diff --git a/Gemfile b/Gemfile
index ad8c4a59b..a25e31a69 100644
--- a/Gemfile
+++ b/Gemfile
@@ -42,6 +42,7 @@ gem 'groupdate'
 gem 'haml-rails'
 gem 'hashie'
 gem 'jquery-rails' # Use jquery as the JavaScript library
+gem 'jwt'
 gem 'kaminari', '= 1.1.1' # Pagination
 gem 'lograge'
 gem 'logstash-event'
diff --git a/Gemfile.lock b/Gemfile.lock
index 0958a8495..7b8a47c9a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -775,6 +775,7 @@ DEPENDENCIES
   haml-rails
   hashie
   jquery-rails
+  jwt
   kaminari (= 1.1.1)
   launchy
   letter_opener_web
diff --git a/app/lib/api_entreprise/api.rb b/app/lib/api_entreprise/api.rb
index b7e1bbeab..d71fc0ff2 100644
--- a/app/lib/api_entreprise/api.rb
+++ b/app/lib/api_entreprise/api.rb
@@ -41,7 +41,8 @@ class ApiEntreprise::API
   end
 
   def self.attestation_sociale(siren, procedure_id)
-    call(ATTESTATION_SOCIALE_RESOURCE_NAME, siren, procedure_id)
+    procedure = Procedure.find(procedure_id)
+    call(ATTESTATION_SOCIALE_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("attestations_sociales")
   end
 
   private
diff --git a/app/models/procedure.rb b/app/models/procedure.rb
index 099961c4a..493aa4858 100644
--- a/app/models/procedure.rb
+++ b/app/models/procedure.rb
@@ -547,6 +547,14 @@ class Procedure < ApplicationRecord
     "Procedure;#{id}"
   end
 
+  def api_entreprise_roles
+    JWT.decode(api_entreprise_token, nil, false)[0]["roles"] if api_entreprise_token.present?
+  end
+
+  def api_entreprise_role?(role)
+    api_entreprise_roles&.include?(role)
+  end
+
   private
 
   def move_type_de_champ_attributes(types_de_champ, type_de_champ, new_index)
diff --git a/app/services/api_entreprise_service.rb b/app/services/api_entreprise_service.rb
index 3f5082765..8e8da6ae9 100644
--- a/app/services/api_entreprise_service.rb
+++ b/app/services/api_entreprise_service.rb
@@ -35,6 +35,12 @@ class ApiEntrepriseService
       rescue ApiEntreprise::API::RequestFailed
       end
 
+      begin
+        attestation_sociale_params = ApiEntreprise::AttestationSocialeAdapter.new(entreprise_params[:entreprise_siren], procedure_id).to_params
+        etablissement_params.merge!(attestation_sociale_params)
+      rescue ApiEntreprise::API::RequestFailed
+      end
+
       etablissement_params.merge(entreprise_params)
     end
   end
diff --git a/spec/lib/api_entreprise/api_spec.rb b/spec/lib/api_entreprise/api_spec.rb
index 77c7966b8..dbf16ae36 100644
--- a/spec/lib/api_entreprise/api_spec.rb
+++ b/spec/lib/api_entreprise/api_spec.rb
@@ -158,4 +158,31 @@ describe ApiEntreprise::API do
       it { expect(subject).to eq(JSON.parse(body, symbolize_names: true)) }
     end
   end
+
+  describe '.attestation_sociale' do
+    let(:procedure) { create(:procedure, api_entreprise_token: token) }
+    let(:siren) { '418166096' }
+    let(:status) { 200 }
+    let(:body) { File.read('spec/fixtures/files/api_entreprise/attestation_sociale.json') }
+
+    before do
+      allow_any_instance_of(Procedure).to receive(:api_entreprise_roles).and_return(roles)
+      stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/attestations_sociales_acoss\/#{siren}?.*token=/)
+        .to_return(body: body, status: status)
+    end
+
+    subject { described_class.attestation_sociale(siren, procedure.id) }
+
+    context 'when token not authorized' do
+      let(:roles) { ["entreprises"] }
+
+      it { expect(subject).to eq(nil) }
+    end
+
+    context 'when token is authorized' do
+      let(:roles) { ["attestations_sociales"] }
+
+      it { expect(subject).to eq(JSON.parse(body, symbolize_names: true)) }
+    end
+  end
 end
diff --git a/spec/services/api_entreprise_service_spec.rb b/spec/services/api_entreprise_service_spec.rb
index 052c36950..9a7024005 100644
--- a/spec/services/api_entreprise_service_spec.rb
+++ b/spec/services/api_entreprise_service_spec.rb
@@ -13,6 +13,8 @@ describe ApiEntrepriseService do
         .to_return(body: effectifs_mensuels_body, status: effectifs_mensuels_status)
       stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/effectifs_annuels_acoss_covid\/#{siren}?.*token=/)
         .to_return(body: effectifs_annuels_body, status: effectifs_annuels_status)
+      stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/attestations_sociales_acoss\/#{siren}?.*token=/)
+        .to_return(body: attestation_sociale_body, status: attestation_sociale_status)
     end
 
     before { Timecop.freeze(Time.zone.local(2020, 3, 14)) }
@@ -38,13 +40,17 @@ describe ApiEntrepriseService do
     let(:effectifs_annuels_body) { File.read('spec/fixtures/files/api_entreprise/effectifs_annuels.json') }
     let(:effectif_annuel) { 100.5 }
 
+    let(:attestation_sociale_status) { 200 }
+    let(:attestation_sociale_body) { File.read('spec/fixtures/files/api_entreprise/attestation_sociale.json') }
+    let(:attestation_sociale_url) { "https://storage.entreprise.api.gouv.fr/siade/1569156881-f749d75e2bfd443316e2e02d59015f-attestation_vigilance_acoss.pdf" }
+
     let(:exercices_status) { 200 }
     let(:exercices_body) { File.read('spec/fixtures/files/api_entreprise/exercices.json') }
 
     let(:associations_status) { 200 }
     let(:associations_body) { File.read('spec/fixtures/files/api_entreprise/associations.json') }
 
-    let(:procedure) { create(:procedure) }
+    let(:procedure) { create(:procedure, api_entreprise_token: 'un-jeton') }
     let(:result) { ApiEntrepriseService.get_etablissement_params_for_siret(siret, procedure.id) }
 
     context 'when service is up' do
@@ -55,6 +61,7 @@ describe ApiEntrepriseService do
         expect(result[:exercices_attributes]).to_not be_empty
         expect(result[:entreprise_effectif_mensuel]).to eq(effectif_mensuel)
         expect(result[:entreprise_effectif_annuel]).to eq(effectif_annuel)
+        expect(result[:entreprise_attestation_sociale_url]).to eq(attestation_sociale_url)
       end
     end