Welcome | Get started | Dive | Contribute | Topics | Reference | Changes | More

How to set up your credentials

Whether you want to play as a developer with the Ibanity API, or whether you want to configure a production site, in both cases you need to set up your credential files so that Lino can access the Ibanity API. Here is how to do this.

  • We assume that you have your Lino developer environment installed.

  • Create an account on the Ibanity developer portal.

  • Create a sandbox application, activate the “Flowin e-invoicing” product, generate a certificate, extract the certificate files and store them into an arbitrary directory in your private data (e.g. ~/Documents/ibanity/sandbox). The directory should now contain four files:

    $ cd ~/Documents/ibanity/sandbox
$ ls
ca_chain.pem  certificate.pem  certificate.pfx  private_key.pem

  • Decrypt the private key because Python’s requests module doesn’t support encrypted keys:

    $ openssl rsa -in private_key.pem -out decrypted_private_key.pem

    Not sure about this but it seems that you can now throw away the private_key.pem file and forget the password you used to generate it.

  • Still in the same directory, create a file named credentials.txt that contains a single line of text in the format {client_id}:{client_secret}. Where client_id and client_secret are both given by the Ibanity developer portal. For sandbox applications the client_secret is always the same string “valid_client_secret”.

  • Go to your copy of the cosi1 demo project and create a symbolic link named secrets, which points to your private directory:

    $ go cosi1
$ ln -s ~/Documents/ibanity/sandbox secrets

    Note that files and directories named secrets are ignored by Git because they are listed in the .gitignore file.

Now you should be able to test the documents of the peppol plugin by saying:

$ go book
$ doctest docs/plugins/peppol/*.rst

For a live application it’s similar but when generating the certificate, the Ibanity portal asks you to generate an RSA key pair and a Certificate Signing Request:

$ cd ~/Documents/ibanity/live
$ openssl genrsa -aes256 -out private_key.pem 2048
$ openssl req -new -sha256 -key private_key.pem -out ibanity.csr ...

And then to upload the ibanity.csr file to their server. And the zip file with certificate files contains only two files ca_chain.pem and certificate.pem. And instead of creating a symbolic link you probably use scp to upload these files to a real subdirectory secrets on your Lino server.