CO₂e Attestations — Partners
Partners — Packs & Partner Key Model
This page explains how partners use Certif-Scope in V1: purchasing prepaid packs, receiving a partner key, and generating CO₂e attestations on demand. No API, no accounts, no integrations.
1.Partner Access Overview
Certif-Scope Partner Access is a controlled access model designed for organizations that need to request, generate or distribute standardized CO₂e attestations at scale. It is intended for institutional workflows where a consistent environmental document is required from third parties.
Partner Access does not provide ESG software, data platforms or reporting tools. It delivers a simple and verifiable attestation format that can be integrated into procurement, compliance or risk processes without changing existing systems.
Institutional Use Case
Partner Access is built for banks, insurers, large corporations and procurement teams that require standardized CO₂e documentation from suppliers, clients or SMEs as part of their operational or compliance workflows.
Standardized Output
All attestations generated through Partner Access follow the same fixed structure, methodology and verification format, ensuring consistency across all third-party submissions and reducing review friction.
Clear Scope & Limits
Partner Access provides indicative, spend-based CO₂e attestations only. It does not perform audits, store ESG data, or replace regulatory reporting obligations such as CSRD or ISO-based inventories.
2.Packs & Credits
Partner access to Certif-Scope is based on a prepaid credit model. Partners purchase attestation packs in advance and consume credits only when an attestation is generated.
This approach provides predictable costs, full usage control and compatibility with procurement, finance and compliance processes. There are no subscriptions, no recurring fees and no automatic billing.
Prepaid Credit Packs
Partners purchase packs of credits in advance. One credit corresponds to one generated CO₂e Attestation, with no hidden fees or variable pricing.
Controlled Consumption
Credits are consumed only at the moment of attestation generation. Verification, consultation and document sharing never consume credits.
Procurement-Friendly Model
The prepaid credit model aligns with enterprise purchasing processes, budget validation and internal approval workflows, without long-term contractual commitments.
3.Partner Key Issuance
A Partner Key is issued once a prepaid attestation pack has been successfully purchased. The key grants the right to generate a defined number of CO₂e Attestations, under the responsibility of a single identified partner.
Key issuance is a controlled, one-time operation. It does not create user accounts, dashboards or persistent sessions, and does not require any technical integration.
Issued After Payment Confirmation
The Partner Key is generated only after successful payment validation of a prepaid attestation pack. No key exists before purchase.
Delivered by Email
The Partner Key is delivered by email to the address provided at purchase. This email defines the responsible party for key usage.
One Key, One Responsible Entity
A Partner Key is linked to a single organization and contact email. It cannot be split into sub-accounts or delegated implicitly.
The Partner Key only defines issuance and authorization rights. Generation workflows, credit consumption and recovery mechanisms are described in subsequent sections.
4.Key Validity & Usage Limits
Partner access is governed by strict validity and usage rules. This section defines how long a Partner Key remains active and how attestation generation is limited over time.
Key validity period
Each Partner Key is valid for a fixed period of twelve (12) monthsstarting from its issuance date.
After this period, the key is automatically deactivated and can no longer be used to generate new CO₂e attestations.
Usage limits and credit consumption
Partner access operates on a prepaid credit basis. Each attestation generation consumes exactly one credit.
Once all credits are consumed, attestation generation is blocked, even if the Partner Key is still within its validity period.
Effects of expiration or exhaustion
Expiration of a Partner Key or exhaustion of credits only affects the ability to generate new attestations.
All previously generated attestations remain valid and verifiable without limitation, independently of key status.
5.Recovery & Security Model
Partner access security is designed to be explicit, minimal and auditable. Certif-Scope deliberately avoids accounts, passwords and identity systems. Access control relies on cryptographic tokens, strict separation of roles and deterministic revocation rules.
Security by Design
There are no user accounts, no passwords and no persistent sessions. The attack surface is intentionally reduced to a single-purpose Partner Key with limited scope and lifetime.
Key & Recovery Token Separation
The Partner Key (generation right) and the Recovery Token (regeneration right) are strictly separated. They are delivered in two distinct emails and cannot be used interchangeably.
Controlled Key Recovery
If a Partner Key is lost, a new key can be issued only by presenting the Recovery Token and the original email address. The previous key is automatically revoked.
Institutional Security Guarantees
- • No access to financial inputs after attestation generation.
- • Revocation does not affect previously issued attestations.
- • Verification remains possible even after key replacement.
- • No dependency on third-party identity or authentication systems.
6.API & High-Volume Access (Coming Soon)
Certif-Scope is designed to scale beyond individual or low-volume usage. A dedicated V2 model is planned for organizations requiring automated, high-volume issuance and verification of CO₂e Attestations.
Institutional & Large-Scale Usage
Designed for banks, insurers, large groups and procurement platforms managing hundreds or thousands of supplier or client attestations through automated workflows.
Cryptographic & API Model (V2)
V2 will introduce an API-based model using a dedicated private issuance key and a publicly available verification key. Attestations will rely on an internal SHA-256 integrity mechanism to guarantee immutability and independent verification at scale.
Not Required for V1
These mechanisms are not active in V1 and are not required for standard users or SMEs. The current V1 model remains ID-based, human-readable and intentionally non-technical.
Roadmap Transparency & Scope
API access, cryptographic verification keys and automated batch workflows are planned for a future V2 release. No timelines or guarantees are implied. This section exists solely to document the intended evolution for institutional partners and to prevent any ambiguity regarding the current V1 scope.