenceNumber?: string;
603
+ dateCreatedFrom?: string;
604
+ dateCreatedTo?: string;
605
+ dateClosedFrom?: string;
606
+ dateClosedTo?: string;
607
+ dateModifiedFrom?: string;
608
+ dateModifiedTo?: string;
609
+ statuses?: SessionStatus[];
610
+ }
611
+ interface SessionsQueryResponseItem {
612
+ referenceNumber: string;
613
+ status: OperationStatusInfo;
614
+ dateCreated: string;
615
+ dateUpdated: string;
616
+ validUntil?: string | null;
617
+ totalInvoiceCount: number;
618
+ successfulInvoiceCount: number;
619
+ failedInvoiceCount: number;
620
+ }
621
+ interface SessionsQueryResponse {
622
+ continuationToken?: string;
623
+ sessions: SessionsQueryResponseItem[];
624
+ }
625
+ interface UpoPage {
626
+ referenceNumber: string;
627
+ downloadUrl: string;
628
+ downloadUrlExpirationDate: string;
629
+ }
630
+ interface UpoResponse {
631
+ pages: UpoPage[];
632
+ }
633
+ interface SessionStatusResponse {
634
+ status: OperationStatusInfo;
635
+ upo?: UpoResponse;
636
+ invoiceCount?: number;
637
+ successfulInvoiceCount?: number;
638
+ failedInvoiceCount?: number;
639
+ validUntil?: string | null;
640
+ dateCreated: string;
641
+ dateUpdated: string;
642
+ }
643
+
644
+ interface InvoiceStatusInfo {
645
+ code: number;
646
+ description: string;
647
+ details?: string[];
648
+ extensions?: Record<string, string>;
649
+ }
650
+ interface SessionInvoiceStatusResponse {
651
+ ordinalNumber: number;
652
+ invoiceNumber?: string;
653
+ ksefNumber?: string;
654
+ referenceNumber: string;
655
+ invoiceHash: string;
656
+ invoiceFileName?: string;
657
+ acquisitionDate?: string;
658
+ invoicingDate: string;
659
+ permanentStorageDate?: string;
660
+ upoDownloadUrl?: string;
661
+ status: InvoiceStatusInfo;
662
+ invoicingMode?: InvoicingMode | null;
663
+ upoDownloadUrlExpirationDate?: string;
664
+ }
665
+ interface SessionInvoicesResponse {
666
+ continuationToken?: string;
667
+ invoices: SessionInvoiceStatusResponse[];
668
+ }
669
+ interface UpoResult {
670
+ upo: string;
671
+ hash?: string;
672
+ }
673
+
674
+ /**
675
+ * Invoice subject type — defines the taxpayer's role in the invoice.
676
+ * - `Subject1` — seller (invoices issued by us)
677
+ * - `Subject2` — buyer (invoices received by us)
678
+ * - `Subject3` — third party (e.g. intermediary)
679
+ * - `SubjectAuthorized` — authorized subject acting on behalf of seller/buyer
680
+ */
681
+ type InvoiceSubjectType = 'Subject1' | 'Subject2' | 'Subject3' | 'SubjectAuthorized';
682
+ type InvoiceQueryDateType = 'Issue' | 'Invoicing' | 'PermanentStorage';
683
+ type AmountType = 'Brutto' | 'Netto' | 'Vat';
684
+ type BuyerIdentifierType = 'Nip' | 'VatUe' | 'Other' | 'None';
685
+ type ThirdSubjectIdentifierType = 'Nip' | 'InternalId' | 'VatUe' | 'Other' | 'None';
686
+ type FormType = 'FA' | 'PEF' | 'RR';
687
+ type InvoiceType = 'Vat' | 'Zal' | 'Kor' | 'Roz' | 'Upr' | 'KorZal' | 'KorRoz' | 'VatPef' | 'VatPefSp' | 'KorPef' | 'VatRr' | 'KorVatRr';
688
+ interface InvoiceQueryDateRange {
689
+ dateType: InvoiceQueryDateType;
690
+ from: string;
691
+ to?: string;
692
+ restrictToPermanentStorageHwmDate?: boolean;
693
+ }
694
+ interface InvoiceQueryAmount {
695
+ type: AmountType;
696
+ from?: number;
697
+ to?: number;
698
+ }
699
+ interface InvoiceQueryBuyerIdentifier {
700
+ type: BuyerIdentifierType;
701
+ value?: string;
702
+ }
703
+ interface InvoiceQueryFilters {
704
+ subjectType: InvoiceSubjectType;
705
+ dateRange: InvoiceQueryDateRange;
706
+ ksefNumber?: string;
707
+ invoiceNumber?: string;
708
+ amount?: InvoiceQueryAmount;
709
+ sellerNip?: string;
710
+ buyerIdentifier?: InvoiceQueryBuyerIdentifier;
711
+ currencyCodes?: string[];
712
+ invoicingMode?: InvoicingMode;
713
+ isSelfInvoicing?: boolean;
714
+ formType?: FormType;
715
+ invoiceTypes?: InvoiceType[];
716
+ hasAttachment?: boolean;
717
+ }
718
+ interface InvoiceMetadataSeller {
719
+ nip: string;
720
+ name?: string;
721
+ }
722
+ interface InvoiceMetadataBuyerIdentifier {
723
+ type: BuyerIdentifierType;
724
+ value?: string;
725
+ }
726
+ interface InvoiceMetadataBuyer {
727
+ identifier: InvoiceMetadataBuyerIdentifier;
728
+ name?: string;
729
+ }
730
+ interface InvoiceMetadataThirdSubjectIdentifier {
731
+ type: ThirdSubjectIdentifierType;
732
+ value?: string | null;
733
+ }
734
+ interface InvoiceMetadataThirdSubject {
735
+ identifier: InvoiceMetadataThirdSubjectIdentifier;
736
+ name?: string | null;
737
+ role: number;
738
+ }
739
+ interface InvoiceMetadataAuthorizedSubject {
740
+ nip: string;
741
+ name?: string;
742
+ role: number;
743
+ }
744
+ interface InvoiceMetadata {
745
+ ksefNumber: string;
746
+ invoiceNumber: string;
747
+ issueDate: string;
748
+ invoicingDate: string;
749
+ acquisitionDate: string;
750
+ permanentStorageDate: string;
751
+ seller: InvoiceMetadataSeller;
752
+ buyer: InvoiceMetadataBuyer;
753
+ netAmount: number;
754
+ grossAmount: number;
755
+ vatAmount: number;
756
+ currency: string;
757
+ invoicingMode: InvoicingMode;
758
+ invoiceType: InvoiceType;
759
+ formCode: FormCode;
760
+ isSelfInvoicing: boolean;
761
+ hasAttachment: boolean;
762
+ invoiceHash: string;
763
+ hashOfCorrectedInvoice?: string;
764
+ thirdSubjects?: InvoiceMetadataThirdSubject[];
765
+ authorizedSubject?: InvoiceMetadataAuthorizedSubject;
766
+ }
767
+ interface QueryInvoicesMetadataResponse {
768
+ hasMore: boolean;
769
+ isTruncated: boolean;
770
+ invoices: InvoiceMetadata[];
771
+ permanentStorageHwmDate?: string;
772
+ }
773
+ interface InvoiceExportRequest {
774
+ encryption: EncryptionInfo;
775
+ filters: InvoiceQueryFilters;
776
+ }
777
+ interface InvoiceExportPackagePart {
778
+ ordinalNumber: number;
779
+ partName: string;
780
+ method: string;
781
+ url: string;
782
+ partSize: number;
783
+ partHash: string;
784
+ encryptedPartSize: number;
785
+ encryptedPartHash: string;
786
+ expirationDate: string;
787
+ }
788
+ interface InvoiceExportPackage {
789
+ invoiceCount: number;
790
+ size: number;
791
+ parts: InvoiceExportPackagePart[];
792
+ isTruncated: boolean;
793
+ lastIssueDate?: string;
794
+ lastInvoicingDate?: string;
795
+ lastPermanentStorageDate?: string;
796
+ permanentStorageHwmDate?: string;
797
+ }
798
+ interface InvoiceExportStatusResponse {
799
+ status: OperationStatusInfo;
800
+ completedDate?: string;
801
+ packageExpirationDate?: string;
802
+ package?: InvoiceExportPackage;
803
+ }
804
+
805
+ type PersonPermissionType = 'InvoiceRead' | 'InvoiceWrite' | 'CredentialsRead' | 'CredentialsManage' | 'EnforcementOperations' | 'SubunitManage' | 'Introspection';
806
+ type SubunitPermissionScope = 'CredentialsManage';
807
+ type EuEntityPermissionType = 'InvoiceRead' | 'InvoiceWrite';
808
+ type EntityPermissionItemType = 'InvoiceRead' | 'InvoiceWrite';
809
+ type IndirectPermissionType = 'InvoiceRead' | 'InvoiceWrite';
810
+ type PersonalPermissionScopeType = 'CredentialsManage' | 'CredentialsRead' | 'InvoiceWrite' | 'InvoiceRead' | 'Introspection' | 'SubunitManage' | 'EnforcementOperations' | 'VatUeManage';
811
+ type EuEntityPermissionsQueryPermissionType = 'VatUeManage' | 'InvoiceWrite' | 'InvoiceRead' | 'Introspection';
812
+ type InvoicePermissionType = 'SelfInvoicing' | 'TaxRepresentative' | 'RRInvoicing' | 'PefInvoicing';
813
+ type EntityAuthorizationPermissionType = 'SelfInvoicing' | 'TaxRepresentative' | 'RRInvoicing' | 'PefInvoicing';
814
+ type EntityRoleType = 'CourtBailiff' | 'EnforcementAuthority' | 'LocalGovernmentUnit' | 'LocalGovernmentSubUnit' | 'VatGroupUnit' | 'VatGroupSubUnit';
815
+ type SubordinateEntityRoleType = 'LocalGovernmentSubUnit' | 'VatGroupSubUnit';
816
+ type PermissionState = 'Active' | 'Inactive';
817
+ type PersonPermissionsQueryType = 'PermissionsInCurrentContext' | 'PermissionsGrantedInCurrentContext';
818
+ type EntityAuthorizationsQueryType = 'Granted' | 'Received';
819
+ type EntityAuthorizationPermissionsSubjectIdentifierType = 'Nip' | 'PeppolId';
820
+ type EuEntityAdministrationPermissionsSubjectIdentifierType = 'Fingerprint';
821
+ type EuEntityPermissionsSubjectIdentifierType = 'Fingerprint';
822
+ type SubunitPermissionsSubjectIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
823
+ type SubunitPermissionsContextIdentifierType = 'Nip' | 'InternalId';
824
+ type SubunitPermissionsSubunitIdentifierType = 'InternalId' | 'Nip';
825
+ type EuEntityAdministrationPermissionsContextIdentifierType = 'NipVatUe';
826
+ type IndirectPermissionsSubjectIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
827
+ type IndirectPermissionsTargetIdentifierType = 'Nip' | 'AllPartners' | 'InternalId';
828
+ type EntityPermissionsContextIdentifierType = 'Nip' | 'InternalId';
829
+ type PersonSubjectDetailsType = 'PersonByIdentifier' | 'PersonByFingerprintWithIdentifier' | 'PersonByFingerprintWithoutIdentifier';
830
+ type EuEntityPermissionSubjectDetailsType = 'PersonByFingerprintWithIdentifier' | 'PersonByFingerprintWithoutIdentifier' | 'EntityByFingerprint';
831
+ type PersonalPermissionsContextIdentifierType = 'Nip' | 'InternalId';
832
+ type PersonalPermissionsAuthorizedIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
833
+ type PersonalPermissionsTargetIdentifierType = 'Nip' | 'AllPartners' | 'InternalId';
834
+ type PersonPermissionsAuthorizedIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
835
+ type PersonPermissionsContextIdentifierType = 'Nip' | 'InternalId';
836
+ type PersonPermissionsTargetIdentifierType = 'Nip' | 'AllPartners' | 'InternalId';
837
+ type PersonPermissionsAuthorIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint' | 'System';
838
+ type SubunitPermissionsAuthorIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
839
+ type EntityRolesParentEntityIdentifierType = 'Nip';
840
+ type SubordinateRoleSubordinateEntityIdentifierType = 'Nip';
841
+ type EntityAuthorizationsAuthorIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
842
+ type EntityAuthorizationsAuthorizedEntityIdentifierType = 'Nip' | 'PeppolId';
843
+ type EntityAuthorizationsAuthorizingEntityIdentifierType = 'Nip';
844
+ type EuEntityPermissionsAuthorIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
845
+ type PersonIdentifierType = 'Pesel' | 'Nip';
846
+ type PersonSubjectByFingerprintDetailsType = 'PersonByFingerprintWithIdentifier' | 'PersonByFingerprintWithoutIdentifier';
847
+ type EntitySubjectByFingerprintDetailsType = 'EntityByFingerprint';
848
+ type EntitySubjectByIdentifierDetailsType = 'EntityByIdentifier';
849
+ type EntitySubjectDetailsType = 'EntityByIdentifier' | 'EntityByFingerprint';
850
+ interface PersonSubjectIdentifier {
851
+ type: PermissionSubjectIdentifierType;
852
+ value: string;
853
+ }
854
+ interface EntitySubjectIdentifier {
855
+ type: 'Nip';
856
+ value: string;
857
+ }
858
+ interface EntityAuthorizationSubjectIdentifier {
859
+ type: EntityAuthorizationPermissionsSubjectIdentifierType;
860
+ value: string;
861
+ }
862
+ interface IndirectPermissionsSubjectIdentifier {
863
+ type: IndirectPermissionsSubjectIdentifierType;
864
+ value: string;
865
+ }
866
+ interface IndirectPermissionsTargetIdentifier {
867
+ type: IndirectPermissionsTargetIdentifierType;
868
+ value?: string;
869
+ }
870
+ interface SubunitPermissionsSubjectIdentifier {
871
+ type: SubunitPermissionsSubjectIdentifierType;
872
+ value: string;
873
+ }
874
+ interface SubunitPermissionsContextIdentifier {
875
+ type: SubunitPermissionsContextIdentifierType;
876
+ value: string;
877
+ }
878
+ interface EuEntityAdministrationSubjectIdentifier {
879
+ type: EuEntityAdministrationPermissionsSubjectIdentifierType;
880
+ value: string;
881
+ }
882
+ interface EuEntityAdministrationContextIdentifier {
883
+ type: EuEntityAdministrationPermissionsContextIdentifierType;
884
+ value: string;
885
+ }
886
+ interface EuEntityPermissionsSubjectIdentifier {
887
+ type: EuEntityPermissionsSubjectIdentifierType;
888
+ value: string;
889
+ }
890
+ interface SubunitPermissionsSubunitIdentifier {
891
+ type: SubunitPermissionsSubunitIdentifierType;
892
+ value: string;
893
+ }
894
+ interface EntityPermissionsContextIdentifier {
895
+ type: EntityPermissionsContextIdentifierType;
896
+ value: string;
897
+ }
898
+ interface PersonalPermissionsContextIdentifier {
899
+ type: PersonalPermissionsContextIdentifierType;
900
+ value: string;
901
+ }
902
+ interface PersonalPermissionsAuthorizedIdentifier {
903
+ type: PersonalPermissionsAuthorizedIdentifierType;
904
+ value: string;
905
+ }
906
+ interface PersonalPermissionsTargetIdentifier {
907
+ type: PersonalPermissionsTargetIdentifierType;
908
+ value?: string | null;
909
+ }
910
+ interface PersonPermissionsAuthorizedIdentifier {
911
+ type: PersonPermissionsAuthorizedIdentifierType;
912
+ value: string;
913
+ }
914
+ interface PersonPermissionsContextIdentifier {
915
+ type: PersonPermissionsContextIdentifierType;
916
+ value: string;
917
+ }
918
+ interface PersonPermissionsTargetIdentifier {
919
+ type: PersonPermissionsTargetIdentifierType;
920
+ value?: string | null;
921
+ }
922
+ interface PersonPermissionsAuthorIdentifier {
923
+ type: PersonPermissionsAuthorIdentifierType;
924
+ value?: string | null;
925
+ }
926
+ interface SubunitPermissionsAuthorizedIdentifier {
927
+ type: SubunitPermissionsSubjectIdentifierType;
928
+ value: string;
929
+ }
930
+ interface SubunitPermissionsAuthorIdentifier {
931
+ type: SubunitPermissionsAuthorIdentifierType;
932
+ value: string;
933
+ }
934
+ interface EntityRolesParentEntityIdentifier {
935
+ type: EntityRolesParentEntityIdentifierType;
936
+ value: string;
937
+ }
938
+ interface SubordinateRoleSubordinateEntityIdentifier {
939
+ type: SubordinateRoleSubordinateEntityIdentifierType;
940
+ value: string;
941
+ }
942
+ interface EntityAuthorizationsAuthorIdentifier {
943
+ type: EntityAuthorizationsAuthorIdentifierType;
944
+ value: string;
945
+ }
946
+ interface EntityAuthorizationsAuthorizedEntityIdentifier {
947
+ type: EntityAuthorizationsAuthorizedEntityIdentifierType;
948
+ value: string;
949
+ }
950
+ interface EntityAuthorizationsAuthorizingEntityIdentifier {
951
+ type: EntityAuthorizationsAuthorizingEntityIdentifierType;
952
+ value: string;
953
+ }
954
+ interface EuEntityPermissionsAuthorIdentifier {
955
+ type: EuEntityPermissionsAuthorIdentifierType;
956
+ value: string;
957
+ }
958
+ interface PersonIdentifier {
959
+ type: PersonIdentifierType;
960
+ value: string;
961
+ }
962
+ interface PersonByIdentifierDetails {
963
+ firstName: string;
964
+ lastName: string;
965
+ }
966
+ interface PersonByFingerprintWithIdentifierDetails {
967
+ firstName: string;
968
+ lastName: string;
969
+ identifier: PersonIdentifier;
970
+ }
971
+ interface PersonByFingerprintWithoutIdentifierDetails {
972
+ firstName: string;
973
+ lastName: string;
974
+ birthDate: string;
975
+ idDocument: IdDocument;
976
+ }
977
+ interface IdDocument {
978
+ type: string;
979
+ number: string;
980
+ country: string;
981
+ }
982
+ interface PersonPermissionSubjectDetails {
983
+ subjectDetailsType: PersonSubjectDetailsType;
984
+ personById?: PersonByIdentifierDetails;
985
+ personByFpWithId?: PersonByFingerprintWithIdentifierDetails;
986
+ personByFpNoId?: PersonByFingerprintWithoutIdentifierDetails;
987
+ }
988
+ interface EntityDetails {
989
+ fullName: string;
990
+ }
991
+ interface EntityByFingerprintDetails {
992
+ fullName: string;
993
+ address: string;
994
+ }
995
+ interface EuEntityDetails {
996
+ fullName: string;
997
+ address: string;
998
+ }
999
+ interface EuEntityPermissionSubjectDetails {
1000
+ subjectDetailsType: EuEntityPermissionSubjectDetailsType;
1001
+ personByFpWithId?: PersonByFingerprintWithIdentifierDetails;
1002
+ personByFpNoId?: PersonByFingerprintWithoutIdentifierDetails;
1003
+ entityByFp?: EntityByFingerprintDetails;
1004
+ }
1005
+ interface PermissionsSubjectPersonDetails {
1006
+ subjectDetailsType: PersonSubjectDetailsType;
1007
+ firstName: string;
1008
+ lastName: string;
1009
+ personIdentifier?: PersonIdentifier | null;
1010
+ birthDate?: string | null;
1011
+ idDocument?: IdDocument | null;
1012
+ }
1013
+ interface PermissionsSubjectPersonByFingerprintDetails {
1014
+ subjectDetailsType: PersonSubjectByFingerprintDetailsType;
1015
+ firstName: string;
1016
+ lastName: string;
1017
+ personIdentifier?: PersonIdentifier | null;
1018
+ birthDate?: string | null;
1019
+ idDocument?: IdDocument | null;
1020
+ }
1021
+ interface PermissionsSubjectEntityDetails {
1022
+ subjectDetailsType: EntitySubjectDetailsType;
1023
+ fullName: string;
1024
+ address?: string | null;
1025
+ }
1026
+ interface PermissionsSubjectEntityByFingerprintDetails {
1027
+ subjectDetailsType: EntitySubjectByFingerprintDetailsType;
1028
+ fullName: string;
1029
+ address?: string | null;
1030
+ }
1031
+ interface PermissionsSubjectEntityByIdentifierDetails {
1032
+ subjectDetailsType: EntitySubjectByIdentifierDetailsType;
1033
+ fullName: string;
1034
+ }
1035
+ interface PermissionsEuEntityDetails {
1036
+ fullName: string;
1037
+ address: string;
1038
+ }
1039
+ interface PermissionWithDelegate<T extends string> {
1040
+ permission: T;
1041
+ canDelegate: boolean;
1042
+ }
1043
+ interface EntityPermission {
1044
+ type: EntityPermissionItemType;
1045
+ canDelegate?: boolean;
1046
+ }
1047
+ interface GrantPermissionsPersonRequest {
1048
+ subjectIdentifier: PersonSubjectIdentifier;
1049
+ permissions: PersonPermissionType[];
1050
+ description: string;
1051
+ subjectDetails: PersonPermissionSubjectDetails;
1052
+ }
1053
+ interface GrantPermissionsEntityRequest {
1054
+ subjectIdentifier: EntitySubjectIdentifier;
1055
+ permissions: EntityPermission[];
1056
+ description: string;
1057
+ subjectDetails: EntityDetails;
1058
+ }
1059
+ interface GrantPermissionsAuthorizationRequest {
1060
+ subjectIdentifier: EntityAuthorizationSubjectIdentifier;
1061
+ permission: EntityAuthorizationPermissionType;
1062
+ description: string;
1063
+ subjectDetails: EntityDetails;
1064
+ }
1065
+ interface GrantPermissionsIndirectRequest {
1066
+ subjectIdentifier: IndirectPermissionsSubjectIdentifier;
1067
+ targetIdentifier?: IndirectPermissionsTargetIdentifier;
1068
+ permissions: IndirectPermissionType[];
1069
+ description: string;
1070
+ subjectDetails: PersonPermissionSubjectDetails;
1071
+ }
1072
+ interface GrantPermissionsSubunitRequest {
1073
+ subjectIdentifier: SubunitPermissionsSubjectIdentifier;
1074
+ contextIdentifier: SubunitPermissionsContextIdentifier;
1075
+ description: string;
1076
+ subunitName?: string;
1077
+ subjectDetails: PersonPermissionSubjectDetails;
1078
+ }
1079
+ interface GrantPermissionsEuEntityAdminRequest {
1080
+ subjectIdentifier: EuEntityAdministrationSubjectIdentifier;
1081
+ contextIdentifier: EuEntityAdministrationContextIdentifier;
1082
+ description: string;
1083
+ euEntityName: string;
1084
+ subjectDetails: EuEntityPermissionSubjectDetails;
1085
+ euEntityDetails: EuEntityDetails;
1086
+ }
1087
+ interface GrantPermissionsEuEntityRepresentativeRequest {
1088
+ subjectIdentifier: EuEntityPermissionsSubjectIdentifier;
1089
+ permissions: EuEntityPermissionType[];
1090
+ description: string;
1091
+ subjectDetails: EuEntityPermissionSubjectDetails;
1092
+ }
1093
+ /** @deprecated Use GrantPermissionsEuEntityAdminRequest instead */
1094
+ type GrantPermissionsEuEntityRequest = GrantPermissionsEuEntityAdminRequest;
1095
+ interface QueryPersonalGrantsRequest {
1096
+ contextIdentifier?: EntityPermissionsContextIdentifier;
1097
+ targetIdentifier?: IndirectPermissionsTargetIdentifier;
1098
+ permissionTypes?: PersonalPermissionScopeType[];
1099
+ permissionState?: PermissionState;
1100
+ }
1101
+ interface QueryPersonsGrantsRequest {
1102
+ queryType: PersonPermissionsQueryType;
1103
+ authorIdentifier?: PersonPermissionsAuthorIdentifier;
1104
+ authorizedIdentifier?: PersonSubjectIdentifier;
1105
+ contextIdentifier?: EntityPermissionsContextIdentifier;
1106
+ targetIdentifier?: IndirectPermissionsTargetIdentifier;
1107
+ permissionTypes?: PersonPermissionType[];
1108
+ permissionState?: PermissionState;
1109
+ }
1110
+ interface QuerySubunitsGrantsRequest {
1111
+ subunitIdentifier?: SubunitPermissionsSubunitIdentifier;
1112
+ }
1113
+ interface QueryEntitiesRolesRequest {
1114
+ pageOffset?: number;
1115
+ pageSize?: number;
1116
+ }
1117
+ interface QueryEntitiesGrantsRequest {
1118
+ contextIdentifier?: EntityPermissionsContextIdentifier;
1119
+ }
1120
+ interface QuerySubordinateEntitiesRolesRequest {
1121
+ subordinateEntityIdentifier?: {
1122
+ type: 'Nip';
1123
+ value: string;
1124
+ };
1125
+ }
1126
+ interface QueryAuthorizationsGrantsRequest {
1127
+ queryType: EntityAuthorizationsQueryType;
1128
+ authorizingIdentifier?: EntityAuthorizationsAuthorizingEntityIdentifier;
1129
+ authorizedIdentifier?: EntityAuthorizationSubjectIdentifier;
1130
+ permissionTypes?: InvoicePermissionType[];
1131
+ }
1132
+ interface QueryEuEntitiesGrantsRequest {
1133
+ vatUeIdentifier?: string;
1134
+ authorizedFingerprintIdentifier?: string;
1135
+ permissionTypes?: EuEntityPermissionsQueryPermissionType[];
1136
+ }
1137
+ interface PersonalPermission {
1138
+ id: string;
1139
+ contextIdentifier?: PersonalPermissionsContextIdentifier | null;
1140
+ authorizedIdentifier?: PersonalPermissionsAuthorizedIdentifier | null;
1141
+ targetIdentifier?: PersonalPermissionsTargetIdentifier | null;
1142
+ permissionScope: PersonalPermissionScopeType;
1143
+ subjectPersonDetails?: PermissionsSubjectPersonDetails | null;
1144
+ subjectEntityDetails?: PermissionsSubjectEntityDetails | null;
1145
+ permissionState: PermissionState;
1146
+ startDate: string;
1147
+ canDelegate: boolean;
1148
+ description: string;
1149
+ }
1150
+ interface PersonPermission {
1151
+ id: string;
1152
+ authorizedIdentifier: PersonPermissionsAuthorizedIdentifier;
1153
+ contextIdentifier?: PersonPermissionsContextIdentifier | null;
1154
+ targetIdentifier?: PersonPermissionsTargetIdentifier | null;
1155
+ authorIdentifier: PersonPermissionsAuthorIdentifier;
1156
+ permissionScope: PersonPermissionType;
1157
+ subjectPersonDetails?: PermissionsSubjectPersonDetails | null;
1158
+ subjectEntityDetails?: PermissionsSubjectEntityDetails | null;
1159
+ permissionState: PermissionState;
1160
+ startDate: string;
1161
+ canDelegate: boolean;
1162
+ description: string;
1163
+ }
1164
+ interface SubunitPermission {
1165
+ id: string;
1166
+ authorizedIdentifier: SubunitPermissionsAuthorizedIdentifier;
1167
+ subunitIdentifier: SubunitPermissionsSubunitIdentifier;
1168
+ authorIdentifier: SubunitPermissionsAuthorIdentifier;
1169
+ permissionScope: SubunitPermissionScope;
1170
+ subjectPersonDetails?: PermissionsSubjectPersonDetails | null;
1171
+ subunitName?: string | null;
1172
+ startDate: string;
1173
+ description: string;
1174
+ }
1175
+ interface EntityRole {
1176
+ parentEntityIdentifier?: EntityRolesParentEntityIdentifier | null;
1177
+ role: EntityRoleType;
1178
+ startDate: string;
1179
+ description: string;
1180
+ }
1181
+ interface SubordinateEntityRole {
1182
+ subordinateEntityIdentifier: SubordinateRoleSubordinateEntityIdentifier;
1183
+ role: SubordinateEntityRoleType;
1184
+ startDate: string;
1185
+ description: string;
1186
+ }
1187
+ interface EntityAuthorizationGrant {
1188
+ id: string;
1189
+ authorIdentifier?: EntityAuthorizationsAuthorIdentifier | null;
1190
+ authorizedEntityIdentifier: EntityAuthorizationsAuthorizedEntityIdentifier;
1191
+ authorizingEntityIdentifier: EntityAuthorizationsAuthorizingEntityIdentifier;
1192
+ authorizationScope: InvoicePermissionType;
1193
+ subjectEntityDetails?: PermissionsSubjectEntityByIdentifierDetails | null;
1194
+ startDate: string;
1195
+ description: string;
1196
+ }
1197
+ /** @deprecated Use EntityAuthorizationGrant instead */
1198
+ type AuthorizationGrant = EntityAuthorizationGrant;
1199
+ interface EuEntityPermission {
1200
+ id: string;
1201
+ authorIdentifier: EuEntityPermissionsAuthorIdentifier;
1202
+ vatUeIdentifier: string;
1203
+ euEntityName: string;
1204
+ authorizedFingerprintIdentifier: string;
1205
+ permissionScope: EuEntityPermissionsQueryPermissionType;
1206
+ subjectPersonDetails?: PermissionsSubjectPersonByFingerprintDetails | null;
1207
+ subjectEntityDetails?: PermissionsSubjectEntityByFingerprintDetails | null;
1208
+ euEntityDetails?: PermissionsEuEntityDetails | null;
1209
+ startDate: string;
1210
+ description: string;
1211
+ }
1212
+ interface EntityPermissionItem {
1213
+ id: string;
1214
+ contextIdentifier: EntityPermissionsContextIdentifier;
1215
+ permissionScope: EntityPermissionItemType;
1216
+ startDate: string;
1217
+ canDelegate: boolean;
1218
+ description: string;
1219
+ }
1220
+ interface PagedPermissionsResponse<T> {
1221
+ hasMore: boolean;
1222
+ permissions: T[];
1223
+ }
1224
+ interface PagedRolesResponse<T> {
1225
+ hasMore: boolean;
1226
+ roles: T[];
1227
+ }
1228
+ interface PagedAuthorizationsResponse<T> {
1229
+ hasMore: boolean;
1230
+ authorizationGrants: T[];
1231
+ }
1232
+ interface PermissionsOperationStatusResponse {
1233
+ status: OperationStatusInfo;
1234
+ }
1235
+ interface PermissionsAttachmentAllowedResponse {
1236
+ isAttachmentAllowed?: boolean;
1237
+ revokedDate?: string | null;
1238
+ }
1239
+
1240
+ type KsefTokenPermissionType = 'InvoiceRead' | 'InvoiceWrite' | 'CredentialsRead' | 'CredentialsManage' | 'EnforcementOperations' | 'SubunitManage' | 'Introspection';
1241
+ type KsefTokenStatus = 'Pending' | 'Active' | 'Revoking' | 'Revoked' | 'Failed';
1242
+ interface KsefTokenRequest {
1243
+ description: string;
1244
+ permissions: KsefTokenPermissionType[];
1245
+ }
1246
+ interface KsefTokenResponse {
1247
+ referenceNumber: string;
1248
+ token: string;
1249
+ }
1250
+ interface AuthenticationKsefToken {
1251
+ referenceNumber: string;
1252
+ authorIdentifier: TokenAuthorIdentifier;
1253
+ contextIdentifier: TokenContextIdentifier;
1254
+ description: string;
1255
+ requestedPermissions: KsefTokenPermissionType[];
1256
+ dateCreated: string;
1257
+ lastUseDate?: string | null;
1258
+ status: KsefTokenStatus;
1259
+ statusDetails?: string[] | null;
1260
+ }
1261
+ type QueryTokensResponseItem = AuthenticationKsefToken;
1262
+ type TokenStatusResponse = AuthenticationKsefToken;
1263
+ type TokenAuthorIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
1264
+ type TokenContextIdentifierType = 'Nip' | 'InternalId' | 'NipVatUe' | 'PeppolId';
1265
+ interface TokenAuthorIdentifier {
1266
+ type: TokenAuthorIdentifierType;
1267
+ value: string;
1268
+ }
1269
+ interface TokenContextIdentifier {
1270
+ type: TokenContextIdentifierType;
1271
+ value: string;
1272
+ }
1273
+ interface QueryKsefTokensOptions {
1274
+ continuationToken?: string;
1275
+ pageSize?: number;
1276
+ status?: KsefTokenStatus[];
1277
+ description?: string;
1278
+ authorIdentifier?: string;
1279
+ authorIdentifierType?: TokenAuthorIdentifierType;
1280
+ }
1281
+ interface QueryKsefTokensResponse {
1282
+ continuationToken?: string | null;
1283
+ tokens: QueryTokensResponseItem[];
1284
+ }
1285
+
1286
+ type CertificateType = 'Authentication' | 'Offline';
1287
+ type CertificateStatus = 'Active' | 'Blocked' | 'Revoked' | 'Expired';
1288
+ type CertificateSubjectIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
1289
+ interface CertificateLimit {
1290
+ limit: number;
1291
+ remaining: number;
1292
+ }
1293
+ interface CertificateLimitsResponse {
1294
+ canRequest: boolean;
1295
+ enrollment: CertificateLimit;
1296
+ certificate: CertificateLimit;
1297
+ }
1298
+ interface CertificateEnrollmentDataResponse {
1299
+ commonName: string;
1300
+ countryName: string;
1301
+ givenName?: string;
1302
+ surname?: string;
1303
+ serialNumber?: string;
1304
+ uniqueIdentifier?: string;
1305
+ organizationName?: string;
1306
+ organizationIdentifier?: string;
1307
+ }
1308
+ interface EnrollCertificateRequest {
1309
+ certificateName: string;
1310
+ certificateType: CertificateType;
1311
+ csr: string;
1312
+ validFrom?: string;
1313
+ }
1314
+ interface EnrollCertificateResponse {
1315
+ referenceNumber: string;
1316
+ timestamp: string;
1317
+ }
1318
+ interface StatusInfo {
1319
+ code: number;
1320
+ description: string;
1321
+ details?: string[];
1322
+ }
1323
+ interface CertificateEnrollmentStatusResponse {
1324
+ requestDate: string;
1325
+ status: StatusInfo;
1326
+ certificateSerialNumber?: string;
1327
+ }
1328
+ interface RetrieveCertificatesRequest {
1329
+ certificateSerialNumbers: string[];
1330
+ }
1331
+ interface RetrieveCertificatesListItem {
1332
+ certificate: string;
1333
+ certificateName: string;
1334
+ certificateSerialNumber: string;
1335
+ certificateType: CertificateType;
1336
+ }
1337
+ interface RetrieveCertificatesResponse {
1338
+ certificates: RetrieveCertificatesListItem[];
1339
+ }
1340
+ interface QueryCertificatesRequest {
1341
+ certificateSerialNumber?: string;
1342
+ name?: string;
1343
+ type?: CertificateType;
1344
+ status?: CertificateStatus;
1345
+ expiresAfter?: string;
1346
+ }
1347
+ interface CertificateSubjectIdentifier {
1348
+ type: CertificateSubjectIdentifierType;
1349
+ value: string;
1350
+ }
1351
+ interface CertificateListItem {
1352
+ certificateSerialNumber: string;
1353
+ name: string;
1354
+ type: CertificateType;
1355
+ commonName: string;
1356
+ status: CertificateStatus;
1357
+ subjectIdentifier: CertificateSubjectIdentifier;
1358
+ validFrom: string;
1359
+ validTo: string;
1360
+ lastUseDate?: string;
1361
+ requestDate: string;
1362
+ }
1363
+ interface QueryCertificatesResponse {
1364
+ certificates: CertificateListItem[];
1365
+ hasMore: boolean;
1366
+ }
1367
+ interface RevokeCertificateRequest {
1368
+ revocationReason?: CertificateRevocationReason | null;
1369
+ }
1370
+ type CertificateRevocationReason = 'Unspecified' | 'Superseded' | 'KeyCompromise';
1371
+
1372
+ type KsefSystemStatus = 'AVAILABLE' | 'MAINTENANCE' | 'FAILURE' | 'TOTAL_FAILURE';
1373
+ interface LighthouseMessage {
1374
+ id: string;
1375
+ eventId: string;
1376
+ category: string;
1377
+ type: string;
1378
+ title: string;
1379
+ text: string;
1380
+ start: string;
1381
+ end?: string;
1382
+ version: number;
1383
+ published: string;
1384
+ }
1385
+ interface KsefStatusResponse {
1386
+ status: KsefSystemStatus;
1387
+ timestamp: string;
1388
+ }
1389
+ interface KsefMessagesResponse {
1390
+ messages: LighthouseMessage[];
1391
+ }
1392
+
1393
+ interface EffectiveApiRateLimitValues {
1394
+ perSecond: number;
1395
+ perMinute: number;
1396
+ perHour: number;
1397
+ }
1398
+ interface EffectiveApiRateLimits {
1399
+ onlineSession: EffectiveApiRateLimitValues;
1400
+ batchSession: EffectiveApiRateLimitValues;
1401
+ invoiceSend: EffectiveApiRateLimitValues;
1402
+ invoiceStatus: EffectiveApiRateLimitValues;
1403
+ sessionList: EffectiveApiRateLimitValues;
1404
+ sessionInvoiceList: EffectiveApiRateLimitValues;
1405
+ sessionMisc: EffectiveApiRateLimitValues;
1406
+ invoiceMetadata: EffectiveApiRateLimitValues;
1407
+ invoiceExport: EffectiveApiRateLimitValues;
1408
+ invoiceExportStatus: EffectiveApiRateLimitValues;
1409
+ invoiceDownload: EffectiveApiRateLimitValues;
1410
+ other: EffectiveApiRateLimitValues;
1411
+ }
1412
+ interface OnlineSessionEffectiveContextLimits {
1413
+ maxInvoiceSizeInMB: number;
1414
+ maxInvoiceWithAttachmentSizeInMB: number;
1415
+ maxInvoices: number;
1416
+ }
1417
+ interface BatchSessionEffectiveContextLimits {
1418
+ maxInvoiceSizeInMB: number;
1419
+ maxInvoiceWithAttachmentSizeInMB: number;
1420
+ maxInvoices: number;
1421
+ }
1422
+ interface EffectiveContextLimits {
1423
+ onlineSession: OnlineSessionEffectiveContextLimits;
1424
+ batchSession: BatchSessionEffectiveContextLimits;
1425
+ }
1426
+ interface EnrollmentEffectiveSubjectLimits {
1427
+ maxEnrollments?: number;
1428
+ }
1429
+ interface CertificateEffectiveSubjectLimits {
1430
+ maxCertificates?: number;
1431
+ }
1432
+ interface EffectiveSubjectLimits {
1433
+ enrollment?: EnrollmentEffectiveSubjectLimits | null;
1434
+ certificate?: CertificateEffectiveSubjectLimits | null;
1435
+ }
1436
+
1437
+ interface ApiRateLimitValuesOverride {
1438
+ perSecond: number;
1439
+ perMinute: number;
1440
+ perHour: number;
1441
+ }
1442
+ interface ApiRateLimitsOverride {
1443
+ onlineSession: ApiRateLimitValuesOverride;
1444
+ batchSession: ApiRateLimitValuesOverride;
1445
+ invoiceSend: ApiRateLimitValuesOverride;
1446
+ invoiceStatus: ApiRateLimitValuesOverride;
1447
+ sessionList: ApiRateLimitValuesOverride;
1448
+ sessionInvoiceList: ApiRateLimitValuesOverride;
1449
+ sessionMisc: ApiRateLimitValuesOverride;
1450
+ invoiceMetadata: ApiRateLimitValuesOverride;
1451
+ invoiceExport: ApiRateLimitValuesOverride;
1452
+ invoiceExportStatus: ApiRateLimitValuesOverride;
1453
+ invoiceDownload: ApiRateLimitValuesOverride;
1454
+ other: ApiRateLimitValuesOverride;
1455
+ }
1456
+ interface OnlineSessionContextLimitsOverride {
1457
+ maxInvoiceSizeInMB: number;
1458
+ maxInvoiceWithAttachmentSizeInMB: number;
1459
+ maxInvoices: number;
1460
+ }
1461
+ interface BatchSessionContextLimitsOverride {
1462
+ maxInvoiceSizeInMB: number;
1463
+ maxInvoiceWithAttachmentSizeInMB: number;
1464
+ maxInvoices: number;
1465
+ }
1466
+ interface SetSessionLimitsRequest {
1467
+ onlineSession: OnlineSessionContextLimitsOverride;
1468
+ batchSession: BatchSessionContextLimitsOverride;
1469
+ }
1470
+ interface EnrollmentSubjectLimitsOverride {
1471
+ maxEnrollments?: number | null;
1472
+ }
1473
+ interface CertificateSubjectLimitsOverride {
1474
+ maxCertificates?: number | null;
1475
+ }
1476
+ interface SetSubjectLimitsRequest {
1477
+ subjectIdentifierType?: PermissionSubjectIdentifierType;
1478
+ enrollment?: EnrollmentSubjectLimitsOverride | null;
1479
+ certificate?: CertificateSubjectLimitsOverride | null;
1480
+ }
1481
+ interface SetRateLimitsRequest {
1482
+ rateLimits: ApiRateLimitsOverride;
1483
+ }
1484
+
1485
+ interface PeppolProvider {
1486
+ id: string;
1487
+ name: string;
1488
+ dateCreated: string;
1489
+ }
1490
+ interface QueryPeppolProvidersResponse {
1491
+ peppolProviders: PeppolProvider[];
1492
+ hasMore: boolean;
1493
+ }
1494
+
1495
+ type SubjectType = 'EnforcementAuthority' | 'VatGroup' | 'JST';
1496
+ type TestDataContextIdentifierType = 'Nip';
1497
+ interface TestDataContextIdentifier {
1498
+ type: TestDataContextIdentifierType;
1499
+ value: string;
1500
+ }
1501
+ type TestDataAuthorizedIdentifierType = 'Nip' | 'Pesel' | 'Fingerprint';
1502
+ interface TestDataAuthorizedIdentifier {
1503
+ type: TestDataAuthorizedIdentifierType;
1504
+ value: string;
1505
+ }
1506
+ type TestDataPermissionType = 'InvoiceRead' | 'InvoiceWrite' | 'CredentialsRead' | 'CredentialsManage' | 'EnforcementOperations' | 'SubunitManage' | 'Introspection';
1507
+ interface TestDataPermission {
1508
+ permissionType: TestDataPermissionType;
1509
+ description: string;
1510
+ }
1511
+ type TestDataAuthenticationContextIdentifierType = 'Nip' | 'InternalId' | 'NipVatUe' | 'PeppolId';
1512
+ interface TestDataAuthenticationContextIdentifier {
1513
+ type: TestDataAuthenticationContextIdentifierType;
1514
+ value: string;
1515
+ }
1516
+ interface Subunit {
1517
+ subjectNip: string;
1518
+ description: string;
1519
+ }
1520
+ interface SubjectCreateRequest {
1521
+ subjectNip: string;
1522
+ subjectType: SubjectType;
1523
+ description: string;
1524
+ subunits?: Subunit[] | null;
1525
+ createdDate?: string | null;
1526
+ }
1527
+ interface SubjectRemoveRequest {
1528
+ subjectNip: string;
1529
+ }
1530
+ interface PersonCreateRequest {
1531
+ nip: string;
1532
+ pesel: string;
1533
+ isBailiff: boolean;
1534
+ description: string;
1535
+ isDeceased?: boolean;
1536
+ createdDate?: string | null;
1537
+ }
1538
+ interface PersonRemoveRequest {
1539
+ nip: string;
1540
+ }
1541
+ interface TestDataPermissionsGrantRequest {
1542
+ contextIdentifier: TestDataContextIdentifier;
1543
+ authorizedIdentifier: TestDataAuthorizedIdentifier;
1544
+ permissions: TestDataPermission[];
1545
+ }
1546
+ interface TestDataPermissionsRevokeRequest {
1547
+ contextIdentifier: TestDataContextIdentifier;
1548
+ authorizedIdentifier: TestDataAuthorizedIdentifier;
1549
+ }
1550
+ interface AttachmentPermissionGrantRequest {
1551
+ nip: string;
1552
+ }
1553
+ interface AttachmentPermissionRevokeRequest {
1554
+ nip: string;
1555
+ expectedEndDate?: string | null;
1556
+ }
1557
+ interface BlockContextAuthenticationRequest {
1558
+ contextIdentifier?: TestDataAuthenticationContextIdentifier | null;
1559
+ }
1560
+ interface UnblockContextAuthenticationRequest {
1561
+ contextIdentifier?: TestDataAuthenticationContextIdentifier | null;
1562
+ }
1563
+ interface TestDataStatusResponse {
1564
+ code: number;
1565
+ description: string;
1566
+ }
1567
+
1568
+ type PublicKeyCertificateUsage = 'KsefTokenEncryption' | 'SymmetricKeyEncryption';
1569
+ interface PublicKeyCertificate {
1570
+ certificate: string;
1571
+ validFrom: string;
1572
+ validTo: string;
1573
+ usage: PublicKeyCertificateUsage[];
1574
+ }
1575
+ interface EncryptionData {
1576
+ cipherKey: Uint8Array;
1577
+ cipherIv: Uint8Array;
1578
+ encryptionInfo: EncryptionInfo;
1579
+ }
1580
+ interface CsrResult {
1581
+ csrDer: Uint8Array;
1582
+ privateKeyPem: string;
1583
+ }
1584
+ interface SelfSignedCertificateResult {
1585
+ certificatePem: string;
1586
+ privateKeyPem: string;
1587
+ fingerprint: string;
1588
+ }
1589
+ interface X500NameFields {
1590
+ commonName?: string;
1591
+ givenName?: string;
1592
+ surname?: string;
1593
+ serialNumber?: string;
1594
+ organizationName?: string;
1595
+ organizationIdentifier?: string;
1596
+ uniqueIdentifier?: string;
1597
+ countryCode?: string;
1598
+ }
1599
+ type CryptoEncryptionMethod = 'RSA' | 'ECDSA';
1600
+
1601
+ type QRCodeContextIdentifierType = 'Nip' | 'InternalId' | 'NipVatUe' | 'PeppolId';
1602
+ interface QrCodeResult {
1603
+ url: string;
1604
+ qrCode: string;
1605
+ }
1606
+ interface QrCodeOptions {
1607
+ width?: number;
1608
+ margin?: number;
1609
+ errorCorrectionLevel?: 'L' | 'M' | 'Q' | 'H';
1610
+ }
1611
+
1612
+ declare class AuthService {
1613
+ private readonly restClient;
1614
+ constructor(restClient: RestClient);
1615
+ getChallenge(): Promise<AuthChallengeResponse>;
1616
+ submitXadesAuthRequest(signedXml: string, verifyCertificateChain?: boolean): Promise<AuthenticationInitResponse>;
1617
+ submitKsefTokenAuthRequest(payload: AuthKsefTokenRequest): Promise<AuthenticationInitResponse>;
1618
+ getAuthStatus(referenceNumber: string, authToken: string): Promise<AuthenticationOperationStatusResponse>;
1619
+ getAccessToken(authToken: string): Promise<AuthenticationTokensResponse>;
1620
+ refreshAccessToken(refreshToken: string): Promise<AuthenticationTokenRefreshResponse>;
1621
+ }
1622
+
1623
+ declare class ActiveSessionsService {
1624
+ private readonly restClient;
1625
+ constructor(restClient: RestClient);
1626
+ getActiveSessions(pageSize?: number, continuationToken?: string): Promise<AuthenticationListResponse>;
1627
+ revokeCurrentSession(): Promise<void>;
1628
+ revokeSession(sessionRef: string): Promise<void>;
1629
+ }
1630
+
1631
+ declare class OnlineSessionService {
1632
+ private readonly restClient;
1633
+ constructor(restClient: RestClient);
1634
+ openSession(request: OpenOnlineSessionRequest, upoVersion?: string): Promise<OpenOnlineSessionResponse>;
1635
+ sendInvoice(sessionRef: string, request: SendInvoiceRequest): Promise<SendInvoiceResponse>;
1636
+ closeSession(sessionRef: string): Promise<void>;
1637
+ }
1638
+
1639
+ declare class BatchSessionService {
1640
+ private readonly restClient;
1641
+ constructor(restClient: RestClient);
1642
+ openSession(request: OpenBatchSessionRequest, upoVersion?: string): Promise<OpenBatchSessionResponse>;
1643
+ sendParts(openResponse: OpenBatchSessionResponse, parts: BatchPartSendingInfo[]): Promise<void>;
1644
+ closeSession(batchRef: string): Promise<void>;
1645
+ }
1646
+
1647
+ declare class SessionStatusService {
1648
+ private readonly restClient;
1649
+ constructor(restClient: RestClient);
1650
+ getSessions(type: SessionType, pageSize?: number, continuationToken?: string, filter?: SessionsFilter): Promise<SessionsQueryResponse>;
1651
+ getSessionStatus(sessionRef: string): Promise<SessionStatusResponse>;
1652
+ getSessionInvoices(sessionRef: string, pageSize?: number, continuationToken?: string): Promise<SessionInvoicesResponse>;
1653
+ getSessionInvoice(sessionRef: string, invoiceRef: string): Promise<SessionInvoiceStatusResponse>;
1654
+ getSessionFailedInvoices(sessionRef: string, pageSize?: number, continuationToken?: string): Promise<SessionInvoicesResponse>;
1655
+ getInvoiceUpoByKsefNumber(sessionRef: string, ksefNumber: string): Promise<UpoResult>;
1656
+ getInvoiceUpoByReference(sessionRef: string, invoiceRef: string): Promise<UpoResult>;
1657
+ getSessionUpo(sessionRef: string, upoRef: string): Promise<UpoResult>;
1658
+ }
1659
+
1660
+ declare class InvoiceDownloadService {
1661
+ private readonly restClient;
1662
+ constructor(restClient: RestClient);
1663
+ getInvoice(ksefNumber: string): Promise<string>;
1664
+ queryInvoiceMetadata(filters: InvoiceQueryFilters, pageOffset?: number, pageSize?: number, sortOrder?: SortOrder): Promise<QueryInvoicesMetadataResponse>;
1665
+ exportInvoices(request: InvoiceExportRequest): Promise<OperationResponse>;
1666
+ getInvoiceExportStatus(ref: string): Promise<InvoiceExportStatusResponse>;
1667
+ }
1668
+
1669
+ declare class PermissionsService {
1670
+ private readonly restClient;
1671
+ constructor(restClient: RestClient);
1672
+ grantPersonPermissions(request: GrantPermissionsPersonRequest): Promise<OperationResponse>;
1673
+ grantEntityPermissions(request: GrantPermissionsEntityRequest): Promise<OperationResponse>;
1674
+ grantAuthorizationPermissions(request: GrantPermissionsAuthorizationRequest): Promise<OperationResponse>;
1675
+ grantIndirectPermissions(request: GrantPermissionsIndirectRequest): Promise<OperationResponse>;
1676
+ grantSubunitPermissions(request: GrantPermissionsSubunitRequest): Promise<OperationResponse>;
1677
+ grantEuEntityAdminPermissions(request: GrantPermissionsEuEntityAdminRequest): Promise<OperationResponse>;
1678
+ /** @deprecated Use grantEuEntityAdminPermissions instead */
1679
+ grantEuEntityPermissions(request: GrantPermissionsEuEntityAdminRequest): Promise<OperationResponse>;
1680
+ grantEuEntityRepresentativePermissions(request: GrantPermissionsEuEntityRepresentativeRequest): Promise<OperationResponse>;
1681
+ revokeCommonGrant(grantId: string): Promise<OperationResponse>;
1682
+ revokeAuthorizationGrant(grantId: string): Promise<OperationResponse>;
1683
+ queryPersonalGrants(options?: QueryPersonalGrantsRequest, pageOffset?: number, pageSize?: number): Promise<PagedPermissionsResponse<PersonalPermission>>;
1684
+ queryPersonsGrants(options: QueryPersonsGrantsRequest, pageOffset?: number, pageSize?: number): Promise<PagedPermissionsResponse<PersonPermission>>;
1685
+ querySubunitsGrants(options?: QuerySubunitsGrantsRequest, pageOffset?: number, pageSize?: number): Promise<PagedPermissionsResponse<SubunitPermission>>;
1686
+ queryEntitiesRoles(options?: QueryEntitiesRolesRequest): Promise<PagedRolesResponse<EntityRole>>;
1687
+ queryEntitiesGrants(options?: QueryEntitiesGrantsRequest, pageOffset?: number, pageSize?: number): Promise<PagedPermissionsResponse<EntityPermissionItem>>;
1688
+ querySubordinateEntitiesRoles(options?: QuerySubordinateEntitiesRolesRequest, pageOffset?: number, pageSize?: number): Promise<PagedRolesResponse<SubordinateEntityRole>>;
1689
+ queryAuthorizationsGrants(options: QueryAuthorizationsGrantsRequest, pageOffset?: number, pageSize?: number): Promise<PagedAuthorizationsResponse<EntityAuthorizationGrant>>;
1690
+ queryEuEntitiesGrants(options?: QueryEuEntitiesGrantsRequest, pageOffset?: number, pageSize?: number): Promise<PagedPermissionsResponse<EuEntityPermission>>;
1691
+ getOperationStatus(ref: string): Promise<PermissionsOperationStatusResponse>;
1692
+ getAttachmentStatus(): Promise<PermissionsAttachmentAllowedResponse>;
1693
+ }
1694
+
1695
+ declare class TokenService {
1696
+ private readonly restClient;
1697
+ constructor(restClient: RestClient);
1698
+ generateToken(request: KsefTokenRequest): Promise<KsefTokenResponse>;
1699
+ queryTokens(options?: QueryKsefTokensOptions): Promise<QueryKsefTokensResponse>;
1700
+ getToken(ref: string): Promise<TokenStatusResponse>;
1701
+ revokeToken(ref: string): Promise<void>;
1702
+ }
1703
+
1704
+ declare class CertificateApiService {
1705
+ private readonly restClient;
1706
+ constructor(restClient: RestClient);
1707
+ getLimits(): Promise<CertificateLimitsResponse>;
1708
+ getEnrollmentData(): Promise<CertificateEnrollmentDataResponse>;
1709
+ enroll(request: EnrollCertificateRequest): Promise<EnrollCertificateResponse>;
1710
+ getEnrollmentStatus(ref: string): Promise<CertificateEnrollmentStatusResponse>;
1711
+ retrieve(request: RetrieveCertificatesRequest): Promise<RetrieveCertificatesResponse>;
1712
+ revoke(serialNumber: string, request: RevokeCertificateRequest): Promise<void>;
1713
+ query(request: QueryCertificatesRequest, pageSize?: number, pageOffset?: number): Promise<QueryCertificatesResponse>;
1714
+ }
1715
+
1716
+ declare class LighthouseService {
1717
+ private readonly lighthouseUrl;
1718
+ private readonly timeout;
1719
+ constructor(options: ResolvedOptions);
1720
+ private fetchJson;
1721
+ getStatus(): Promise<KsefStatusResponse>;
1722
+ getMessages(): Promise<LighthouseMessage[]>;
1723
+ }
1724
+
1725
+ declare class LimitsService {
1726
+ private readonly restClient;
1727
+ constructor(restClient: RestClient);
1728
+ getContextLimits(): Promise<EffectiveContextLimits>;
1729
+ getSubjectLimits(): Promise<EffectiveSubjectLimits>;
1730
+ getRateLimits(): Promise<EffectiveApiRateLimits>;
1731
+ }
1732
+
1733
+ declare class PeppolService {
1734
+ private readonly restClient;
1735
+ constructor(restClient: RestClient);
1736
+ queryProviders(pageOffset?: number, pageSize?: number): Promise<QueryPeppolProvidersResponse>;
1737
+ }
1738
+
1739
+ declare class TestDataService {
1740
+ private readonly restClient;
1741
+ constructor(restClient: RestClient);
1742
+ createSubject(request: SubjectCreateRequest): Promise<TestDataStatusResponse>;
1743
+ removeSubject(request: SubjectRemoveRequest): Promise<TestDataStatusResponse>;
1744
+ createPerson(request: PersonCreateRequest): Promise<TestDataStatusResponse>;
1745
+ removePerson(request: PersonRemoveRequest): Promise<TestDataStatusResponse>;
1746
+ grantPermissions(request: TestDataPermissionsGrantRequest): Promise<TestDataStatusResponse>;
1747
+ revokePermissions(request: TestDataPermissionsRevokeRequest): Promise<TestDataStatusResponse>;
1748
+ enableAttachment(request: AttachmentPermissionGrantRequest): Promise<TestDataStatusResponse>;
1749
+ disableAttachment(request: AttachmentPermissionRevokeRequest): Promise<TestDataStatusResponse>;
1750
+ changeSessionLimits(request: SetSessionLimitsRequest): Promise<TestDataStatusResponse>;
1751
+ restoreDefaultSessionLimits(): Promise<TestDataStatusResponse>;
1752
+ changeCertificatesLimit(request: SetSubjectLimitsRequest): Promise<TestDataStatusResponse>;
1753
+ restoreDefaultCertificatesLimit(): Promise<TestDataStatusResponse>;
1754
+ setRateLimits(request: SetRateLimitsRequest): Promise<TestDataStatusResponse>;
1755
+ restoreDefaultRateLimits(): Promise<TestDataStatusResponse>;
1756
+ setProductionRateLimits(): Promise<TestDataStatusResponse>;
1757
+ blockContext(request: BlockContextAuthenticationRequest): Promise<TestDataStatusResponse>;
1758
+ unblockContext(request: UnblockContextAuthenticationRequest): Promise<TestDataStatusResponse>;
1759
+ }
1760
+
1761
+ declare class AuthTokenRequestBuilder {
1762
+ private challenge?;
1763
+ private contextIdentifier?;
1764
+ private subjectIdentifierType?;
1765
+ private authorizationPolicy?;
1766
+ withChallenge(challenge: string): this;
1767
+ withContextNip(nip: string): this;
1768
+ withContextInternalId(id: string): this;
1769
+ withContextNipVatUe(value: string): this;
1770
+ withContextPeppolId(id: string): this;
1771
+ withSubjectType(type: XadesSubjectIdentifierType): this;
1772
+ withAuthorizationPolicy(policy: AuthorizationPolicy): this;
1773
+ build(): AuthTokenRequest;
1774
+ private withContext;
1775
+ }
1776
+
1777
+ declare class AuthKsefTokenRequestBuilder {
1778
+ private challenge?;
1779
+ private contextIdentifier?;
1780
+ private encryptedToken?;
1781
+ private authorizationPolicy?;
1782
+ withChallenge(challenge: string): this;
1783
+ withContextNip(nip: string): this;
1784
+ withContextInternalId(id: string): this;
1785
+ withContextNipVatUe(value: string): this;
1786
+ withContextPeppolId(id: string): this;
1787
+ withEncryptedToken(token: string): this;
1788
+ withAuthorizationPolicy(policy: AuthorizationPolicy): this;
1789
+ build(): AuthKsefTokenRequest;
1790
+ private withContext;
1791
+ }
1792
+
1793
+ declare class InvoiceQueryFilterBuilder {
1794
+ private subjectType?;
1795
+ private dateRange?;
1796
+ private ksefNumber?;
1797
+ private invoiceNumber?;
1798
+ private amount?;
1799
+ private sellerNip?;
1800
+ private buyerIdentifier?;
1801
+ private currencyCodes?;
1802
+ private invoicingMode?;
1803
+ private isSelfInvoicing?;
1804
+ private formType?;
1805
+ private invoiceTypes?;
1806
+ private hasAttachment?;
1807
+ withSubjectType(type: InvoiceSubjectType): this;
1808
+ withDateRange(dateType: InvoiceQueryDateType, from: string, to?: string): this;
1809
+ withDateRangeRestricted(dateType: InvoiceQueryDateType, from: string, to?: string): this;
1810
+ withKsefNumber(ksefNumber: string): this;
1811
+ withInvoiceNumber(invoiceNumber: string): this;
1812
+ withAmount(type: AmountType, from?: number, to?: number): this;
1813
+ withSellerNip(nip: string): this;
1814
+ withBuyerIdentifier(type: BuyerIdentifierType, value?: string): this;
1815
+ withCurrencyCodes(codes: string[]): this;
1816
+ withInvoicingMode(mode: InvoicingMode): this;
1817
+ withSelfInvoicing(value: boolean): this;
1818
+ withFormType(type: FormType): this;
1819
+ withInvoiceTypes(types: InvoiceType[]): this;
1820
+ withHasAttachment(value: boolean): this;
1821
+ build(): InvoiceQueryFilters;
1822
+ }
1823
+
1824
+ declare class PersonPermissionGrantBuilder {
1825
+ private subjectIdentifier?;
1826
+ private permissions;
1827
+ private _description?;
1828
+ private _subjectDetails?;
1829
+ withSubjectIdentifier(type: PermissionSubjectIdentifierType, value: string): this;
1830
+ addPermission(permission: PersonPermissionType): this;
1831
+ withPermissions(permissions: PersonPermissionType[]): this;
1832
+ withDescription(description: string): this;
1833
+ withSubjectDetails(subjectDetails: PersonPermissionSubjectDetails): this;
1834
+ build(): GrantPermissionsPersonRequest;
1835
+ }
1836
+
1837
+ declare class EntityPermissionGrantBuilder {
1838
+ private nip?;
1839
+ private permissions;
1840
+ private _description?;
1841
+ private _subjectDetails?;
1842
+ withNip(nip: string): this;
1843
+ addPermission(type: EntityPermissionItemType, canDelegate?: boolean): this;
1844
+ withPermissions(permissions: EntityPermission[]): this;
1845
+ withDescription(description: string): this;
1846
+ withSubjectDetails(subjectDetails: EntityDetails): this;
1847
+ build(): GrantPermissionsEntityRequest;
1848
+ }
1849
+
1850
+ declare class AuthorizationPermissionGrantBuilder {
1851
+ private _subjectIdentifier?;
1852
+ private _permission?;
1853
+ private _description?;
1854
+ private _subjectDetails?;
1855
+ withSubjectIdentifier(type: EntityAuthorizationPermissionsSubjectIdentifierType, value: string): this;
1856
+ withPermission(permission: EntityAuthorizationPermissionType): this;
1857
+ withDescription(description: string): this;
1858
+ withSubjectDetails(subjectDetails: EntityDetails): this;
1859
+ build(): GrantPermissionsAuthorizationRequest;
1860
+ }
1861
+
1862
+ declare class CertificateFetcher {
1863
+ private readonly restClient;
1864
+ private symmetricKeyPem;
1865
+ private ksefTokenPem;
1866
+ private initialized;
1867
+ constructor(restClient: RestClient);
1868
+ init(): Promise<void>;
1869
+ refresh(): Promise<void>;
1870
+ getSymmetricKeyEncryptionPem(): string;
1871
+ getKsefTokenEncryptionPem(): string;
1872
+ private fetchCertificates;
1873
+ private derBase64ToPem;
1874
+ }
1875
+
1876
+ /**
1877
+ * Cryptographic operations for the KSeF system.
1878
+ *
1879
+ * Provides AES-256-CBC encryption/decryption, RSA-OAEP key wrapping,
1880
+ * KSeF token encryption (RSA or ECDH+AES-GCM), SHA-256 hashing,
1881
+ * and CSR generation (RSA-2048 / ECDSA P-256).
1882
+ */
1883
+ declare class CryptographyService {
1884
+ private readonly fetcher;
1885
+ constructor(fetcher: CertificateFetcher);
1886
+ /** Initialise the underlying certificate fetcher. */
1887
+ init(): Promise<void>;
1888
+ /** Encrypt with AES-256-CBC (PKCS7 padding is automatic in Node). */
1889
+ encryptAES256(content: Uint8Array, key: Uint8Array, iv: Uint8Array): Uint8Array;
1890
+ /** Decrypt with AES-256-CBC. */
1891
+ decryptAES256(content: Uint8Array, key: Uint8Array, iv: Uint8Array): Uint8Array;
1892
+ /**
1893
+ * Generate a random AES-256 key and IV, then wrap the key with the
1894
+ * SymmetricKeyEncryption certificate's RSA public key (RSA-OAEP SHA-256).
1895
+ */
1896
+ getEncryptionData(): EncryptionData;
1897
+ /**
1898
+ * Encrypt a KSeF token for session authorisation.
1899
+ *
1900
+ * Token payload: `"<token>|<challengeTimestampMs>"`.
1901
+ *
1902
+ * The algorithm is chosen automatically based on the KsefTokenEncryption
1903
+ * certificate's public key type:
1904
+ * - **RSA** — RSA-OAEP with SHA-256
1905
+ * - **EC** — ECDH key-agreement (P-256) + AES-256-GCM
1906
+ *
1907
+ * The EC variant outputs bytes in the Java-compatible format:
1908
+ * `[ephemeralSPKI | nonce(12) | ciphertext+tag]`.
1909
+ */
1910
+ encryptKsefToken(token: string, challengeTimestamp: string): Uint8Array;
1911
+ /** Compute SHA-256 hash (base64) and byte length. */
1912
+ getFileMetadata(file: Uint8Array): FileMetadata;
1913
+ /** Generate an RSA-2048 CSR (PKCS#10, DER) and return it together with the private key PEM. */
1914
+ generateCsrRsa(fields: X500NameFields): Promise<CsrResult>;
1915
+ /** Generate an ECDSA P-256 CSR (PKCS#10, DER) and return it together with the private key PEM. */
1916
+ generateCsrEcdsa(fields: X500NameFields): Promise<CsrResult>;
1917
+ /** Parse a PEM-encoded private key into a Node.js KeyObject. */
1918
+ parsePrivateKey(pem: string): crypto.KeyObject;
1919
+ /** RSA-OAEP SHA-256 encryption. */
1920
+ private encryptRsaOaep;
1921
+ /**
1922
+ * ECDH (P-256) + AES-256-GCM encryption.
1923
+ *
1924
+ * 1. Generate an ephemeral EC key pair on the same curve (P-256).
1925
+ * 2. Derive a shared secret via ECDH with the receiver's public key.
1926
+ * 3. Use the shared secret (32 bytes) as the AES-256-GCM key.
1927
+ * 4. Encrypt with a random 12-byte nonce.
1928
+ * 5. Output: `[ephemeralSPKI | nonce(12) | ciphertext+tag]`
1929
+ * (Java-compatible — GCM appends the 16-byte tag to the ciphertext).
1930
+ */
1931
+ private encryptEcdhAesGcm;
1932
+ }
1933
+
1934
+ /**
1935
+ * XAdES-B enveloped XML signature service.
1936
+ *
1937
+ * Produces signatures compatible with the Polish KSeF API.
1938
+ *
1939
+ * The implementation builds the entire `ds:Signature` element manually,
1940
+ * using `xml-crypto`'s {@link ExclusiveCanonicalization} for XML C14N
1941
+ * and `node:crypto` for the actual cryptographic signing.
1942
+ */
1943
+ declare class SignatureService {
1944
+ /**
1945
+ * Sign an XML document with an XAdES-B enveloped signature.
1946
+ *
1947
+ * @param xml - The XML document to sign (string).
1948
+ * @param certPem - The signing certificate in PEM format.
1949
+ * @param privateKeyPem - The private key in PEM format.
1950
+ * @returns The signed XML document as a string.
1951
+ */
1952
+ static sign(xml: string, certPem: string, privateKeyPem: string): string;
1953
+ }
1954
+
1955
+ declare class CertificateService {
1956
+ static getSha256Fingerprint(certPem: string): string;
1957
+ static generatePersonalCertificate(givenName: string, surname: string, serialNumber: string, commonName: string, method?: CryptoEncryptionMethod): Promise<SelfSignedCertificateResult>;
1958
+ static generateCompanySeal(orgName: string, orgIdentifier: string, commonName: string, method?: CryptoEncryptionMethod): Promise<SelfSignedCertificateResult>;
1959
+ }
1960
+
1961
+ declare class VerificationLinkService {
1962
+ private readonly baseQrUrl;
1963
+ constructor(baseQrUrl: string);
1964
+ /**
1965
+ * Build invoice verification URL (Code I).
1966
+ * Format: {baseQrUrl}/invoice/{NIP}/{DD-MM-YYYY}/{hash_base64url}
1967
+ */
1968
+ buildInvoiceVerificationUrl(nip: string, issueDate: Date | string, invoiceHashBase64: string): string;
1969
+ /**
1970
+ * Build certificate verification URL (Code II).
1971
+ * Format: {baseQrUrl}/certificate/{contextType}/{contextId}/{sellerNip}/{certSerial}/{hash_base64url}/{signature_base64url}
1972
+ */
1973
+ buildCertificateVerificationUrl(contextType: string, contextId: string, sellerNip: string, certSerial: string, invoiceHashBase64: string, privateKeyPem: string): string;
1974
+ private base64ToBase64Url;
1975
+ }
1976
+
1977
+ declare class QrCodeService {
1978
+ static generateQrCode(url: string, options?: QrCodeOptions): Promise<Buffer>;
1979
+ static generateQrCodeBase64(url: string, options?: QrCodeOptions): Promise<string>;
1980
+ static generateQrCodeSvg(url: string, options?: QrCodeOptions): Promise<string>;
1981
+ static generateQrCodeSvgWithLabel(url: string, label: string, options?: QrCodeOptions): Promise<string>;
1982
+ static generateResult(url: string, options?: QrCodeOptions): Promise<QrCodeResult>;
1983
+ }
1984
+
1985
+ declare class KSeFClient {
1986
+ readonly auth: AuthService;
1987
+ readonly activeSessions: ActiveSessionsService;
1988
+ readonly onlineSession: OnlineSessionService;
1989
+ readonly batchSession: BatchSessionService;
1990
+ readonly sessionStatus: SessionStatusService;
1991
+ readonly invoices: InvoiceDownloadService;
1992
+ readonly permissions: PermissionsService;
1993
+ readonly tokens: TokenService;
1994
+ readonly certificates: CertificateApiService;
1995
+ readonly lighthouse: LighthouseService;
1996
+ readonly limits: LimitsService;
1997
+ readonly peppol: PeppolService;
1998
+ readonly testData: TestDataService;
1999
+ readonly crypto: CryptographyService;
2000
+ readonly qr: VerificationLinkService;
2001
+ readonly options: ResolvedOptions;
2002
+ readonly authManager: AuthManager;
2003
+ constructor(options?: KSeFClientOptions);
2004
+ loginWithToken(token: string, nip: string): Promise<void>;
2005
+ loginWithCertificate(certPem: string, keyPem: string, nip: string): Promise<void>;
2006
+ logout(): Promise<void>;
2007
+ }
2008
+
2009
+ export { ActiveSessionsService, type AllowedIps, type AmountType, type ApiErrorResponse, type ApiRateLimitValuesOverride, type ApiRateLimitsOverride, type AttachmentPermissionGrantRequest, type AttachmentPermissionRevokeRequest, type AuthChallengeResponse, type AuthKsefTokenRequest, AuthKsefTokenRequestBuilder, type AuthManager, AuthService, type AuthSessionInfo, type AuthTokenRequest, AuthTokenRequestBuilder, type AuthenticationInitResponse, type AuthenticationKsefToken, type AuthenticationListResponse, type AuthenticationMethod, type AuthenticationMethodInfo, type AuthenticationMethodInfoCategory, type AuthenticationOperationStatusResponse, type AuthenticationTokenRefreshResponse, type AuthenticationTokensResponse, type AuthorizationGrant, AuthorizationPermissionGrantBuilder, type AuthorizationPolicy, Base64String, type BatchFileInfo, type BatchFilePartInfo, type BatchPartSendingInfo, type BatchSessionContextLimitsOverride, type BatchSessionEffectiveContextLimits, BatchSessionService, type BlockContextAuthenticationRequest, type BuyerIdentifierType, CERTIFICATE_NAME_MAX_LENGTH, CERTIFICATE_NAME_MIN_LENGTH, CertificateApiService, type CertificateEffectiveSubjectLimits, type CertificateEnrollmentDataResponse, type CertificateEnrollmentStatusResponse, CertificateFetcher, CertificateFingerprint, type CertificateLimit, type CertificateLimitsResponse, type CertificateListItem, CertificateName, type CertificateRevocationReason, CertificateService, type CertificateStatus, type CertificateSubjectIdentifier, type CertificateSubjectIdentifierType, type CertificateSubjectLimitsOverride, type CertificateType, type ContextIdentifier, type ContextIdentifierType, type CryptoEncryptionMethod, CryptographyService, type CsrResult, DefaultAuthManager, type EffectiveApiRateLimitValues, type EffectiveApiRateLimits, type EffectiveContextLimits, type EffectiveSubjectLimits, type EncryptionData, type EncryptionInfo, type EnrollCertificateRequest, type EnrollCertificateResponse, type EnrollmentEffectiveSubjectLimits, type EnrollmentSubjectLimitsOverride, type EntityAuthorizationGrant, type EntityAuthorizationPermissionType, type EntityAuthorizationPermissionsSubjectIdentifierType, type EntityAuthorizationSubjectIdentifier, type EntityAuthorizationsAuthorIdentifier, type EntityAuthorizationsAuthorIdentifierType, type EntityAuthorizationsAuthorizedEntityIdentifier, type EntityAuthorizationsAuthorizedEntityIdentifierType, type EntityAuthorizationsAuthorizingEntityIdentifier, type EntityAuthorizationsAuthorizingEntityIdentifierType, type EntityAuthorizationsQueryType, type EntityByFingerprintDetails, type EntityDetails, type EntityPermission, EntityPermissionGrantBuilder, type EntityPermissionItem, type EntityPermissionItemType, type EntityPermissionsContextIdentifier, type EntityPermissionsContextIdentifierType, type EntityRole, type EntityRoleType, type EntityRolesParentEntityIdentifier, type EntityRolesParentEntityIdentifierType, type EntitySubjectByFingerprintDetailsType, type EntitySubjectByIdentifierDetailsType, type EntitySubjectDetailsType, type EntitySubjectIdentifier, Environment, type EnvironmentConfig, type EnvironmentName, type EuEntityAdministrationContextIdentifier, type EuEntityAdministrationPermissionsContextIdentifierType, type EuEntityAdministrationPermissionsSubjectIdentifierType, type EuEntityAdministrationSubjectIdentifier, type EuEntityDetails, type EuEntityPermission, type EuEntityPermissionSubjectDetails, type EuEntityPermissionSubjectDetailsType, type EuEntityPermissionType, type EuEntityPermissionsAuthorIdentifier, type EuEntityPermissionsAuthorIdentifierType, type EuEntityPermissionsQueryPermissionType, type EuEntityPermissionsSubjectIdentifier, type EuEntityPermissionsSubjectIdentifierType, type ExceptionDetails, type FileMetadata, type ForbiddenProblemDetails, type ForbiddenReasonCode, type FormCode, type FormType, type GrantPermissionsAuthorizationRequest, type GrantPermissionsEntityRequest, type GrantPermissionsEuEntityAdminRequest, type GrantPermissionsEuEntityRepresentativeRequest, type GrantPermissionsEuEntityRequest, type GrantPermissionsIndirectRequest, type GrantPermissionsPersonRequest, type GrantPermissionsSubunitRequest, type HttpMethod, type IdDocument, type IndirectPermissionType, type IndirectPermissionsSubjectIdentifier, type IndirectPermissionsSubjectIdentifierType, type IndirectPermissionsTargetIdentifier, type IndirectPermissionsTargetIdentifierType, InternalId, InvoiceDownloadService, type InvoiceExportPackage, type InvoiceExportPackagePart, type InvoiceExportRequest, type InvoiceExportStatusResponse, type InvoiceMetadata, type InvoiceMetadataAuthorizedSubject, type InvoiceMetadataBuyer, type InvoiceMetadataBuyerIdentifier, type InvoiceMetadataSeller, type InvoiceMetadataThirdSubject, type InvoiceMetadataThirdSubjectIdentifier, type InvoicePermissionType, type InvoiceQueryAmount, type InvoiceQueryBuyerIdentifier, type InvoiceQueryDateRange, type InvoiceQueryDateType, InvoiceQueryFilterBuilder, type InvoiceQueryFilters, type InvoiceStatusInfo, type InvoiceSubjectType, type InvoiceType, type InvoicingMode, Ip4Address, Ip4Mask, Ip4Range, KSeFApiError, KSeFAuthStatusError, KSeFClient, type KSeFClientOptions, KSeFError, KSeFForbiddenError, KSeFRateLimitError, KSeFSessionExpiredError, KSeFUnauthorizedError, KSeFValidationError, type KsefMessagesResponse, KsefNumber, KsefNumberV35, KsefNumberV36, type KsefStatusResponse, type KsefSystemStatus, type KsefTokenPermissionType, type KsefTokenRequest, type KsefTokenResponse, type KsefTokenStatus, type LighthouseMessage, LighthouseService, LimitsService, Nip, NipVatUe, type OnlineSessionContextLimitsOverride, type OnlineSessionEffectiveContextLimits, OnlineSessionService, type OpenBatchSessionRequest, type OpenBatchSessionResponse, type OpenOnlineSessionRequest, type OpenOnlineSessionResponse, type OperationResponse, type OperationStatusInfo, PERMISSION_DESCRIPTION_MAX_LENGTH, PERMISSION_DESCRIPTION_MIN_LENGTH, type PagedAuthorizationsResponse, type PagedPermissionsResponse, type PagedRolesResponse, type PartUploadRequest, PeppolId, type PeppolProvider, PeppolService, type PermissionState, type PermissionSubjectIdentifierType, type PermissionWithDelegate, type PermissionsAttachmentAllowedResponse, type PermissionsEuEntityDetails, type PermissionsOperationStatusResponse, PermissionsService, type PermissionsSubjectEntityByFingerprintDetails, type PermissionsSubjectEntityByIdentifierDetails, type PermissionsSubjectEntityDetails, type PermissionsSubjectPersonByFingerprintDetails, type PermissionsSubjectPersonDetails, type PersonByFingerprintWithIdentifierDetails, type PersonByFingerprintWithoutIdentifierDetails, type PersonByIdentifierDetails, type PersonCreateRequest, type PersonIdentifier, type PersonIdentifierType, type PersonPermission, PersonPermissionGrantBuilder, type PersonPermissionSubjectDetails, type PersonPermissionType, type PersonPermissionsAuthorIdentifier, type PersonPermissionsAuthorIdentifierType, type PersonPermissionsAuthorizedIdentifier, type PersonPermissionsAuthorizedIdentifierType, type PersonPermissionsContextIdentifier, type PersonPermissionsContextIdentifierType, type PersonPermissionsQueryType, type PersonPermissionsTargetIdentifier, type PersonPermissionsTargetIdentifierType, type PersonRemoveRequest, type PersonSubjectByFingerprintDetailsType, type PersonSubjectDetailsType, type PersonSubjectIdentifier, type PersonalPermission, type PersonalPermissionScopeType, type PersonalPermissionsAuthorizedIdentifier, type PersonalPermissionsAuthorizedIdentifierType, type PersonalPermissionsContextIdentifier, type PersonalPermissionsContextIdentifierType, type PersonalPermissionsTargetIdentifier, type PersonalPermissionsTargetIdentifierType, Pesel, type PresignedUrlPolicy, type PublicKeyCertificate, type PublicKeyCertificateUsage, type QRCodeContextIdentifierType, type QrCodeOptions, type QrCodeResult, QrCodeService, type QueryAuthorizationsGrantsRequest, type QueryCertificatesRequest, type QueryCertificatesResponse, type QueryEntitiesGrantsRequest, type QueryEntitiesRolesRequest, type QueryEuEntitiesGrantsRequest, type QueryInvoicesMetadataResponse, type QueryKsefTokensOptions, type QueryKsefTokensResponse, type QueryPeppolProvidersResponse, type QueryPersonalGrantsRequest, type QueryPersonsGrantsRequest, type QuerySubordinateEntitiesRolesRequest, type QuerySubunitsGrantsRequest, type QueryTokensResponseItem, REQUIRED_CHALLENGE_LENGTH, type RateLimitConfig, RateLimitPolicy, ReferenceNumber, type ResolvedOptions, RestClient, RestRequest, type RestResponse, type RetrieveCertificatesListItem, type RetrieveCertificatesRequest, type RetrieveCertificatesResponse, type RetryPolicy, type RevokeCertificateRequest, RouteBuilder, Routes, SUBUNIT_NAME_MAX_LENGTH, SUBUNIT_NAME_MIN_LENGTH, type SelfSignedCertificateResult, type SendInvoiceRequest, type SendInvoiceResponse, type SessionInvoiceStatusResponse, type SessionInvoicesResponse, type SessionStatus, type SessionStatusResponse, SessionStatusService, type SessionType, type SessionsFilter, type SessionsQueryResponse, type SessionsQueryResponseItem, type SetRateLimitsRequest, type SetSessionLimitsRequest, type SetSubjectLimitsRequest, Sha256Base64, SignatureService, type SortOrder, type StatusInfo, type SubjectCreateRequest, type SubjectRemoveRequest, type SubjectType, type SubordinateEntityRole, type SubordinateEntityRoleType, type SubordinateRoleSubordinateEntityIdentifier, type SubordinateRoleSubordinateEntityIdentifierType, type Subunit, type SubunitPermission, type SubunitPermissionScope, type SubunitPermissionsAuthorIdentifier, type SubunitPermissionsAuthorIdentifierType, type SubunitPermissionsAuthorizedIdentifier, type SubunitPermissionsContextIdentifier, type SubunitPermissionsContextIdentifierType, type SubunitPermissionsSubjectIdentifier, type SubunitPermissionsSubjectIdentifierType, type SubunitPermissionsSubunitIdentifier, type SubunitPermissionsSubunitIdentifierType, type TestDataAuthenticationContextIdentifier, type TestDataAuthenticationContextIdentifierType, type TestDataAuthorizedIdentifier, type TestDataAuthorizedIdentifierType, type TestDataContextIdentifier, type TestDataContextIdentifierType, type TestDataPermission, type TestDataPermissionType, type TestDataPermissionsGrantRequest, type TestDataPermissionsRevokeRequest, TestDataService, type TestDataStatusResponse, type ThirdSubjectIdentifierType, type TokenAuthorIdentifier, type TokenAuthorIdentifierType, type TokenContextIdentifier, type TokenContextIdentifierType, type TokenInfo, TokenService, type TokenStatusResponse, type TransportFn, type UnauthorizedProblemDetails, type UnblockContextAuthenticationRequest, type UpoPage, type UpoResponse, type UpoResult, type ValidationDetail, VatUe, VerificationLinkService, type X500NameFields, type XadesSubjectIdentifierType, calculateBackoff, defaultPresignedUrlPolicy, defaultRateLimitPolicy, defaultRetryPolicy, defaultTransport, isRetryableError, isRetryableStatus, isValidBase64, isValidCertificateFingerprint, isValidCertificateName, isValidInternalId, isValidIp4Address, isValidKsefNumber, isValidNip, isValidNipVatUe, isValidPeppolId, isValidPesel, isValidReferenceNumber, isValidSha256Base64, isValidVatUe, parseRetryAfter, resolveOptions, sleep, validatePresignedUrl };