Once you have registered a new API user, you'll have access to
our staging environment after a validation of your associated bank or audit company.
Once you have tested and verified your integration, you are ready
to go through the process of accessing our production environment and your data. To begin this
process, please contact us.
For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:
For POST requests, parameters not included in the URL should be encoded as JSON with a Content-Type of application/json unless otherwise noted.
All parameters are noted as such.
Dates and DateTimes
All responses from our APIs are native values (e.g. integers, strings, and arrays of native values). Response attributes
defined as Date or DateTime are ISO8601 compliant string representations for these values. e.g. 2022-01-01 and 2022-01-01T00:00:00Z
respectively.
To test your integration you should first authenticate
against the staging environment - the production environment won't be available to your registered user
until you have signed an API license deal. To begin this process, please contact us.
When backwards-incompatible changes are made to the API, a new, dated version is released. The current version is
2023-10-04. To see all API updates, view the changelog.
All requests use your account API settings, unless you override the API version. To set the API version for a specific
request, send a Brevio-Version header.
Unless otherwise noted, all documentation examples use the latest API version. If your payload differs from the documentation,
you have a different API version in your account API settings.
After using the Brevio-Version header to test your integration against the latest API version, please
contact us to upgrade your account API settings.
Once you've registered a new user you will be given a client_id and
a client_secret. These will be used to retrieve access tokens, based
upon which scope you have access to.
Scopes
Name
Note
audit_company
Can access both Brevio Confirm and Brevio Sign.
bank
Can only access Brevio Confirm.
signature_right
Grants access to the Signature Rights API.
signee_pid
Grants access to view the personal ID (PID) of a signee.
vendor
Grants access to create sign requests on behalf of a costumer.
All scopes are validated by when creating an API client.
The signature_right, signee_pid, and vendor scopes require specific access. Please contact us for more information.
Access tokens
We use bearer tokens to verify access to all Brevio API endpoints. Access tokens are generated by
passing a base64 encoded valid client_id and client_secret combination to the access token creation endpoint.
The Confirm API grants your authorized API client access to
data associated with its entity (e.g. bank or audit company) in the Brevio Confirm service.
Below are listed all the core resources associated with Brevio Confirm API. Different endpoints will return different variants of these
resources (this will be documented in the endpoint-specific documentation).
A single request for a confirmation from a third party for a particular set of companies (i.e. audit clients). A third party can be either a bank, lawyer, supplier, or client.
Attribute
Type
Description
token
String
Unique identifier.
acccountNumbers
List<AccountNumber>
List of account numbers, filled in by either the auditor or the audit client.
attachments
List<Attachment>
List of attachments uploaded to the audit request, including the signed power of attorney, as well as any attachments uploaded to the confirmation.
auditCompany
AuditCompany
Audit company associated with the audit request.
bank
Bank
Bank associated with the audit request.
company
Company
Main audit client covered by the audit request.
confirmation
Confirmation
Confirmation for the audit request. This field is null if the audit request has not been confirmed.
cutOffDate
Date
The end of the fiscal year for all companies in the audit request.
invoiceReference
String
ID used for internal reference at the audit company.
language
String
The audit request's language. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
lastUpdate
DateTime
When was the audit request last updated?
lastingPowerOfAttorney
LastingPowerOfAttorney
Lasting power of attorney (LPA) used with the audit request.
requestType
String
Valid valies: bank, client, lawyer, supplier.
sentToClientAt
DateTime
When was the audit request was first sent to its signees?
The end of the fiscal year for the confirmation's companies.
language
String
The language used for the confirmation's audit request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
updatedAt
DateTime
When was the confirmation last updated?
manualReview
Boolean
A confirmation requires manual review in cases where the auditor has made changes to the standard template.
startedProcessing
Boolean
Has the confirmation been marked as having begun processing?
acccountNumbers
List<AccountNumber>
List of account numbers for the confirmation's audit request.
attachments
List<Attachment>
List of all attachments uploaded to the confirmation's audit request, including the signed power of attorney, as well as any attachments uploaded to the confirmation itself.
auditCompany
AuditCompany
The audit company for the confirmation's audit request.
bank
Bank
The bank associated with the confirmation.
bankBranch
BankBranch
The bank branch associated with the confirmation.
companies
List<Company>
All companies covered by the confirmation.
partialConfirmations
List<Confirmation>
List of partial confirmations for the confirmation. More information here.
signatureReviews
List<SignatureReview>
List of signature reviews for the confirmation.
signees
List<Signee>
List of signees for the confirmation's audit request.
Lasting powers of attorney (LPAs) are powers of attorney which remain valid for
several audit seasons. Audit requests can use LPAs on behalf of audit clients for consecutive seasons
until they are revoked.
LPAs must first be signed before they become active. When an audit request uses a signed LPA, the requests are sent directly to their respective third parties.
LPAs come in two distinct flavours:
Generic: generic LPAs are only associated with a company (and optional subsidiaries), and can be used with any bank which supports generic LPAs.
Specific: specific LPAs are associated with a specific bank, and can only be used for that particular bank.
Attribute
Type
Description
token
String
Unique identifier.
attachment
String
Unique identifier for a signed power of attorney (PDF). null if the LPA is not signed.
bank
Bank
Bank associated with the LPA. This field is null if the LPA type is generic.
company
Company
Main audit client covered by the LPA.
fromDate
Date
The date which this LPA was activated. This field is null if the LPA is not signed.
language
String
The LPA's language. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
An audit request which is initiated outside of Brevio. Auditors without a
Brevio account can create manual audit request through a web interface provided by banks.
The bank can then confirm received manual audit requests in a predictable manner.
When manual audit requests are confirmed by their respective banks, the external auditor receives an
email with a link to a downloadable, password-protected ZIP file containing the confirmation. The password associated with ZIP file
is sent to the auditor by SMS.
Attribute
Type
Description
token
String
Unique identifier.
acccountNumbers
List<AccountNumber>
List of account numbers associated with the audit request.
attachments
List<String>
List of tokens used to uniquely identify an attachment associated with the audit request.
audtor
ManualUser
The auditor associated with the audit request.
bankStartedProcessing
Boolean
A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags.
company
Company
The main audit client.
completedAt
DateTime
When was the audit request completed?
cutOffDate
Date
The end of the fiscal year associated with associated audit client.
language
String
The language used associated with audit request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
sentToPaymentAt
DateTime
When was the audit request sent to payment?
sentToThirdPartyAt
DateTime
When was the audit request sent to the bank?
signatureReview
SignatureReview
Signature review associated with audit request. Only available if the bank has enabled signature reviews.
This object represents a signature review performed by a bank. Only banks that have enabled signature reviews in their settings
can reject/verify digital signatures.
Name
Type
Description
company
Company
The company associated with the signature.
reviewedAt
DateTime
When was the review performed? This field is null if the review has not yet taken place.
reviewedBy
String
Who performed the review? This field is null if the review has not yet taken place.
This object represents a signee. If the API client authenticated in the API request has the signee_pid scope,
they can view the signee's Personal ID (PID).
Please contact us for more information.
Attribute
Type
Description
email
String
Email address of the signee.
name
String
Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is null if the signee has not signed.
pid
String
Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is null unless the API client has the signee_pid scope enabled.
Generates a short-lived (24 hours) signed URL in accordance with information security
best practices to download the attachment identified by the given token.
The attachments can be PDFs, images, Microsoft Office files (.xlsx etc.) and XML files.
Scopes
audit_company, bank
Parameters
None.
Returns
Returns a dictionary with a name field indicating the filename of the attachment, and an url field
containing the signed URL.
Creates one or more audit requests for an audit client (identified by the vatNo and country parameters) to
a list of signees (defined in the signees parameter).
Returns a list of tokens used to uniquely identify the created audit requests and a boolean flag indicating
whether the audit requests were sent or not.
Which country is the main audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
language
String
The language used for the email sent to the audit client and the digital signing process. Valid values: da, en, nb, sv.
user
String
Email address used to uniquely identify a user in the audit company. If the user is already registered in Brevio, the audit request will instantly show up in their dashboard. If they're not registered they will receive an email notifying them that they have been assigned to an audit request.
vatNo
String
VAT number for the main audit client. Will be validated against the national registry for the country defined in the country parameter.
signees
List<String>
List of email addresses for all signees that need to digitally sign the audit request. This field is if lasting powers of attorney are not included for all audit requests.
List of each individal audit request sent on behalf of the audit client to the signees. parameters need only be present
for matching request types (if specified in the description).
Name
Type
Description
bank
String
Only applies to bank requests. Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers.
cutOffDate
String
ISO8601 date string representing the end of the fiscal year for the audit client.
thirdPartyEmail
String
Does not apply to bank requests. Email of the third party for which a confirmation is requested.
thirdPartyRecipient
String
Does not apply to bank requests. Name of third party for which a confirmation is requested.
accountNumbers
List<>
Only applies to bank requests. See account numbers for details.
balance
Only applies to client or supplier requests. See balance for details.
language
String
Language for the audit request. This also sets the language for the confirmation process. Valid values: da, en, nb, sv. Defaults to nb.
lpa
String
Only aplpies to bank requests. Unique token for a lasting power of attorney (LPA). See endpoint for listing LPAs to retrieve identifiers.
reminder
Boolean
Should the audit request generate emails to audit clients and third parties if they are not responded to in a timely fashion? Defaults to true.
requestType
String
Valid values: lawyer, bank, supplier, client. Defaults to bank.
subsidiaries
List<>
Only applies to bank or lawyer requests. List of subsidiary companies for which the audit request pertains. See company for details.
Audit requests with the existence sub type need to provide a balance against which the confirmation
is compared.
Name
Type
Description
amount
String
The amount you wish the client or supplier to verify.
currency
String
Currency code adhering to the ISO 4217 standard.
Balance
{"amount":"5000","currency":"USD"}
Company
Companies are present in the parameters for both account numbers and subsidiaries.
Name
Type
Description
vatNo
String
The VAT number for the company, validated against the national registry for the company's country of operation.
country
String
Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
Company
{"country":"no","vatNo":"999999999"}
Returns
Returns a dictionary with two keys: tokens and sent. The tokens uniquely identify each created audit request, and the
sent flag indicates whether the audit requests were sent to their respective clients or not.
Response
{"tokens":["616f6a6e7c4c5a3067afff6e6cd4ab0b4b889dfc922ef0f767d8a4d7cb7eddb0","11abefac8cc529470fc8f1b73db29598cc49e51e049e158b68e4fe8ce5fb8628","1f8c6c2b24ea3b7d51ec802a6c1396ef1c35edc7d3cd184693dbf0a617824cfa"],"sent":true// if false, the user has received an email prompting them to register a Brevio account and authenticate through their national registry/SSO.}
Returns a paginated list for all audit requests for the audit company authenticated in the API request,
filtered by audit client (and optionally request type).
The response contains at most 50 audit requests. To access all
audit requests (in cases where there are more than 50) you have to paginate
through the results.
Scopes
audit_company
Parameters
Name
Type
Description
vatNo
String
VAT number for the audit client.
country
String
Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
offset
Integer
The offset used for pagination
requestType
String
Valid values: bank, client, lawyer, supplier.
Returns
Returns a paginated list of all audit requests for the audit company authenticated in the API request,
filtered by VAT number, country, and optionally request type.
Marks a set of audit requests, identified by their unique tokens, as received by the auditor outside of Brevio.
A maximum of 10 audit request tokens are allowed with each request.
Scopes
audit_company
Parameters
Name
Type
Description
tokens
List<String>
The list of audit request tokens identifying which audit requests to finalize.
Returns
Returns a dictionary with two keys: successful containing a list of audit request tokens which were finalized, and failed, which is a list of audit request tokens which failed during finalization.
LPAs must be signed before they become usable, so the first time the newly created LPA is used with an audit request,
it is sent to its signees. Once the LPA has been signed, it can be re-used for subsequent audit seasons, and
sent directly to the bank.
Returns the created LPA.
Scopes
audit_company
Parameters
Name
Type
Description
country
String
Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
vatNo
String
The VAT number for the company. Will be validated against the national registry for the country defined in the country parameter.
Language for the LPA. Valid values: da, en, nb, sv. Defaults to en.
subsidiaries
List<>
List of subsidiary companies which the LPA covers. See company for details.
signees
List<String>
List of email addresses for all signees that need to digitally sign the audit request. This field is required if lasting powers of attorney is not included for all audit requests.
Company
Name
Type
Description
vatNo
String
The VAT number for the company, validated against the national registry for the company's country of operation.
country
String
Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
Returns
Returns a dictionary with information about the created LPA. See the LPA resource documentation for details.
Returns a paginated list of all pending confirmations for the bank authenticated in the API request, optionally
filtered by whether the bank has marked them as having begun processing, or whether they contain signature reviews.
Scopes
bank
Pagination
The results are paginated using keyset pagination, through the cursor parameter. The cursor paginates the confirmations
based on their sentToThirdPartyAt attribute, returning paginated records with sentToThirdPartyAt greater than cursor.
To get the next page, use the next attribute returned in the previous call (or use the highest sentToThirdPartyAt attribute in the returned records)
as the next cursor value.
Parameters
Name
Type
Description
cursor
String
ISO8601 datetime string used for keyset pagination. Paginates results based on the sentToThirdPartyAt attribute, returning records with sentToThirdPartyAt greater than this value.
processing
Boolean
Filter results by whether the bank has marked the confirmation has having begun processing.
signatureReviews
Boolean
Filter results by whether the bank has performed signature reviews for this confirmation.
Returns
Name
Type
Description
cursor
String
The ISO8601 datetime string used to paginate the result. null if no pagination was used.
confirmations
List<Confirmation>
Paginated list of pending confirmations. They should all have status started.
next
String
The ISO0601 datetime string which can be used to get the next page. null if there are no further pages.
Uploads one or more attachmnets for the confirmation identified by the given token.
A maximum amount of five attachments are allowed to avoid timing out.
This API request does not complete the confirmation - this is done by an explicit call to complete a confirmation.
Scopes
bank
Parameters
Name
Type
Description
attachments
List<File>
List of files to be added to the confirmation (at most five per request).
Completes a confirmation identified by the given token. This is the only way perform a standard completion through the API.
A confirmation needs at least one uploaded attachment to be valid. This can either be accomplished through the upload attachments endpoint, or by attaching files to this request (no more than five — if you need to upload more than that, use the upload attachments endpoint first).
If you have previously attached all required files, you can omit the attachments parameter from this API request.
Scopes
bank
Parameters
Name
Type
Description
attachments
List<File>
List of files to be added to the confirmation (at most five).
Returns
Returns the Confirmation object, which should have a completed status and completedAt set.
Performs a non-standard completion of a confirmation with an explanatory comment.
A normal use case for this is when the confirmation contains some companies which are not customers of the bank, or if the bank has already sent the
confirmation through other means.
Scopes
bank
Parameters
Name
Type
Description
comment
String
Comment clarifying why the confirmation has been completed outside of standard procedure (maximum 200 characters).
Returns
Returns the Confirmation object, which should have a completed_with_comment status and completedAt set.
$ curl "https://api.brevio.com/v1/confirm/confirmations/:token/complete-with-comment"
-H "Authorization: Bearer ${token}"
-d '{ "comment": "Company (999999998) is not a customer of the bank." }'
Response (truncated)
{"token":"1a668096-61bc-4f8e-8fca-1aaf8597c731","comment":"Green Dog Svalbard AS is not our customer","completedAt":"2025-01-0513:52:25Z","partial":false,"status":"completed_with_comment","cutOffDate":"2024-12-31","updatedAt":"2025-01-0513:52:25Z","attachments":[{"token":"7177e1fd-33df-44e2-bf3d-3bfcf4390c82","fileName":"Fullmakt-for-hurtigruten-svalbard-as.pdf","createdAt":"2025-01-0514:12:12Z"}],"bank":{"token":"042172ae-9e59-4b8e-910f-3f707a727659","country":"no","email":"[email protected]","name":"DNB"},"companies":[{"name":"Hurtigruten Svalbard AS","country":"no","vatNo":"951291579"},{"name":"Green Dog Svalbard AS","country":"no","vatNo":"997415949"}// ...]}
Rejects a partial confirmation with an explanatory comment. Attempting to reject a regular confirmation will result in a 400 error.
Scopes
bank
Parameters
Name
Type
Description
comment
String
Comment clarifying why the partial confirmation has been rejected (maximum 200 characters).
Returns
Returns the Confirmation object, which should have a rejected status.
POST/v1/confirm/confirmations/:token/reject
$ curl "https://api.brevio.com/v1/confirm/confirmations/:token/reject"
-H "Authorization: Bearer ${token}"
-d '{ "comment": "No companies in the confirmation are customers of ours" }'
Response (truncated)
{"token":"c342dbcd-6232-4f0f-8c70-c7fb7c8f78bd","comment":"Green Dog Svalbard AS is not our customer","completedAt":null,"partial":true,"status":"rejected","cutOffDate":"2024-12-31","updatedAt":"2025-01-0513:52:25Z","attachments":[{"token":"7177e1fd-33df-44e2-bf3d-3bfcf4390c82","fileName":"Fullmakt-for-hurtigruten-svalbard-as.pdf","createdAt":"2025-01-0514:12:12Z"}],"bank":{"token":"dbf9a08c-fd88-4722-92be-7099c0e39d2f","country":"se","email":"[email protected]","name":"DNB Sweden"},"companies":[{"name":"Green Dog Svalbard AS","country":"no","vatNo":"997415949"}// ...]}
Uploads an attachment to a manual audit request, identified by the given token.
This endpoint associates the attachment with the audit request itself (usually a signed power of attorney).
To upload an attachment to the confirmation, see upload attachment to confirmation.
Scopes
bank
Parameters
Name
Type
Description
attachment
File
The file to be attached to the manual audit request.
Returns
Returns a message indicating the upload succeeded.
Marks a set of manual audit requests, identified by their unique tokens, as having begun processing
by the bank authenticated in the API request.
Scopes
bank
Parameters
Name
Type
Description
tokens
List<String>
The list of manual audit request tokens indicating which audit requests to update.
Returns
Returns a dictionary with two keys: successful containing a list of manual audit request tokens which were successfully set as
started processing, and failed for which the operation failed.
Uploads one or more files for the confirmation of an audit request, identified by the given token.
A maximum amount of five attachments are allowed to avoid timing out.
This API request does not finalize the audit request - this is only done by sending a confirmation.
Scopes
bank
Parameters
Name
Type
Description
attachments
List<File>
List of files to be added to the confirmation (at most five per request).
Returns
Returns a message indicating the number of attachments uploaded.
Sends a confirmation for a manual audit request identified by the given token, finalizing it. This is the only
way to send a confirmation through the API.
A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).
If you have previously attached all required files, you can omit the attachments parameter from this API request.
Scopes
bank
Parameters
Name
Type
Description
attachments
List<File>
List of files to be added to the confirmation (at most five).
Returns
Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL,
and step contains the current step of the audit request process for the audit request. This latter value should be completed if
nothing went wrong.
Returns a paginated list for all audit requests that have been digitally signed and are awaiting confirmation
from the bank authenticated in the API request.
Scopes
bank
Parameters
Name
Type
Description
offset
Integer
The offset used for pagination
processing
Boolean
Optional flag to filter results by whether the bank has begun processing the audit request.
Returns
Returns a paginated list of pending audit requests for the bank authenticated in the API request.
Uploads one or more files for the confirmation of an audit request, identified by the given token.
A maximum amount of five attachments are allowed to avoid timing out.
This API request does not finalize the audit request - this is only done by sending a confirmation.
Scopes
bank
Parameters
Name
Type
Description
attachments
List<File>
List of files to be added to the confirmation (at most five per request).
Returns
Returns a message indicating the number of attachments uploaded.
Marks a set of audit requests, identified by their unique tokens, as having begun processing
by the bank authenticated in the API request.
Scopes
bank
Parameters
Name
Type
Description
tokens
List<String>
The list of audit request tokens indicating which audit requests to update.
Returns
Returns a dictionary with two keys: successful containing a list of audit request tokens which were successfully set as
started processing, and failed for which the operation failed.
Marks an audit request, identified by the given token, as finalized and sent in error.
This is the case if an auditor has sent an audit request to a bank for a client (or subsidiary)
which isn't a customer of the bank. The bank must provide an explanatory comment (maximum 200 characters).
Once the comment has been sent, the auditor will receive a notification that the audit request has been finalized.
Scopes
bank
Parameters
Name
Type
Description
comment
String
Comment clarifying why the audit request was sent in error (maximum 200 characters).
Returns
Returns a textual message indicating that the operation was successful.
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/comment"
-H "Authorization: Bearer ${token}"
-d '{ "comment": "The client (999999998) is not a customer of our bank" }'
Response
{"message":"Audit request completed and notification sent to auditor"}
Sends a confirmation for an audit request identified by the given token, finalizing it. This is the only
way to send a confirmation through the API.
A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).
If you have previously attached all required files, you can omit the attachments parameter from this API request.
Scopes
bank
Parameters
Name
Type
Description
attachments
List<File>
List of files to be added to the confirmation (at most five).
Returns
Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL,
and step contains the current step of the audit request process for the audit request. This latter value should be received if
nothing went wrong.
The Connect API grants your authorized API client access to
data associated with its entity (e.g. bank or audit company) in the Brevio Connect service.
Date and time the connection request will be sent to the client, null if the connection is not scheduled (e.g. normal connection sent immediately after created)
lastSyncAt
DateTime
The last synchronization date and time for the connection, null if connection has not been synced yet.
lastSentToClientAt
DateTime
The last date and time the connection was sent to the client, null if not sent yet
step
String
The current step of the connection. Valid steps: waiting_for_approval, approved, ready_for_audit, needs_re_approval, cancelled, archived, scheduled, pending
bankDataDeletedAt
DateTime
The date and time when the bank data was deleted, null until data is deleted
This object represents the events for the connection. Events can be of type:
Created, Approved, PeriodEnded, ReadyForAudit, NeedsReApproval, Cancelled, Archived, AuditorSentNewMail, RetentionPolicyDeletion, ScheduledReached, ScheduledCreated
Attribute
Type
Description
date
DateTime
The date and time of the event
instigator
String
The instigator of the event, null when Brevio initiates the event, such as when scheduled_at is reached and we send mail to the client
target
String
The target of the event, null for events: approved, needsReApproval, scheduleCreated, readyForAudit, cancelled, archived, retentionPolicyDeletion
eventType
String
The type of the event: Created, Approved, PeriodEnded, ReadyForAudit, NeedsReApproval, Cancelled, Archived, AuditorSentNewMail, RetentionPolicyDeletion, ScheduledReached, ScheduledCreated
This object represents an account that belongs to a connection
Attribute
Type
Description
token
String
Unique identifier for the account
name
String
Name of the account
account_type
String
Type of the account: Consumption: A payment account, open for withdrawals LockedSavings: A savings account which is locked for withdrawals Loan: A loan account Card: A backing account for a payment card OpenSavings: A savings accounts which the user can withdraw from Unknown: the type is not known
provider
Object
Contains details about the provider
owner
String
Owner of the account
last_transaction_sync_at
DateTime
The last transaction synchronization date and time for the account, null if account never have been synced
inactive
Boolean
If the bank for some reason stops providing updates on this account
waiting_for_initial_sync
Boolean
Indicates if the account is waiting for initial sync, transactions are not be available as long as this is false
number
Object
Contains details about the account number
booked_balance
Object
Booked balance of the account, including the ISO 4217 currency code
available_balance
Object
Available balance of the account, including the ISO 4217 currency code
Balance of the account after this transaction if available
Transaction
{"token":"a652bab9-6a52-4c28-adf6-25827d12d833","bookedDate":"2023-12-31","text":"Overførsel til Budget","originalText":"Overførsel til Budget","transactionType":"BankTransfer","state":"Booked","amount":{"value":"-12302.5","currency":"NOK"},"balance":{"value":"-12302.5","currency":"NOK"}}
Returns paginated a list of all connections for the audit company authenticated in the API request, filtered by company
The response contains at most 50 connections. To access all
connections (in cases where there are more than 50) you have to paginate
through the results.
VAT number for the audit client. Required if country is present.
country
String
Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. Required if vatNo is present
offset
Integer
The offset used for pagination
Returns
Returns paginated a list of all connections for the audit company authenticated in the API request, filtered by company
Returns paginated a list of all transactions for the account identified by the given token
The response contains at most 250 transactions. To access all
transactions (in cases where there are more than 250) you have to paginate
through the results.
You can also search for specific date-ranges by using one or both of the two query-params: fromDate and toDate.
GET `/v1/connect/connections/:connection_token/accounts/:account_token/transactions
Optional date param for filtering transactions on bookedDate. ISO8601 format: "2023-11-30"
toDate
Date
Optional date param for filtering transactions on bookedDate. ISO8601 format: "2023-11-30"
offset
Integer
The offset used for pagination
pageSize
Integer
Optional pageSize. Allowed values: 1 to 250, defaults to 250
Returns
Returns a paginated list of all transactions for the account identified by the token in the url.
Filtered by optional from- and to- date.
Response
{"total":366,"count":250,"next":250,"offset":0,"transactions":[{"token":"a652bab9-6a52-4c28-adf6-25827d12d833","bookedDate":"2023-12-31","text":"Overførsel til Budget","originalText":"Overførsel til Budget","transactionType":"BankTransfer","state":"Booked","amount":{"value":"-12302.5","currency":"NOK"},"balance":{"value":"-12302.5","currency":"NOK"}},//...]}
The country the provider is registered in. Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
Returns
Returns a list of providers for the given country
Response
{"providers":[{"id":"NO_Dnb","name":"DNB","country":"no"},{"id":"NO_DanskeBank","name":"Danske Bank","country":"no"},{"id":"NO_DanskeBankBedrift","name":"Danske Bank Business Online","country":"no"}]}
This object represents a single request for digital signatures for a list of documents by one
or more signees. Each sign request pertains to exactly one company, but can contain
between 1-5 uploaded documents and as many signees as needed.
Attribute
Type
Description
token
String
Unique identifier.
attachments
List<Attachment>
List of all attachments associated with the sign request. Contains both the original uploaded documents, as well as their digitally signed counterparts.
company
Company
The company associated with the sign request.
dueDate
Date
The due date of the sign request. Once this date has passed (e.g. past 23:59:59 on the due date itself), the sign request has expired.
language
String
The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
lastUpdate
DateTime
When was the sign request last updated?
sentAt
DateTime
When was the sign request first sent? This field is null if the request has not been sent.
This object represents a template which can be associated with an uploaded
document. This makes it easier to filter sign requests by their document templates
when listing sign requests.
Each document template has mulitple internationalizations, with human-readable
titles for each language.
Attribute
Type
Description
token
String
Unique identifier.
i18ns
List<Internationalization>
List of internationalizations associated with the document template.
This object represents a internationalization for a document template, containing information
about which language it pertains to, and what the human-readable title for the template is.
The internationalizations are managed by audit company administrators through the web UI.
Attribute
Type
Description
language
String
The language used for the internationalization. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
title
String
Human-readable title for the internationalization visible to auditors in the graphical user interface.
This object represents a signee. If the API client authenticated in the API request has the signee_pid scope,
they can view the signee's Personal ID (PID).
Please contact us for more information.
Attribute
Type
Description
email
String
Email address of the signee.
name
String
Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is null if the signee has not signed.
pid
String
Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is null unless the API client has the signee_pid scope enabled.
signed
Boolean
Has the signee signed yet?
signedAt
DateTime
When was the sign request signed by this signee? This field is null if the signee hasn't signed.
Creates a new sign request for a company (identified by the vatNo and country parameters), containing
a list of PDF documents do be digitally signed (the attachments parameter) by one or more signees (the
signees parameter).
The sign request is associated with the user passed in the user parameter, and there's a validation check whether
the user is employed by the audit company authenticated in the API request at the time of creation.
The vendor scope can use this endpoint to create a sign request on behalf of its consumers by passing a valid consumerKey.
Returns a dictionary with the token of the created sign request.
Scopes
audit_company, vendor
Parameters
Name
Type
Description
attachments
List<>
List of attachments for the sign request. See attachments for details.
vatNo
String
The VAT number for the company, validated against the national registry for the company's country of operation.
country
String
Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
user
String
Email address used to uniquely identify a user in the audit company making the API request.
language
String
The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. Defaults to nb.
signees
List<>
List of signees associated with the sign request. See signees for details.
dueDays
Integer
The number of days until the sign request expires. Valid values: 7, 14, 30. Defaults to 30.
message
String
Message to be displayed in the sign request (will replace the default message generated by Brevio).
consumerKey
String
The consumer key for the consumer you wish to create the sign request on behalf of. for vendor scopes.
List of attachments referring to previously uploaded PDF files.
Attribute
Type
Description
token
String
Unique identifier.
title
String
Human-readable title. When there are more than one attachment for a sign request, the titles are joined together with comma-separation.
templateToken
String
Token identifying a document template.
Signees
List of signees (identified by their email) who are required to sign all PDF documents in the sign request.
If you want a particular signee to sign the PDF documents before another, you can specify the signing order in the order parameter.
Signees with the same order will receive the sign request at the same time, and those with a larger order will receive the
sign request only after all previous signee orders have signed.
Attribute
Type
Description
email
String
Email address of the signee.
order
Integer
Should this signee sign the sign request in a particular order?
Signees
[{"email":"[email protected]","order":1},{"email":"[email protected]","order":2// This signee will *only* receive the sign request *after* the previous signee has signed.}]
Returns
Returns a dictionary with a token key containing the unique token for the created sign request.
Returns a paginated list for all sign requests for the audit company authenticated in the API request,
filtered by company (identified by the vatNo and country parameters). The results can also optionally
be filtered by a document template.
The payload contains at most 50 requests. To access all
sign requests (in cases where there are more than 50) you have to paginate through the results.
Scopes
audit_company, signee_pid
Parameters
Name
Type
Description
vatNo
String
VAT number for the audit client.
country
String
Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
offset
Integer
The offset used for pagination.
templateToken
String
Unique identifier for a document template to filter the sign requests by. If a sign request contains any attachments with the document template then it is included in the result.
Returns
Returns a paginated list of all sign requests for the audit company authenticated in the API request,
filtered by VAT number, country, and optionally document template.
Returns a paginated list for all sign requests for the audit company authenticated in the API request,
which have been updated after a specific date (the fromDate parameter).
The results are inclusive, meaning all passing 2022-01-01 will return all sign requests updated after 2022-01-01 00:001.
The payload contains at most 50 requests. To access all
sign requests (in cases where there are more than 50) you have to paginate through the results.
Name
Type
Description
fromDate
String
ISO8601 date string representing the inclusive start of the date filter
offset
Integer
The offset used for pagination
Returns
Returns a paginated list of all sign requests for the audit company authenticated in the API request,
updated after the specified date.
Generates a short-lived (24 hours) signed URL in accordance with information security
best practices to download the attachment identified by the given token.
Scopes
audit_company
Parameters
None.
Returns
Returns a dictionary with a filename field indicating the filename of the attachment, and an url field
containing the signed URL.
The signature right API grants an authorized API client access to
data used to verify whether a given national ID is allowed to digitally
sign documents for a given company, either in combination with others or individually.
Through the API you can accomplish the following:
Retrieve Signature Right information: Get information regarding a person's signature right for a given company.
All requests to the Brevio APIs check whether the Brevio-Version header is present, and applies the
API version present (if valid). If the header isn't present the API uses your account's API settings.
Example: Sending 2023-02-14 as Brevio-Version will force the request to use the API version released on February 14th, 2023.
May 21, 2025 — 2025-05-21
Adds new confirmation-based endpoints for banks: see more. These endpoints are available to all API versions.
April 15, 2025 — 2025-04-15
Changes the step field on the audit request response. See 2025-04-15 for details.
November 30, 2024 — 2024-11-30
API responses
Changes the auditCompany field on the audit request response. See 2024-11-30 for details.
October 4, 2023 — 2023-10-04
API responses
Renames and changes several fields on the audit request. See 2023-10-04 for details.
Renames sent to sentAt for confirmations.
Endpoint changes
Renames parameters auditAccountNumbers and lastingPowerOfAttorney to accountNumbers and lpa for creating audit requests.
Removes endDate from the lasting power of attorney creation as these now will not expire unless explicitly revoked or audit company resigns as auditor.
endDate will return null for List all LPAs and Create LPA if lasting power of attorney is created with latest api version or without endDate specified, meaning it's witout an expiration date.
March 20, 2023 — 2023-03-20
Adds new endpoint for setting audit requests as started processing by banks.
Adds support for filtering on startedProcessing in list all pending audit requests endpoint for banks.
March 1, 2023 — 2023-03-01
Adds support for bank review on audit requests. Please contact Brevio to enable this feature.
When enabled, the bank can send in the field reviewedSignatures as part of the third party
endpoint to get all their reviewed audit requests. The audit request will also return an array of
bankReviewedCompanySignatures.
February 14, 2023 — 2023-02-14
Adds support for Finnish companies which entails a few things:
country parameter is now required in addition to vatNo for both company and subsidiaries.
For backwards compatibility; if no country is supplied for older API versions, it will assume Denmark and not Finland as these are the same VAT number length.
country is also added to the Company response objects.
November 3, 2022 — 2022-11-03
Adds support for sending audit account numbers as part of the create audit requests endpoint.
October 26, 2022 — 2022-10-26
Adds support for creating and listing lasting powers of attorney in the Confirm API.
October 24, 2022 — 2022-10-24
Adds support for all types of audit requests in the Confirm API.
October 13, 2022 — 2022-10-13
Adds support for all audit request types in the creation of audit requests for the Confirm API.
October 1, 2022 — 2022-10-01
Adds support for multiple account numbers for audit requests in Confirm API. Key: accountNumbers.
Adds support for multiple signees for audit requests in Confirm API. Key: signees.
Changes response type for company key in audit request response to an object rather than a string in Confirm API.
Changes response type for confirmation key in audit request response from list of strings to an object in Confirm API.
Removes deprecated daughterCompanies key for creating batch of audit requests in Confirm API.
Renames auditor key in audit request response to user in Confirm API.
Removes deprecated keys from audit request response in Confirm API: companyName, daughterCompanies, signee, signeePID, clientEmail.
Renames key name to filename in download attachment response in Confirm API.
Renames sent key in sign request response to sentAt for Sign API.
Renames keys signedName and signeePID to name and pid for Sign API.
Splits client into two steps: client-pending and client-ready. The former means an audit request requires input from the audit client before it can be signed, the latter means the audit request is ready to be signed.
The end date for for LPAs is now removed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor.
Removed
Name
Type
Description
endDate
String
ISO8601 date string.
List lasting powers of attorney
Respose
The end date for for LPAs is now changed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor. This means that if the LPA is set to not expire the endDate will be null.
Name
Type
Description
endDate
String
ISO8601 date string.
Response
[{"token":"b06178d5-8240-4150-ac57-cc2bc762c7b4","endDate":null,// Changed to nullable"signed":false,"language":"en","signees":[{"name":null,"signed":false,"email":"[email protected]"}],"subsidiaries":[{"name":"Brev Invest AS","vatNo":"927146878","country":"no"}],"bank":{"token":"2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d","name":"test","hasLPA":true,"country":"no"},"company":{"name":"BRE Boligutleie AS","vatNo":"925178845","country":"no"}}]
{"token":"b06178d5-8240-4150-ac57-cc2bc762c7b0","endDate":"2025-11-24","signed":false,"signees":[{"name":null,"signed":false,"email":"[email protected]"},{"name":null,"signed":false,"email":"[email protected]"}],"subsidiaries":[{"name":"test company 1","vatNo":"999999996","country":"no"// New property}],"bank":{"token":"2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d","name":"test","hasLPA":true,"country":"no"},"company":{"name":"Test company","vatNo":"999999998","country":"no"// New property}}
List lasting powers of attorneys
Name
Type
Description
companies
List<Company>
Replaces vatNumbers - Changed from list of VAT numbers to list of Company objects where vatNo and country are required per company.
Changed company property in accountNumbers from a string containing the VAT number to a Company object with vatNo and country
Response
[{"token":"b06178d5-8240-4150-ac57-cc2bc762c7b4","endDate":"2025-11-24","signed":false,"language":"en","signees":[{"name":null,"signed":false,"email":"[email protected]"}],"subsidiaries":[{"name":"Brev Invest AS","vatNo":"927146878","country":"no"// New property}],"bank":{"token":"2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d","name":"test","hasLPA":true,"country":"no"},"company":{"name":"BRE Boligutleie AS","vatNo":"925178845","country":"no"// New property}}]
A single, verified bank account number for a particular company in a particular bank
attachments
List<String>
List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany
String
Name of the audit company to which the associated auditor of the audit request belongs
auditor
Auditor
The auditor associated with the request
clientEmail
String
Email address for the signee for the audit request
company
String
The VAT number of the main audit client
companyName
String
Audit client name, validated against the Norwegian company register
confirmation
List<String>
List of tokens used to uniquely identify an attachment uploaded as part of the confirmation
cutOffDate
Date
The end of the fiscal year for the associated audit client
daughterCompanies
List<String>
List of VAT numbers for subsidiaries associated with the audit request
language
String
The language used for the audit request.
lastUpdate
DateTime
Last time step was updated
manualReview
Boolean
Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template.
requestType
String
The type of the audit request.
sentToClient
Date
Date the audit request was first sent its signees
signee
String/null
The name of the person that has digitally signed the audit request, received from BankID. Null if the request has not been signed
signeePID
String/null
Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope signee_pid
step
String
The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post'
thirdParty
String
Name of the audit request's associated third party