Certificates for interface use

Integration to Vero API services requires using a client certificate. Authentication method is client certificate authentication which means that the client certificate is verified during SSL handshake. Caller’s private key and certificate are verified during the handshake. The certificate is used to identify and authorize the organization.

Tax Administration cannot give detailed instructions on how to attach the certificate to a service call because it is done based what technology solutions user's application is using. Further details can be found with popular search engines with keywords “client certificate authentication”. However, one way to add a certificate to an call has been published on the Code examples page, you can use the example for your own implementation.

When building integration with Vero API services you must test most common use cases in Vero API test environment using a test certificate. Typical use cases include reacting appropriately to response status codes received from service when sent message was valid and when message contained input errors or business validations failed. Also, the client software should handle unexpected errors or service down time gracefully.

An interface-specific production access requires test scenarios to be executed in the API portal. Test scenarios are executed by calling interfaces with the integration verification endpoint with a production certificate.

More information about the certificates can be found in Testing and Production pages.