errorPOLubl-2.1

PL-R-004:KSeF session token invalid

KSeF API requires valid authentication token.

Severity
Fatal
Rule set
ubl-2.1
Country
POL
Fix type
BLOCKED

Engine Classification

Financial or legal field · Modification blocked by policy

Reason: KSeF API authentication token is invalid or expired. This is not an invoice content issue. Renew your KSeF session token through the KSeF API authentication process. Check your invoicing software KSeF credentials configuration.

What is PL-R-004?

PL-R-004 is a fatal validation rule defined in the ubl-2.1 specification (POL national rules). It validates the KSeF API authentication element in the UBL invoice XML.

When this rule fires, the invoice is non-compliant and will be rejected by Peppol access points and national validation services. The sending system receives a rejection response and the invoice does not reach the buyer.

Target path: KSeF API authentication

This error requires manual correction — financial fields are protected by policy.Get API Access

Why This Error Matters

Authentication required for KSeF operations.

PL-R-004 is a hard failure. Invoices that trigger this rule are rejected at the access point and never reach the recipient. In Peppol networks, this means your sending system receives an MLR (Message Level Response) with a rejection status. The invoice must be corrected and re-sent, adding delay to your payment cycle.

Validator Behavior

  • ·Causes invoice rejection
  • ·Fails UBL schema validation
  • ·Error returned: PL-R-004
  • ·Specification: ubl-2.1

How to Fix It

1.

Authenticate

Use qualified certificate or trusted profile

2.

Get token

Call InitSessionBySignature

3.

Use token

Include in subsequent API calls

XML Example

Generic example based on the rule's target XPath. Your actual XML structure may differ.

Before
<!-- Triggers validation error -->
<KSeF API authentication></KSeF API authentication>
After
<!-- Corrected -->
<KSeF API authentication>VALID_VALUE</KSeF API authentication>

Technical Reference

XPathKSeF API authentication
Specubl-2.1

Common Causes

  • ·Expired token
  • ·Invalid certificate
  • ·Wrong authentication method

Seeing this in production? The API handles PL-R-004 automatically. See the fix response →

Frequently Asked Questions

KSeF API requires valid authentication token.

Obtain valid KSeF session token using certificate or trusted profile. This error involves a protected field — Invoice Navigator flags it in your pipeline so your team can correct it at the source.

Yes, PL-R-004 is a critical error that will cause invoice rejection. It must be fixed before submission.

Related Content

Errors
KSeF submission requiredCurrency must be PLN for KSeF
Answers
What are the differences between e-invoice formats?Which EU countries have e-invoicing mandates and what are the deadlines?

Last updated: 3 March 2026

Share this guide:

Detect PL-R-004 Before Submission

This error involves a financial or legal field that cannot be auto-modified. The compliance engine flags it immediately with a clear diagnosis so your team can fix it at the source.

Get API AccessView API Documentation