Introduction

The Brevio API is organized around REST.

Currently our APIs offer insight into data from the following services:

Brevio Confirm (available for banks and audit companies)
Brevio Sign (available for audit companies)
Signature rights (available for banks)

Once you have registered a new API user, you'll have access to our staging environment after a validation of your associated bank or audit company.

Once you have tested and verified your integration, you are ready to go through the process of accessing our production environment and your data. To begin this process, please contact us.

Parameters

For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:

For POST requests, parameters not included in the URL should be encoded as JSON with a Content-Type of application/json unless otherwise noted.

All parameters are noted as such.

Dates and DateTimes

All responses from our APIs are native values (e.g. integers, strings, and arrays of native values). Response attributes defined as Date or DateTime are ISO8601 compliant string representations for these values. e.g. 2022-01-01 and 2022-01-01T00:00:00Z respectively.

$ curl "https://api.brevio.com/v1/some-endpoint"
  -H "Content-Type: application/json"
  -d '{ "param": "value", "param2": "value2" }'

Query string

$ curl "https://api.brevio.com/v1/some-endpoint?param=value&param=value2"
  -H "Content-Type: application/json"

Environments

The Brevio APIs are available in two separate environments:

https://api-dev.brevio.com (staging)
https://api.brevio.com (production)

To test your integration you should first authenticate against the staging environment - the production environment won't be available to your registered user until you have signed an API license deal. To begin this process, please contact us.

Versioning

When backwards-incompatible changes are made to the API, a new, dated version is released. The current version is 2023-10-04. To see all API updates, view the changelog.

All requests use your account API settings, unless you override the API version. To set the API version for a specific request, send a Brevio-Version header.

Unless otherwise noted, all documentation examples use the latest API version. If your payload differs from the documentation, you have a different API version in your account API settings.

After using the Brevio-Version header to test your integration against the latest API version, please contact us to upgrade your account API settings.

Specifying version header

$ curl "https://api.brevio.com/v1/some-endpoint"
  -H "Content-Type: application/json"
  -H "Brevio-Version: 2023-10-04"
  -d '{ "param": "value", "param2": "value2" }'

Authentication

To ensure the Brevio APIs adhere to the latest security standards we utilise Oauth 2.0 to authenticate and authorize API clients.

We use the "client_credentials" grant flow from the Oauth 2.0 specification to authorize access to API endpoints.

If you want to authenticate against our staging environment all you have to do is register a new API user to begin the process described below.

Credentials

Once you've registered a new user you will be given a client_id and a client_secret. These will be used to retrieve access tokens, based upon which scope you have access to.

Scopes

Name	Note
`audit_company`	Can access both Brevio Confirm and Brevio Sign.
`bank`	Can only access Brevio Confirm.
`signature_right`	Grants access to the Signature Rights API.
`signee_pid`	Grants access to view the personal ID (PID) of a signee.
`vendor`	Grants access to create sign requests on behalf of a costumer.

All scopes are validated by when creating an API client.

The signature_right, signee_pid, and vendor scopes require specific access. Please contact us for more information.

Access tokens

We use bearer tokens to verify access to all Brevio API endpoints. Access tokens are generated by passing a base64 encoded valid client_id and client_secret combination to the access token creation endpoint.

Create access token

To retrieve an access token you need to base64 encode your client_id and client_secret and pass them to the Basic authentication scheme.

You also need to specify the grant_type to be client_credentials, as well as specify the scope your client has access to.

Parameters

Name	Type	Description
grant_type	String	Must be `client_credentials`
scope	Scope	`audit_company`, `bank`, `signature_right`, `signee_pid`, `vendor`

Remember to replace client_id and client_secret with the generated keys after you register your API user, and to separate them with a colon character (:) before encoding, as per the HTTP spec.

Returns

Returns a valid access token for the given scope(s). The access token will indicate which API version the token is valid for.

POST /auth/token

$ curl "https://api.brevio.com/auth/token"
  -H "Authorization: Basic ${base64_encoded_client_id_and_secret}"
  -d '{ "grant_type": "client_credentials", "scope": "bank" }'

Response

{
  "access_token": "tLUowHOUa2dmanlU_pr9WazuI_ubjRNoXMBeg_jzCo0",
  "token_type": "Bearer",
  "expires_in": 1209600,
  "scope": "audit_company signature_right",
  "created_at": 1665131755,
  "api_version": "2023-10-04"
}

Brevio Confirm API

The Confirm API grants your authorized API client access to data associated with its entity (e.g. bank or audit company) in the Brevio Confirm service.

Confirm API core resources

Below are listed all the core resources for the Brevio Confirm API.

Audit request

This object represents a single request for a confirmation from a third party for a particular audit client. A third party can be either a bank, lawyer, supplier, or client.

Each audit request pertains to exactly one audit client (company), and any number of subsidiaries (subsidiaries).

Attribute	Type	Description
token	String	Unique identifier
acccountNumbers	List<AccountNumber>	List of account numbers associated with the audit request.
attachments	List<String>	List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany	String	Name of the audit company to which the associated auditor of the audit request belongs
bank	Bank	The bank associated with this audit request.
company	Company	The main audit client.
confirmation	Confirmation	Confirmation for the audit request. This field is `null` if the audit request has not been confirmed.
cutOffDate	Date	The end of the fiscal year for the associated audit client.
invoiceReference	String	ID used for internal reference at the audit company. This field is `null` if the audit company does not have this setting enabled.
language	String	The language used for the audit request. Adheres to the ISO 639-1 standard. Valid values: `da`, `en`, `nb`, `sv`.
lastUpdate	DateTime	When was the audit request last updated?
lastingPowerOfAttorney	LastingPowerOfAttorney	Lasting power of attorney (LPA) associated with this request. This field is `null` if the audit request has no associated LPA, or if the request is not a `bank` request.
requestType	String	Valid valies: `bank`, `client`, `lawyer`, `supplier`.
sentToClientAt	Date	Date the audit request was first sent its signees.
signees	List<Signee>	List of signees associated with the audit request.
step	String	Valid values: `started`, `client`, `needs-validation`, `third-party`, `received`, `cancelled`, `archived`, `post`.
subsidiaries	List<Company>	List of subsidiaries associated with the audit request.
subType	String	Valid values: `completeness`, `existence`. This field is `null` unless the audit request has the `client` or `supplier` request type.
thirdParty	String	Name of the audit request's associated third party.
user	User	The auditor associated with the audit request.

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "country": "no",
        "name": "ACME AS",
        "vatNo": "999999999"
      }
    }
  ],
  "attachments": [],
  "auditCompany": "Brevio AS",
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999",
    "country": "no"
  },
  "confirmation": {
    "attachments": [
      "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "a4c60323af9e76bb9877a75631dd6a51d62db93929a223ac4d91eacabf2bda1a"
    ],
    "sentAt": "2023-01-01"
  },
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "lastingPowerOfAttorney": null,
  "manualReview": false, // bank only
  "requestType": "bank",
  "sentToClientAt": "2022-10-01",
  "signatureReviews": [
    // bank only
    {
      "reviewedBy": "Bob Odenkirk",
      "verified": true,
      "reviewedAt": "2022-10-03T11:00:23Z",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      }
    }
  ],
  "signees": [
    {
      "email": "[email protected]",
      "name": "Arthur Dent",
      "pid": null,
      "signed": true
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "startedProcessing": true, // bank only
  "step": "received",
  "subsidiaries": [
    {
      "name": "ACME Doorknobs Oy",
      "vatNo": "99999988",
      "country": "fi"
    }
  ],
  "subType": null,
  "thirdParty": "DNB",
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  }
}

Bank-only attributes

Attribute	Type	Description
manualReview	Boolean	An audit request requires manual review in cases where the auditor has made changes to the standard template.
signatureReviews	List<SignatureReview>	List of signature reviews for the audit request. Only available if the bank has enabled signature reviews.
startedProcessing	Boolean	A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags.

Bank

This object represents a bank. You can retrieve it to view information about the bank when creating new audit requests or lasting powers of attorney.

Attribute	Type	Description
token	String	Unique identifier
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
disabled	Boolean	Disabled banks cannot receive new audit requests, but they can have existing requests sent before they were disabled.
hasLPA	Boolean	Does this bank support lasting powers of attorney (LPAs)?
lpaType	String	Valid values: `none`, `specific`, `generic`.
name	String	The name of the bank. Not guaranteed to be unique.

Bank

{
  "token": "042172ae-9e59-4b8e-910f-3f707a727659",
  "country": "no",
  "disabled": false,
  "hasLPA": true,
  "lpaType": "specific",
  "name": "DNB"
}

Confirmation

This object represents a confirmation for an audit request.

Attribute	Type	Description
attachments	List<String>	List of tokens used to uniquely identify an attachment associated with the confirmation.
sentAt	DateTime	Timestamp of when the third party sent the confirmation.

Confirmation

{
  "attachments": [
    "9e9f430c1d8e8716ae71d6311fb76e4534fd4959e8b2299d505afcfafd32c60d",
    "b82c013b8e3f9ae73352500d322a39538b269938bc9737e5f2a4d9df240d3e38"
  ],
  "sentAt": "2023-01-01T08:03:01Z"
}

Lasting power of attorney

This object represents a lasting power of attorney (LPA) - powers of attorney which remain valid for several audit seasons. Audit requests can use LPAs on behalf of audit clients for consecutive seasons until they are revoked.

LPAs must first be signed before they become active. When an audit request uses a signed LPA, the requests are sent directly to their respective third parties.

LPAs come in two distinct flavours:

Generic: generic LPAs are only associated with a company (and optional subsidiaries), and can be used with any bank which supports generic LPAs.
Specific: specific LPAs are associated with a specific bank, and can only be used for that particular bank.

Attribute	Type	Description
token	String	Unique identifier.
attachment	String	Unique identifier for the signed power of attorney (PDF). `null` if the LPA is not signed.
bank	Bank	The bank associated with this LPA. This field is `null` if the LPA type is `generic`.
company	Company	The main company assocaited with this LPA.
fromDate	Date	The date which this LPA was activated. This field is `null` if the LPA is not signed.
language	String	The language used for the LPA. Adheres to the ISO 639-1 standard. Valid values: `da`, `en`, `nb`, `sv`.
lpaType	String	Valid values: `generic`, `specific`.
signed	Boolean	Has this LPA been signed?
signees	List<Signee>	List of signees associated with the LPA.
subsidiaries	List<Company>	List of subsidiaries associated with the LPA.

Lasting power of attorney

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "attachment": null,
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999998"
  },
  "fromDate": null,
  "language": "en",
  "lpaType": "specific",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doors AS",
      "vatNo": "999999998",
      "country": "no"
    },
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999999997",
      "country": "no"
    }
  ]
}

Manual audit request

This object represents an audit request which is initiated outside of Brevio. Auditors without a Brevio account can create manual audit request through a web interface provided by banks.

The bank can then confirm received manual audit requests in a predictable manner.

When manual audit requests are confirmed by their respective banks, the external auditor receives an email with a link to a downloadable, password-protected ZIP file containing the confirmation. The password for the ZIP file is sent to the auditor by SMS.

Attribute	Type	Description
token	String	Unique identifier.
acccountNumbers	List<AccountNumber>	List of account numbers associated with the audit request.
attachments	List<String>	List of tokens used to uniquely identify an attachment associated with the audit request.
audtor	ManualUser	The auditor associated with the audit request.
bankStartedProcessing	Boolean	A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags.
company	Company	The main audit client.
completedAt	DateTime	When was the audit request completed?
cutOffDate	Date	The end of the fiscal year for the associated audit client.
language	String	The language used for the audit request. Adheres to the ISO 639-1 standard. Valid values: `da`, `en`, `nb`, `sv`.
sentToPaymentAt	DateTime	When was the audit request sent to payment?
sentToThirdPartyAt	DateTime	When was the audit request sent to the bank?
signatureReview	SignatureReview	Signature review for the audit request. Only available if the bank has enabled signature reviews.
step	String	Valid values: `started`, `awaiting_payment`, `sent_to_third_party`, `completed`.

Manual audit request

{
  "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "country": "no",
        "name": "ACME AS",
        "vatNo": "999999999"
      }
    }
  ],
  "attachments": [
    "228ed0e06e78413fdba88cea02cdce69eb339946b13af5dbb8172a7c92af76d7"
  ],
  "auditor": {
    "company": "Dent Audit Oy",
    "country": "fi",
    "email": "[email protected]",
    "firstName": "Arthur",
    "lastName": "Dent",
    "phone": "+358501234567"
  },
  "bankStartedProcessing": false,
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "completedAt": null,
  "cutOffDate": "2023-12-31",
  "language": "en",
  "sentToPaymentAt": null,
  "sentToThirdPartyAt": null,
  "signatureReview": null,
  "step": "started"
}

Other resources

Account number

This object represents a filled-in (by either the audit client or the auditor) account number which the associated bank uses to charge its fee for producing a confirmation.

Attribute	Type	Description
accountNumber	String	A single, verified bank account number for a particular company in a particular bank.
company	Company	The company associated with this account number.

Account number

{
  "accountNumber": "1232.20.12313",
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999999"
  }
}

Company

Attribute	Type	Description
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
name	String	The company name as registered in the national registry for the company's country of operation.
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.

Company

{
  "country": "no",
  "name": "ACME AS",
  "vatNo": "999999999"
}

Manual user

Attribute	Type	Description
company	String	Name of the user's audit company.
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
email	String	The user's email address.
firstName	String	The user's given name.
lastName	String	The user's family name.
phone	String	The user's phone number, including the international subscriber dialing (ISD) code for the user's phone number ( `+47` for Norway).

Manual user

{
  "company": "Dent Audit Oy",
  "country": "fi",
  "email": "[email protected]",
  "firstName": "Arthur",
  "lastName": "Dent",
  "phone": "+358501234567"
}

Signature review

This object represents a signature review performed by a bank. Only banks that have enabled signature reviews in their settings can reject/verify digital signatures.

Name	Type	Description
company	Company	The company associated with the signature.
reviewedAt	DateTime	When was the review performed? This field is `null` if the review has not yet taken place.
reviewedBy	String	Who performed the review? This field is `null` if the review has not yet taken place.
verified	Boolean	Was the signature rejected or verified?

Signature review

{
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "reviewedAt": "2022-10-03T11:00:23Z",
  "reviewedBy": "Bob Odenkirk",
  "verified": true
}

Signee

This object represents a signee. If the API client authenticated in the API request has the signee_pid scope, they can view the signee's Personal ID (PID).

Please contact us for more information.

Attribute	Type	Description
email	String	Email address of the signee.
name	String	Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is `null` if the signee has not signed.
pid	String	Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is `null` unless the API client has the `signee_pid` scope enabled.
signed	Boolean	Has the signee signed yet?

Signee

{
  "email": "[email protected]",
  "name": "Guybrush Threepwood",
  "pid": null,
  "signed": true
}

User

This object represents the auditor responsible for the audit request.

Attribute	Type	Description
address	String	Address for the user's physical office.
email	String	The user's email address.
name	String	Name verified by the national registry/SSO integration.

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}

Common endpoints

Lists all common endpoints which can be called by both audit companies and banks.

Download attachment

Generates a short-lived (24 hours) signed URL in accordance with information security best practices to download the attachment identified by the given token.

The attachments can be PDFs, images, Microsoft Office files (.xlsx etc.) and XML files.

Scopes

audit_company, bank

Parameters

None.

Returns

Returns a dictionary with a name field indicating the filename of the attachment, and an url field containing the signed URL.

POST /v1/confirm/attachments/:token/signed-url

$ curl "https://api.brevio.com/v1/confirm/attachments/:token/signed-url"
  -H "Authorization: Bearer ${token}"

Response

{
  "filename": "signed-power-of-attorney.pdf",
  "url": "https://cdn.brevio.com/signed-power-of-attorney.pdf"
}

Audit company endpoints

Lists all API endpoints only available to audit companies.

Create audit requests

Creates one or more audit requests for an audit client (identified by the vatNo and country parameters) to a list of signees (defined in the signees parameter).

Returns a list of tokens used to uniquely identify the created audit requests and a boolean flag indicating whether the audit requests were sent or not.

We only allow users authenticated through either national registries or SSO to send audit requests on behalf of audit companies.

If the email in the user parameter does not (1) belong to a registered Brevio user, or (2) exist in an SSO integration, an error will be thrown.

Scopes

audit_company

Parameters

Name	Type	Description
auditRequests	List<>	See audit requests for details.
country	String	Which country is the main audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
language	String	The language used for the email sent to the audit client and the digital signing process. Valid values: `da`, `en`, `nb`, `sv`.
user	String	Email address used to uniquely identify a user in the audit company. If the user is already registered in Brevio, the audit request will instantly show up in their dashboard. If they're not registered they will receive an email notifying them that they have been assigned to an audit request.
vatNo	String	VAT number for the main audit client. Will be validated against the national registry for the country defined in the `country` parameter.
signees	List<String>	List of email addresses for all signees that need to digitally sign the audit request. This field is if lasting powers of attorney are not included for all audit requests.

POST /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '
    {
      "language": "nb",
      "vatNo": "999999999",
      "country": "no"
      "signees": [
        "[email protected]",
        "[email protected]",
        "[email protected]"
      ],
      "user": "[email protected]",
      "auditRequests": [
        {
          "bank": "042172ae-9e59-4b8e-910f-3f707a727659",
          "cutOffDate": "2022-12-31",
          "subsidiaries": [
            { vatNo: "999999998", country: "no" },
            { vatNo: "99999988", country: "fi" }
          ]
        }
      ]
    }
  '

Audit requests

List of each individal audit request sent on behalf of the audit client to the signees. parameters need only be present for matching request types (if specified in the description).

If a lasting power of attorney (LPA) is specified, the audit request is either (1) sent directly to the bank (if the LPA is signed), or (2) it will be sent to the signees from the signees parameter. If the LPA was created with signees, and the signees in the root parameters does NOT match the LPA's original signees, an error will be thrown.

Name	Type	Description
bank	String	Only applies to `bank` requests. Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers.
cutOffDate	String	ISO8601 date string representing the end of the fiscal year for the audit client.
thirdPartyEmail	String	Does not apply to `bank` requests. Email of the third party for which a confirmation is requested.
thirdPartyRecipient	String	Does not apply to `bank` requests. Name of third party for which a confirmation is requested.
accountNumbers	List<>	Only applies to `bank` requests. See account numbers for details.
balance		Only applies to `client` or `supplier` requests. See balance for details.
language	String	Language for the audit request. This also sets the language for the confirmation process. Valid values: `da`, `en`, `nb`, `sv`. Defaults to `nb`.
lpa	String	Only aplpies to `bank` requests. Unique token for a lasting power of attorney (LPA). See endpoint for listing LPAs to retrieve identifiers.
reminder	Boolean	Should the audit request generate emails to audit clients and third parties if they are not responded to in a timely fashion? Defaults to `true`.
requestType	String	Valid values: `lawyer`, `bank`, `supplier`, `client`. Defaults to `bank`.
subsidiaries	List<>	Only applies to `bank` or `lawyer` requests. List of subsidiary companies for which the audit request pertains. See company for details.

Audit requests

[
  {
    "bank": "dea270bd-9110-4b54-84bc-c2ecee3cc77c",
    "cutOffDate": "2023-12-31",
    "lpa": "2915823c-ae10-46b5-98d8-1677801d7361",
    "subsidiaries": [
      { "vatNo": "999999998", "country": "no" },
      { "vatNo": "99999988", "country": "fi" }
    ]
  },
  {
    "cutOffDate": "2023-12-31",
    "language": "en",
    "requestType": "lawyer",
    "thirdPartyEmail": "[email protected]",
    "thirdPartyRecipient": "Bob Loblaw"
  }
  // ...
]

Account numbers

A list of account numbers for a particular bank (defined in the audit request parameters) and a particular company.

Attribute	Type	Description
accountNumber	String	A single, formatted bank account number for a particular company in a particular bank.
company		See company for details.

Account number

{
  "accountNumber": "1288.56.24131",
  "company": {
    "vatNo": "999999999",
    "country": "no"
  }
}

Balance

Audit requests with the existence sub type need to provide a balance against which the confirmation is compared.

Name	Type	Description
amount	String	The amount you wish the client or supplier to verify.
currency	String	Currency code adhering to the ISO 4217 standard.

Balance

{
  "amount": "5000",
  "currency": "USD"
}

Company

Companies are present in the parameters for both account numbers and subsidiaries.

Name	Type	Description
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.

Company

{
  "country": "no",
  "vatNo": "999999999"
}

Returns

Returns a dictionary with two keys: tokens and sent. The tokens uniquely identify each created audit request, and the sent flag indicates whether the audit requests were sent to their respective clients or not.

If the sent flag is false, this means the user with the email passed in the user parameter wasn't a previously registered Brevio user. In this case they have received an email with instructions on how to register an account, and the audit requests will be sent as soon as they log in.

This is a security measure to avoid sending audit requests for users with invalid email addresses.

Response

{
  "tokens": [
    "616f6a6e7c4c5a3067afff6e6cd4ab0b4b889dfc922ef0f767d8a4d7cb7eddb0",
    "11abefac8cc529470fc8f1b73db29598cc49e51e049e158b68e4fe8ce5fb8628",
    "1f8c6c2b24ea3b7d51ec802a6c1396ef1c35edc7d3cd184693dbf0a617824cfa"
  ],
  "sent": true // if false, the user has received an email prompting them to register a Brevio account and authenticate through their national registry/SSO.
}

List all audit requests

Returns a paginated list for all audit requests for the audit company authenticated in the API request, filtered by audit client (and optionally request type).

The response contains at most 50 audit requests. To access all audit requests (in cases where there are more than 50) you have to paginate through the results.

Scopes

audit_company

Parameters

Name	Type	Description
vatNo	String	VAT number for the audit client.
country	String	Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
offset	Integer	The offset used for pagination
requestType	String	Valid values: `bank`, `client`, `lawyer`, `supplier`.

Returns

Returns a paginated list of all audit requests for the audit company authenticated in the API request, filtered by VAT number, country, and optionally request type.

GET /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '{ "vatNo": "999999999", "country": "no" }'

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Audit company AS",
      "bank": {
        "token": "042172ae-9e59-4b8e-910f-3f707a727659",
        "country": "no",
        "disabled": false,
        "hasLPA": true,
        "lpaType": "specific",
        "name": "DNB"
      },
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2023-12-31",
      "language": "nb",
      "lastUpdate": "2023-10-02T11:53:23Z",
      "requestType": "bank",
      "sentToClient": "2023-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "client",
      "subsidiaries": [],
      "subType": null,
      "thirdParty": "DNB",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Finalize audit request

Marks a set of audit requests, identified by their unique tokens, as received by the auditor outside of Brevio.

A maximum of 10 audit request tokens are allowed with each request.

Scopes

audit_company

Parameters

Name	Type	Description
tokens	List<String>	The list of audit request tokens identifying which audit requests to finalize.

Returns

Returns a dictionary with two keys: successful containing a list of audit request tokens which were finalized, and failed, which is a list of audit request tokens which failed during finalization.

POST /v1/confirm/audit-requests/finalize

$ curl "https://api.brevio.com/v1/confirm/audit-requests/finalize"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "tokens": [
        "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
        "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
        "fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
      ]
    }'

Response

{
  "successful": [
    "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
    "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
  ],
  "failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}

List all banks

Returns a list of all supported banks.

Scopes

audit_company

Parameters

None.

Returns

Returns a list of all supported banks.

GET /v1/confirm/banks

$ curl "https://api.brevio.com/v1/confirm/banks"
  -H "Authorization: Bearer ${token}"

Response

[
  {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  }
  // ...
]

Create lasting power of attorney

Creates a new lsating power of attorney (LPA).

LPAs must be signed before they become usable, so the first time the newly created LPA is used with an audit request, it is sent to its signees. Once the LPA has been signed, it can be re-used for subsequent audit seasons, and sent directly to the bank.

Returns the created LPA.

Scopes

audit_company

Parameters

Name	Type	Description
country	String	Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
vatNo	String	The VAT number for the company. Will be validated against the national registry for the country defined in the `country` parameter.
bank	String	Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers.
language	String	Language for the LPA. Valid values: `da`, `en`, `nb`, `sv`. Defaults to `en`.
subsidiaries	List<>	List of subsidiary companies which the LPA covers. See company for details.
signees	List<String>	List of email addresses for all signees that need to digitally sign the audit request. This field is required if lasting powers of attorney is not included for all audit requests.

Company

Name	Type	Description
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.

Returns

Returns a dictionary with information about the created LPA. See the LPA resource documentation for details.

POST /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -d '
   {
      "bank": "042172ae-9e59-4b8e-910f-3f707a727659",
      "vatNo": "999999998",
      "country": "no",
      "subsidiaries": [
        { "vatNo": "999888777", "country": "no" },
        { "vatNo": "999888666", "country": "no" }
      ],
      "signees": ["[email protected]", "[email protected]"]
}
'

Response

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "attachment": null,
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "name": "ACME AS",
    "vatNo": "999999998",
    "country": "no"
  },
  "fromDate": null,
  "lpaType": "specific",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doors AS",
      "vatNo": "999888777",
      "country": "no"
    },
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999888666",
      "country": "no"
    }
  ]
}

List all lasting powers of attorney

Returns a filtered list of all lasting powers of attorney (LPA).

The list can be filtered by either unique identifiers (the tokens parameter), or by a combination of banks and companies.

if the tokens parameter is present, all other parameters are ignored.

If both banks and companies parameters are present, the result will only contain specific LPAs for the given banks and companies.

If only the companies parameter is present, the result will only containgeneric LPAs for the passed companies.

Scopes

audit_company

Parameters

Name	Type	Description
bank	String	Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers. Can only be used alongside the `companies` parameter.
companies	List<>	See companies for details.
tokens	List<String>	Unique identifiers for existing LPAs.

Companies

A list of companies to filter the LPAs by.

Name	Type	Description
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.

Returns

Returns a list of LPAs for the audit company authenticated in the API request, filtered by the given parameters.

GET /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -d'
    {
      "companies": [{"vatNo": "999999999", "country": "no"}],
      "bank": "4a2f6327-7838-4e60-a84d-77a9de2842ae"
    }'

Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "attachment": null,
    "bank": {
      "token": "fbbe6f42-3c24-4964-9444-7c43d579a5e6",
      "country": "no",
      "hasLPA": true,
      "lpaType": "specific",
      "name": "Bank"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    },
    "fromDate": null,
    "language": "en",
    "lpaType": "specific",
    "signed": false,
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ]
  },
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b3",
    "attachment": "e7a064b36b6f63c07d7d5c27b2d32dfb",
    "bank": {
      "token": "3f3e7a14-0d80-4fb4-b998-7a96cb27e8e8",
      "country": "no",
      "hasLPA": true,
      "lpaType": "specific",
      "name": "Other Bank"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    },
    "fromDate": "2023-10-01",
    "language": "en",
    "lpaType": "specific",
    "signed": true,
    "signees": [
      {
        "name": "Arthur Dent",
        "signed": true,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ]
  }
]

Bank endpoints

Lists all API endpoints only available to banks.

The endpoints are separated into two main areas:

Regular audit requests
Manual audit requests

List all pending audit requests

Returns a paginated list for all audit requests that have been digitally signed and are awaiting confirmation from the bank authenticated in the API request.

Scopes

bank

Parameters

Name	Type	Description
offset	Integer	The offset used for pagination
processing	Boolean	Optional flag to filter results by whether the bank has begun processing the audit request.

Returns

Returns a paginated list of pending audit requests for the bank authenticated in the API request.

GET /v1/confirm/audit-requests/third-party

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party"
  -H "Authorization: Bearer ${token}"

Response

{
  "count": 33,
  "offset": 0,
  "next": 0,
  "total": 33,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [
        "9d60416a969378df27e7ca0122d42a7cecd02c37f1e7526cff7e549d8376690c"
      ],
      "auditCompany": "Brevio AS",
      "bank": {
        "token": "042172ae-9e59-4b8e-910f-3f707a727659",
        "country": "no",
        "disabled": false,
        "hasLPA": true,
        "lpaType": "specific",
        "name": "DNB"
      },
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      // Only available to banks which have enabled this setting
      "signatureReviews": [
        {
          "reviewedBy": "Bob",
          "verified": true,
          "reviewedAt": "2022-10-03T11:00:23Z",
          "company": {
            "name": "ACME AS",
            "vatNo": "999999999",
            "country": "no"
          }
        }
      ],
      "signees": [
        {
          "email": "[email protected]",
          "name": "Art Vandelay",
          "pid": null,
          "signed": true
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      // Only available to banks which have enabled this setting
      "startedProcessing": false,
      "step": "third-party",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Set processing flag for audit requests

Marks a set of audit requests, identified by their unique tokens, as having begun processing by the bank authenticated in the API request.

Scopes

bank

Parameters

Name	Type	Description
tokens	List<String>	The list of audit request tokens indicating which audit requests to update.

Returns

Returns a dictionary with two keys: successful containing a list of audit request tokens which were successfully set as started processing, and failed for which the operation failed.

POST /v1/confirm/audit-requests/third-party/processing

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party/processing"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "tokens": [
        "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
        "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
        "fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
      ]
    }'

Response

{
  "successful": [
    "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
    "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
  ],
  "failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}

Upload attachments to a confirmation

Uploads one or more files for the confirmation of an audit request, identified by the given token. A maximum amount of five attachments are allowed to avoid timing out.

This API request does not finalize the audit request - this is only done by sending a confirmation.

The Content-Type header needs to be set to multipart/form-data to successfully attach the files.

Scopes

bank

Parameters

Name	Type	Description
attachments	List<File>	List of files to be added to the confirmation (at most five per request).

Returns

Returns a message indicating the number of attachments uploaded.

POST /v1/confirm/audit-requests/:token/confirmations/upload

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/upload"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[][email protected]
  -F attachments[][email protected]
  -F attachments[][email protected]

Response

{ "message": "Uploaded 3 attachments" }

Finalize erroneous audit request with comment

Marks an audit request, identified by the given token, as finalized and sent in error.

This is the case if an auditor has sent an audit request to a bank for a client (or subsidiary) which isn't a customer of the bank. The bank must provide an explanatory comment (maximum 200 characters).

Once the comment has been sent, the auditor will receive a notification that the audit request has been finalized.

Scopes

bank

Parameters

Name	Type	Description
comment	String	Comment clarifying why the audit request was sent in error (maximum 200 characters).

Returns

Returns a textual message indicating that the operation was successful.

POST /v1/confirm/audit-requests/:token/confirmations/comment

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/comment"
  -H "Authorization: Bearer ${token}"
  -d '{ "comment": "The client (999999998) is not a customer of our bank" }'

Response

{ "message": "Audit request completed and notification sent to auditor" }

Send confirmation for audit request

Sends a confirmation for an audit request identified by the given token, finalizing it. This is the only way to send a confirmation through the API.

A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).

If you have previously attached all required files, you can omit the attachments parameter from this API request.

The Content-Type header needs to be set to multipart/form-data to successfully attach the files.

Scopes

bank

Parameters

Name	Type	Description
attachments	List<File>	List of files to be added to the confirmation (at most five).

Returns

Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL, and step contains the current step of the audit request process for the audit request. This latter value should be received if nothing went wrong.

POST /v1/confirm/audit-requests/:token/confirmations

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[][email protected]
  -F attachments[][email protected]
  -F attachments[][email protected]

Response

{
  "token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
  "step": "received"
}

Create manual audit request

Creates a manual audit request for an audient client (company) for the bank authenticated in the API request.

Returns an object representing the manual audit request.

Scopes

bank

Parameters

Name	Type	Description
auditor		The auditor initiating the audit request via the bank authenticated in the API request. See user for details.
company		The audit client for the audit request. See company for details.
cutOffDate	String	ISO8601 date string representing the end of the fiscal year for the audit client.
language	String	Language for the audit request. This also sets the language for the confirmation process. Valid values: `da`, `en`, `nb`, `sv`.
accountNumber	String	A single, verified account number for a particular company in the bank authenticated in the API request.

Company

Name	Type	Description
name	String	The name of the audit client.
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.

Auditor

Name	Type	Description
company	String	Name of the user's audit company.
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
email	String	The user's email address.
firstName	String	The user's given name.
lastName	String	The user's family name.
phone	String	The user's phone number, including the international subscriber dialing (ISD) code for the user's phone number ( `+47` for Norway).

Returns

Returns a dictionary representing the created manual audit request.

The token is used to upload attachments, and finally send to send the manual audit request to the bank.

POST /v1/confirm/manual-audit-requests

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '
      {
        "accountNumber": "1234.12.12345",
        "company": {
          "name": "Blaylock Mining",
          "vatNo": "123456789",
          "country": "no"
        },
        "cutOffDate": "2022-12-31",
        "language": "nb",
        "auditor": {
          "firstName": "Doc",
          "lastName": "Holiday",
          "email": "[email protected]",
          "company": "Tombstone Bookkeeping",
          "phone": "+4799889988",
          "country": "no"
        },
      }
    '

Response

{
  "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
  "accountNumbers": [
    {
      "accountNumber": "1234.12.12345",
      "company": {
        "name": "Blaylock Mining",
        "vatNo": "123456789",
        "country": "no"
      }
    }
  ],
  "attachments": [],
  "auditor": {
    "company": "Tombstone Bookkeeping",
    "country": "no",
    "email": "[email protected]",
    "firstName": "Doc",
    "lastName": "Holiday",
    "phone": "+4799889988"
  },
  "company": {
    "country": "no",
    "vatNo": "999999999",
    "name": "ACME AS"
  },
  "completedAt": null,
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "sentToPaymentAt": null,
  "sentToThirdPartyAt": null,
  "step": "started"
}

Upload attachment to manual audit request

Uploads an attachment to a manual audit request, identified by the given token.

This endpoint associates the attachment with the audit request itself (usually a signed power of attorney). To upload an attachment to the confirmation, see upload attachment to confirmation.

The Content-Type header needs to be set to multipart/form-data to successfully attach the files.

Scopes

bank

Parameters

Name	Type	Description
attachment	File	The file to be attached to the manual audit request.

Returns

Returns a message indicating the upload succeeded.

POST /v1/confirm/manual-audit-requests/:token/attachments

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/attachments"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachment=@power_of_attorney.pdf

Response

{ "message": "Successfully uploaded attachment" }

Send manual audit request

Starts a payment flow for the manual audit request, after which it is sent to the bank.

An email with a Stripe payment link is sent to the user. Once payment is fulfilled, the audit request is sent to the bank.

Scopes

bank

Returns

Returns a dictionary representing the updated manual audit request.

The fields step should be awaiting_payment, and sentToPaymentAt should not be null.

POST /v1/confirm/manual-audit-requests/:token/send

$ curl  "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/send"
  -H "Authorization: Bearer ${token}"

Response

{
  "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
  "accountNumbers": [
    {
      "accountNumber": "1234.12.12345",
      "company": {
        "name": "Blaylock Mining",
        "vatNo": "123456789",
        "country": "no"
      }
    }
  ],
  "auditor": {
    "company": "Tombstone Bookkeeping",
    "country": "no",
    "email": "[email protected]",
    "firstName": "Doc",
    "lastName": "Holiday",
    "phone": "+4799889988"
  },
  "company": {
    "country": "no",
    "vatNo": "999999999",
    "name": "ACME AS"
  },
  "completedAt": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "sentToPaymentAt": "2023-06-06T08:58:12.660Z",
  "sentToThirdPartyAt": null,
  "step": "awaiting_payment"
}

List all pending manual audit requests

Returns a paginated list for all manual audit requests that are awaiting confirmation form the bank authenticated in the API request.

Scopes

bank

Parameters

Name	Type	Description
offset	Integer	The offset used for pagination
signatureReviews	Boolean	Include signature reviews in the payload?
processing	Boolean	Include processing flag in the payload?

Returns

Returns a paginated list of manual pending audit requests for the bank authenticated in the API request.

GET /v1/confirm/manual-audit-requests/third-party

$ curl  "https://api.brevio.com/v1/confirm/manual-audit-requests/third-party"
  -H "Authorization: Bearer ${token}"
  -d 'signatureReviews=true'

Response

{
  "count": 50,
  "total": 97,
  "next": 50,
  "offset": 0,
  "requests": [
    {
      "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
      "accountNumbers": [
        {
          "accountNumber": "1234.12.12345",
          "company": {
            "name": "Blaylock Mining",
            "vatNo": "123456789",
            "country": "no"
          }
        }
      ],
      "attachments": [
        "3928799b6a48a541173d66b53e72b078df10a58b3dcda6819141bdf9f9f7fbd9",
        "0427282d9b69610a23eedebb995ef396db8e847c55ec903e1d6d77e50e1a64e8"
      ],
      "auditor": {
        "company": "Tombstone Bookkeeping",
        "country": "no",
        "email": "[email protected]",
        "firstName": "Doc",
        "lastName": "Holiday",
        "phone": "+4799889988"
      },
      "company": {
        "country": "no",
        "vatNo": "999999999",
        "name": "ACME AS"
      },
      "completedAt": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "sentToPaymentAt": null,
      "sentToThirdPartyAt": null,
      "signatureReview": {
        "reviewedBy": "Johnny Ringo",
        "verified": true,
        "reviewedAt": "2023-07-03T14:36:55.608Z",
        "company": {
          "name": "Blaylock Mining",
          "vatNo": "123456789",
          "country": "no"
        }
      },
      "step": "started"
    }
    // ...
  ]
}

Set processing flag for manual audit requests

Marks a set of manual audit requests, identified by their unique tokens, as having begun processing by the bank authenticated in the API request.

Scopes

bank

Parameters

Name	Type	Description
tokens	List<String>	The list of manual audit request tokens indicating which audit requests to update.

Returns

Returns a dictionary with two keys: successful containing a list of manual audit request tokens which were successfully set as started processing, and failed for which the operation failed.

POST /v1/confirm/manual-audit-requests/third-party/processing

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/third-party/processing"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "tokens": [
        "dab4363d-20dc-465c-92e0-8f0b1ab4be6c",
        "7f1f9ae2-7aec-4d1b-9d67-2829e0edbda7",
        "ad793a0f-dc73-4940-ba2c-811c20d0af87"
      ]
    }'

Response

{
  "successful": [
    "dab4363d-20dc-465c-92e0-8f0b1ab4be6c",
    "7f1f9ae2-7aec-4d1b-9d67-2829e0edbda7"
  ],
  "failed": ["ad793a0f-dc73-4940-ba2c-811c20d0af87"]
}

Upload attachments to a manual audit request confirmation

Uploads one or more files for the confirmation of an audit request, identified by the given token. A maximum amount of five attachments are allowed to avoid timing out.

This API request does not finalize the audit request - this is only done by sending a confirmation.

The Content-Type header needs to be set to multipart/form-data to successfully attach the files.

Scopes

bank

Parameters

Name	Type	Description
attachments	List<File>	List of files to be added to the confirmation (at most five per request).

Returns

Returns a message indicating the number of attachments uploaded.

POST /v1/confirm/manual-audit-requests/:token/confirmations/upload

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/confirmations/upload"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[][email protected]
  -F attachments[][email protected]
  -F attachments[][email protected]

Response

{ "message": "Uploaded 3 attachments" }

Send confirmation for manual audit request

Sends a confirmation for a manual audit request identified by the given token, finalizing it. This is the only way to send a confirmation through the API.

If you have previously attached all required files, you can omit the attachments parameter from this API request.

The Content-Type header needs to be set to multipart/form-data to successfully attach the files.

Scopes

bank

Parameters

Name	Type	Description
attachments	List<File>	List of files to be added to the confirmation (at most five).

Returns

POST /v1/confirm/manual-audit-requests/:token/confirmations

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/confirmations"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[][email protected]
  -F attachments[][email protected]
  -F attachments[][email protected]

Response

{
  "token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
  "step": "received"
}

Brevio Connect API

The Connect API grants your authorized API client access to data associated with its entity (e.g. bank or audit company) in the Brevio Connect service.

Connect API core resources

Below are listed all the core resources for the Brevio Connect API.

Connection

Attribute	Type	Description
token	String	Unique identifier for the connection
endDate	Date	The end date of the connection
scheduledAt	DateTime	Date and time the connection request will be sent to the client, `null` if the connection is not scheduled (e.g. normal connection sent immediately after created)
lastSyncAt	DateTime	The last synchronization date and time for the connection, `null` if connection has not been synced yet.
lastSentToClientAt	DateTime	The last date and time the connection was sent to the client, `null` if not sent yet
step	String	The current step of the connection. Valid steps: `waiting_for_approval`, `approved`, `ready_for_audit`, `needs_re_approval`, `cancelled`, `archived`, `scheduled`, `pending`
bankDataDeletedAt	DateTime	The date and time when the bank data was deleted, `null` until data is deleted
auditCompany	String	The name of the audit company
company	Object	Contains details about the company
client	Object	Contains details about the client
provider	Object	Contains details about the provider
events	Array	An array of event objects
user	Object	Contains details about the user

Connection


{
	"token": "16ac05fa-aa7f-43d9-a933-27fd1cbe17a7",
	"endDate": "2024-05-31",
	"scheduledAt": "2024-05-15T00:00:00.000Z",
	"lastSyncAt": null,
	"lastSentToClientAt": "2024-06-14T10:51:55.295Z",
	"step": "waiting_for_approval",
	"bankDataDeletedAt": null,
	"auditCompany": "Brevio",
	"company": {
		"country": "no",
		"name": "Random company",
		"vatNo": "123456789"
	},
	"client": {
		"email": "[email protected]",
		"emailError": false
	},
	"provider": {
		"id": "NO_TestBank",
		"name": "Test Bank",
		"country": "no"
	},
	"events": [
		{
			"date": "2024-06-14T10:51:55.301Z",
			"instigator": "Auditor name",
			"target": "[email protected]",
			"eventType": "created"
		}
	],
	"user": {
		"email": "[email protected]",
		"name": "Auditor Name",
		"officeAddress": "Wergelandsveien 1, 0167 Oslo"
	}
}

Company

Attribute	Type	Description
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
name	String	The company name as registered in the national registry for the company's country of operation.
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.

Company

{
  "country": "no",
  "name": "ACME AS",
  "vatNo": "999999999"
}

Client

Attribute	Type	Description
email	String	The email of the client
emailError	Boolean	Indicates if there is an error with the client's email

Client

{ 
	"email": "[email protected]",
	"emailError": false
}

Event

This object represents the events for the connection. Events can be of type: Created, Approved, PeriodEnded, ReadyForAudit, NeedsReApproval, Cancelled, Archived, AuditorSentNewMail, RetentionPolicyDeletion, ScheduledReached, ScheduledCreated

Attribute	Type	Description
date	DateTime	The date and time of the event
instigator	String	The instigator of the event, `null` when Brevio initiates the event, such as when scheduled_at is reached and we send mail to the client
target	String	The target of the event, `null` for events: approved, needsReApproval, scheduleCreated, readyForAudit, cancelled, archived, retentionPolicyDeletion
eventType	String	The type of the event: Created, Approved, PeriodEnded, ReadyForAudit, NeedsReApproval, Cancelled, Archived, AuditorSentNewMail, RetentionPolicyDeletion, ScheduledReached, ScheduledCreated

Event

{
	"date": "2024-06-14T10:51:55.301Z",
	"instigator": "Auditor name",
	"target": "[email protected]",
	"eventType": "created"
}

User

This object represents the auditor responsible for the audit request.

Attribute	Type	Description
officeAddress	String	Address for the user's physical office.
email	String	The user's email address.

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}

Provider

This objects represents a provider, you can retrieve all providers from the providers-endpoint

Attribute	Type	Description
id	String	Unique identifier
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
name	String	Name of the provider

Provider

{
	"id": "NO_TestBank",
	"name": "Test Bank",
	"country": "no"
}

Account

This object represents an account that belongs to a connection

Attribute	Type	Description
token	String	Unique identifier for the account
name	String	Name of the account
account_type	String	Type of the account: `Consumption`: A payment account, open for withdrawals `LockedSavings`: A savings account which is locked for withdrawals `Loan`: A loan account `Card`: A backing account for a payment card `OpenSavings`: A savings accounts which the user can withdraw from `Unknown`: the type is not known
provider	Object	Contains details about the provider
owner	String	Owner of the account
last_transaction_sync_at	DateTime	The last transaction synchronization date and time for the account, null if account never have been synced
inactive	Boolean	If the bank for some reason stops providing updates on this account
waiting_for_initial_sync	Boolean	Indicates if the account is waiting for initial sync, transactions are not be available as long as this is false
number	Object	Contains details about the account number
booked_balance	Object	Booked balance of the account, including the ISO 4217 currency code
available_balance	Object	Available balance of the account, including the ISO 4217 currency code

Account

{
			"token": "c5696821-2e6b-45de-be90-96f5883b1927",
			"name": "Checking Account",
			"accountType": "Consumption",
			"owner": "Christian Thomsen",
			"lastTransactionSyncAt": "2024-01-29T12:06:23.719Z",
			"inactive": false,
			"waitingForInitialSync": false,
			"accountNumber": {
				"bbanType": "NO",
				"bban": "0001-4386946",
				"iban": "NO2900014386946",
				"bankCode": "0001",
				"accountNumber": "4386946"
			},
			"availableBalance": {
				"value": "12773.2269",
				"currency": "NOK"
			},
			"bookedBalance": {
				"value": "12773.2269",
				"currency": "NOK"
			},
			"provider": {
				"id": "NO_TestBank",
				"name": "Test Bank",
				"country": "no"
			}
		}

Balance

Attribute	Type	Description
value	String	The balance value
currency	String	The ISO 4217 currency code

Balance

{
  "value": "1000.0",
  "currency": "NOK",
}

Account number

Attributes used to describe the account number. Finland does not use BBAN, only IBAN.

Attribute	Type	Description
bban_type	String	Type of the BBAN
bban	String	Bank Account Number
iban	String	International Bank Account Number
bank_code	String	Code of the bank
account_number	String	Number of the account

Account number

{
            "bban": "0001-245787654",
            "bbanParsed": {
                "accountNumber": "245787654",
                "bankCode": "0001"
            },
            "bbanType": "NO",
            "iban": "NO830001245787654"
        }

Transaction

Attribute	Type	Description
token	String	Unique identifier for the transaction
bookedDate	Date	The date when the transaction was booked
text	String	Text description of the transaction
originalText	String	Original text description of the transaction
transactionType	String	Unknown, InternalCounterEntry, Card, PeerToPeer, DirectDebit, BankTransfer, CashWithdrawal
state	String	Booked, Reserved, Scheduled
amount	Object
balance	object	Balance of the account after this transaction if available

Transaction

{
	"token": "a652bab9-6a52-4c28-adf6-25827d12d833",
	"bookedDate": "2023-12-31",
	"text": "Overførsel til Budget",
	"originalText": "Overførsel til Budget",
	"transactionType": "BankTransfer",
	"state": "Booked",
	"amount": {
		"value": "-12302.5",
		"currency": "NOK"
	},
	"balance": {
		"value": "-12302.5",
		"currency": "NOK"
	}
}

Connection endpoints

Create connection

Creates one connection per provider. Returns a list of the created connections

POST v1/connect/connections

$ curl "https://api.brevio.com/v1/connect/connections"
  -H "Authorization: Bearer ${token}"
  -d '
    {
		"user": "[email protected]",  
		"scheduled_at": null,
		"toDate": "2024-05-31",
		"country": "no",
		"vatNo": "123456789",
		"contactEmail": "[email protected]",
		"clientLanguage": "nb",
		"providers": [
		  "NO_TestBank"
		]
}
'

Scopes

audit_company

Parameters

Name	Type	Description
user	String	Email of the auditor creating the connection
scheduledAt	DateTime	Send the connection request at the provided-dateTime, when null the connection request is sent immediately
toDate	DateTime	Connection will be active until this date
contactEmail	String	The client's email. The client is the one who will approve the request and grant access to the bank accounts
clientLanguage	String	Language used when sending mail to the client, valid values: nb, se, dk, fi or en
providers	List< String >	List of provider ids, creates one connetion per provider. Use endpoint Get providers to get correct providerId
country	String	Country of the company
vat_no	String	VAT number of the company

Returns

Returns a list of all created connections, one per provider in the create request. See Connections for details

Response

{
	"connections": [
		{
			"token": "16ac05fa-aa7f-43d9-a933-27fd1cbe17a7",
			"endDate": "2024-05-31",
			"scheduledAt": null,
			"lastSyncAt": null,
			"lastSentToClientAt": "2024-06-14T10:51:55.295Z",
			"step": "waiting_for_approval",
			"bankDataDeletedAt": null,
			"auditCompany": "Brevio",
			"company": {
				"country": "no",
				"name": "Some company",
				"vatNo": "123456789"
			},
			"client": {
				"email": "[email protected]",
				"emailError": false
			},
			"provider": {
				"id": "NO_TestBank",
				"name": "Test Bank",
				"country": "no"
			},
			"events": [
				{
					"date": "2024-06-14T10:51:55.301Z",
					"instigator": "Auditor LastName",
					"target": "[email protected]",
					"eventType": "created"
				}
			],
			"user": {
				"email": "[email protected]",
				"name": "Auditor LastName",
				"officeAddress": "Wergelandsveien 1, 0167 Oslo"
			}
		}
	]
}

Get all connections

Returns paginated a list of all connections for the audit company authenticated in the API request, filtered by company

The response contains at most 50 connections. To access all connections (in cases where there are more than 50) you have to paginate through the results.

GET `/v1/connect/connections

$ curl "https://api.brevio.com/v1/connect/connections"
  -H "Authorization: Bearer ${token}"
  -d '{ "vatNo": "9999999", "country": "no" }'

Parameters

Name	Type	Description
vatNo	String	VAT number for the audit client. Required if country is present.
country	String	Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`. Required if vatNo is present
offset	Integer	The offset used for pagination

Returns

Returns paginated a list of all connections for the audit company authenticated in the API request, filtered by company

Response

{
	"total": 50,
	"count": 131,
	"next": 50,
	"offset": 0,
	"connections": [
		{
			"token": "980a2c7f-0b2a-4ab9-9be2-3f54b6cc9a4e",
			"endDate": "2025-01-01",
			"scheduledAt": null,
			"lastSyncAt": null,
			"lastSentToClientAt": "2024-05-15T12:49:04.191Z",
			"step": "waiting_for_approval",
			"bankDataDeletedAt": null,
			"auditCompany": "Audit company AS",
			"company": {
				"country": "no",
				"name": "ACME AS",
				"vatNo": "999999999"
			},
			"client": {
				"email": "[email protected]",
				"emailError": false
			},
			"provider": {
				"id": "NO_TestBank",
				"name": "Test Bank",
				"country": "no"
			},
			"events": [
				{
					"date": "2024-05-15T12:49:04.252Z",
					"instigator": "Auditor Name",
					"target": "[email protected]",
					"eventType": "created"
				}
			],
			"user": {
				"email": "[email protected]",
				"name": "Auditor Name",
				"officeAddress": "Gatevei 1313 1, 0167 Oslo"
			}
		},
		// ...
	]
}

Get accounts

Returns paginated a list of all accounts for the connection identified by the given token

The response contains at most 50 accounts. To access all accounts (in cases where there are more than 50) you have to paginate through the results.

GET `/v1/connect/connections/:connection_token/accounts

$ curl "https://api.brevio.com/v1/connect/connections/:connection_token/accounts"
  -H "Authorization: Bearer ${token}"

Returns

Response

{
	"total": 2,
	"count": 2,
	"next": null,
	"offset": 0,
	"accounts": [
		{
			"token": "c5696821-2e6b-45de-be90-96f5883b1927",
			"name": "Checking Account",
			"accountType": "Consumption",
			"owner": "Christian Thomsen",
			"lastTransactionSyncAt": "2024-01-29T12:06:23.719Z",
			"inactive": false,
			"waitingForInitialSync": false,
			"accountNumber": {
				"bbanType": "NO",
				"bban": "0001-4386946",
				"iban": "NO2900014386946",
				"bankCode": "0001",
				"accountNumber": "4386946"
			},
			"availableBalance": {
				"value": "12773.2269",
				"currency": "NOK"
			},
			"bookedBalance": {
				"value": "12773.2269",
				"currency": "NOK"
			},
			"provider": {
				"id": "NO_TestBank",
				"name": "Test Bank",
				"country": "no"
			}
		},
		//...
	]
}

Get transactions

Returns paginated a list of all transactions for the account identified by the given token The response contains at most 250 transactions. To access all transactions (in cases where there are more than 250) you have to paginate through the results. You can also search for specific date-ranges by using one or both of the two query-params: fromDate and toDate.

GET `/v1/connect/connections/:connection_token/accounts/:account_token/transactions

$ curl "https://api.brevio.com/v1/connect/connections/:connection_token/accounts/:account_token/transactions?fromDate=2023-11-30&toDate=2024-06-30"
  -H "Authorization: Bearer ${token}"

Parameters

Name	Type	Description
fromDate	Date	Optional date param for filtering transactions on bookedDate. ISO8601 format: "2023-11-30"
toDate	Date	Optional date param for filtering transactions on bookedDate. ISO8601 format: "2023-11-30"
offset	Integer	The offset used for pagination
pageSize	Integer	Optional pageSize. Allowed values: 1 to 250, defaults to 250

Returns

Returns a paginated list of all transactions for the account identified by the token in the url. Filtered by optional from- and to- date.

Response

{
	"total": 366,
	"count": 250,
	"next": 250,
	"offset": 0,
	"transactions": [
		{
			"token": "a652bab9-6a52-4c28-adf6-25827d12d833",
			"bookedDate": "2023-12-31",
			"text": "Overførsel til Budget",
			"originalText": "Overførsel til Budget",
			"transactionType": "BankTransfer",
			"state": "Booked",
			"amount": {
				"value": "-12302.5",
				"currency": "NOK"
			},
			"balance": {
				"value": "-12302.5",
				"currency": "NOK"
			}
		},
		//...
	]
}

Get providers

Returns a list of all providers for the given country

Use the provider when creating a connection

GET /v1/connect/providers?country=no

$ curl "https://api.brevio.com/v1/connect/providers?country=no"
  -H "Authorization: Bearer ${token}"

Parameters

Name	Type	Description
country	String	The country the provider is registered in. Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.

Returns

Returns a list of providers for the given country

Response

{
	"providers": [
		{
			"id": "NO_Dnb",
			"name": "DNB",
			"country": "no"
		},
		{
			"id": "NO_DanskeBank",
			"name": "Danske Bank",
			"country": "no"
		},
		{
			"id": "NO_DanskeBankBedrift",
			"name": "Danske Bank Business Online",
			"country": "no"
		}
	]
}

Brevio Sign API

The Sign API grants an authorized API client access to data associated with its entity in the Brevio Sign service.

Sign API core resources

Below are listed all the core resources for the Brevio Confirm API.

Sign request

This object represents a single request for digital signatures for a list of documents by one or more signees. Each sign request pertains to exactly one company, but can contain between 1-5 uploaded documents and as many signees as needed.

Attribute	Type	Description
token	String	Unique identifier.
attachments	List<Attachment>	List of all attachments associated with the sign request. Contains both the original uploaded documents, as well as their digitally signed counterparts.
company	Company	The company associated with the sign request.
dueDate	Date	The due date of the sign request. Once this date has passed (e.g. past `23:59:59` on the due date itself), the sign request has expired.
language	String	The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: `da`, `en`, `nb`, `sv`.
lastUpdate	DateTime	When was the sign request last updated?
sentAt	DateTime	When was the sign request first sent? This field is `null` if the request has not been sent.
signees	List<Signee>	List of signees associated with the sign request.
step	String	Valid values: `started`, `sign`, `cancelled`, `completed`, `archived`.
user	User	The user associated with the sign request.

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "99999999"
  },
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "sentAt": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "signed": false,
      "signedAt": null,
      "pid": null
    },
    {
      "email": "[email protected]",
      "name": "Ford Prefect",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "pid": null
    }
  ],
  "step": "sign",
  "user": {
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]",
    "name": "Arthur Dent"
  }
}

Attachment

This object represents an attachment associated with a sign request. It is either (1) an uploaded document, or (2) a signed PDF.

Attribute	Type	Description
token	String	Unique identifier.
filename	String	Name of the uploaded file.
signedPDF	Boolean	Is this a digitally signed PDF?
template	String	Unique identifor for an associated document template.
title	String	Human-readable title for the attachment.

Attachment

{
  "token": "21d2b46ae46b16845caad19c2d6aac34",
  "filename": "engagement-letter-2021.pdf",
  "signedPDF": false,
  "template": null,
  "title": "Engagement letter"
}

Document template

This object represents a template which can be associated with an uploaded document. This makes it easier to filter sign requests by their document templates when listing sign requests.

Each document template has mulitple internationalizations, with human-readable titles for each language.

Attribute	Type	Description
token	String	Unique identifier.
i18ns	List<Internationalization>	List of internationalizations associated with the document template.

Docment template

{
  "token": "a0eaf8107e16f6af3a6d3659afc997d5",
  "i18ns": [
    {
      "language": "nb",
      "title": "Revisjonsberetning"
    },
    {
      "language": "en",
      "title": "Auditor's report"
    }
  ]
}

Internationalization

This object represents a internationalization for a document template, containing information about which language it pertains to, and what the human-readable title for the template is.

The internationalizations are managed by audit company administrators through the web UI.

Attribute	Type	Description
language	String	The language used for the internationalization. Adheres to the ISO 639-1 standard. Valid values: `da`, `en`, `nb`, `sv`.
title	String	Human-readable title for the internationalization visible to auditors in the graphical user interface.

Internationalization

{
  "language": "nb",
  "title": "Årsregnskap"
}

Other resources

Company

Attribute	Type	Description
country	String	Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
name	String	The company name as registered in the national registry for the company's country of operation.
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.

Company

{
  "country": "no",
  "name": "ACME AS",
  "vatNo": "999999999"
}

Signee

This object represents a signee. If the API client authenticated in the API request has the signee_pid scope, they can view the signee's Personal ID (PID).

Please contact us for more information.

Attribute	Type	Description
email	String	Email address of the signee.
name	String	Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is `null` if the signee has not signed.
pid	String	Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is `null` unless the API client has the `signee_pid` scope enabled.
signed	Boolean	Has the signee signed yet?
signedAt	DateTime	When was the sign request signed by this signee? This field is `null` if the signee hasn't signed.

Signee

{
  "email": "[email protected]",
  "name": "Guybrush Threepwood III",
  "pid": null,
  "signed": true,
  "signedAt": "2022-01-01T08:33:12Z"
}

User

Attribute	Type	Description
address	String	Address for the user's physical office.
email	String	The user's email address.
name	String	Name verified by the national registry/SSO integration.

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}

List all document templates

Returns a list of all document templates for the audit company authenticated in the API request.

The returned tokens can be used to filter sign requests by the templateToken attribute in the list all sign requests endpoint.

Scopes

audit_company

Parameters

None.

Returns

Returns a list of document templates for the audit company authenticated in the API request.

GET /v1/sign/document-templates

$ curl "https://api.brevio.com/v1/sign/document-templates"
  -H "Authorization: Bearer ${token}"

Response

{
  "templates": [
    {
      "token": "a0eaf8107e16f6af3a6d3659afc997d5",
      "i18ns": [
        {
          "language": "nb",
          "title": "Revisjonsberetning"
        },
        {
          "language": "en",
          "title": "Auditor's report"
        }
      ]
    },
    {
      "token": "9a75bf516d7d26b55e96b97a648c566e",
      "i18ns": [
        {
          "language": "nb",
          "title": "Årsregnskap"
        },
        {
          "language": "en",
          "title": "Annual report"
        }
      ]
    }
    // ...
  ]
}

Create attachments

Creates an attachment for each uploaded PDF.

A maximum amount of five attachments are allowed to avoid timing out.

The vendor scope can use this endpoint to upload attachments on behalf of its consumers by passing a valid consumerKey.

Returns a dictionary with a list of tokens uniquely identifying each created attachment.

The Content-Type header needs to be set to multipart/form-data to successfully attach the files.

Scopes

audit_company, vendor

Parameters

Name	Type	Description
attachments	List<File>	List of files (only PDF files allowed) to be uploaded. At most five per request.
user	String	Email address for the user which should be associated with the uploaded attachments.
consumerKey	String	The consumer key for the consumer you wish to create the attachment on behalf of. for vendor scopes.

Returns

Returns a dictionary with a tokens key, which contains tokens uniquely identifying each created attachment.

POST /v1/sign/attachments

curl "https://api.brevio.com/v1/sign/attachments"
  --H 'Content-Type: multipart/form-data'
  --H "Authorization: Bearer ${token}"
  -F "[email protected]"
  -F "attachments[]=@engagement_letter.pdf"
  -F "attachments[]=@auditor_report.pdf"

Response

{
  "tokens": [
    "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
    "f0cc7f7e9ade1644913a32b3ba440a8ee019bd9a2c7f69bb3a3c97a484155a63"
  ]
}

Create sign request

Creates a new sign request for a company (identified by the vatNo and country parameters), containing a list of PDF documents do be digitally signed (the attachments parameter) by one or more signees (the signees parameter).

The sign request is associated with the user passed in the user parameter, and there's a validation check whether the user is employed by the audit company authenticated in the API request at the time of creation.

The vendor scope can use this endpoint to create a sign request on behalf of its consumers by passing a valid consumerKey.

Returns a dictionary with the token of the created sign request.

Scopes

audit_company, vendor

Parameters

Name	Type	Description
attachments	List<>	List of attachments for the sign request. See attachments for details.
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation.
country	String	Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
user	String	Email address used to uniquely identify a user in the audit company making the API request.
language	String	The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: `da`, `en`, `nb`, `sv`. Defaults to `nb`.
signees	List<>	List of signees associated with the sign request. See signees for details.
dueDays	Integer	The number of days until the sign request expires. Valid values: `7`, `14`, `30`. Defaults to `30`.
message	String	Message to be displayed in the sign request (will replace the default message generated by Brevio).
consumerKey	String	The consumer key for the consumer you wish to create the sign request on behalf of. for vendor scopes.

POST /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -d'{
    "attachments": [
      {
        "token": "0126a84017de0e70b6440820decbb565",
        "title": "Auditor report"
      },
      {
        "token": "95df519c2f4d5bf3040bab3e7a730f60",
        "title": "Engagement Letter",
        "template": "f7c2e7b859862ac29650bd098dfedfb6"
      }
    ],
    "country": "no",
    "signees": [
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 2
      }
    ],
    "language": "nb",
    "dueDays": 14,
    "message": "Sign request message",
    "user": "[email protected]",
    "vatNo": "999999999"
    }'

Attachments

List of attachments referring to previously uploaded PDF files.

Attribute	Type	Description
token	String	Unique identifier.
title	String	Human-readable title. When there are more than one attachment for a sign request, the titles are joined together with comma-separation.
templateToken	String	Token identifying a document template.

Signees

List of signees (identified by their email) who are required to sign all PDF documents in the sign request.

If you want a particular signee to sign the PDF documents before another, you can specify the signing order in the order parameter. Signees with the same order will receive the sign request at the same time, and those with a larger order will receive the sign request only after all previous signee orders have signed.

Attribute	Type	Description
email	String	Email address of the signee.
order	Integer	Should this signee sign the sign request in a particular order?

Signees

[
  {
    "email": "[email protected]",
    "order": 1
  },
  {
    "email": "[email protected]",
    "order": 2 // This signee will *only* receive the sign request *after* the previous signee has signed.
  }
]

Returns

Returns a dictionary with a token key containing the unique token for the created sign request.

Response

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9"
}

List all sign requests

Returns a paginated list for all sign requests for the audit company authenticated in the API request, filtered by company (identified by the vatNo and country parameters). The results can also optionally be filtered by a document template.

The payload contains at most 50 requests. To access all sign requests (in cases where there are more than 50) you have to paginate through the results.

Scopes

audit_company, signee_pid

Parameters

Name	Type	Description
vatNo	String	VAT number for the audit client.
country	String	Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: `dk`, `fi`, `no`,`se`.
offset	Integer	The offset used for pagination.
templateToken	String	Unique identifier for a document template to filter the sign requests by. If a sign request contains any attachments with the document template then it is included in the result.

Returns

Returns a paginated list of all sign requests for the audit company authenticated in the API request, filtered by VAT number, country, and optionally document template.

GET /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -d '{"vatNo": "999999999", "country": "no" }'

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no"
      },
      "dueDate": "2022-11-13",
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sentAt": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

List updated sign requests

Returns a paginated list for all sign requests for the audit company authenticated in the API request, which have been updated after a specific date (the fromDate parameter).

The results are inclusive, meaning all passing 2022-01-01 will return all sign requests updated after 2022-01-01 00:001.

The payload contains at most 50 requests. To access all sign requests (in cases where there are more than 50) you have to paginate through the results.

Name	Type	Description
fromDate	String	ISO8601 date string representing the inclusive start of the date filter
offset	Integer	The offset used for pagination

Returns

Returns a paginated list of all sign requests for the audit company authenticated in the API request, updated after the specified date.

GET /v1/sign/sign-requests/updates

$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
  -H "Authorization: Bearer ${token}"
  -d '{"fromDate": "2022-01-01"}'

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no"
      },
      "dueDate": "2022-11-13",
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sentAt": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Download attachment

Generates a short-lived (24 hours) signed URL in accordance with information security best practices to download the attachment identified by the given token.

Scopes

audit_company

Parameters

None.

Returns

Returns a dictionary with a filename field indicating the filename of the attachment, and an url field containing the signed URL.

POST /v1/sign/attachments/:token/signed-url

$ curl "https://api.brevio.com/v1/sign/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
  -H "Authorization: Bearer ${token}

Response

{
  "filename": "signed-auditor-report.pdf",
  "url": "https://cdn.brevio.com/signed-auditor-report.pdf"
}

Brevio Signature Right API

The signature right API grants an authorized API client access to data used to verify whether a given national ID is allowed to digitally sign documents for a given company, either in combination with others or individually.

Through the API you can accomplish the following:

Retrieve Signature Right information: Get information regarding a person's signature right for a given company.

Signature Right API core resources

Signature Right

Attribute	Type	Description
changeDate	Date	The date when signing rule was last changed (valid from)
vatNo	String	The VAT number for the company, validated against the national registry for the company's country of operation
country	String	Two letter ISO country code
nationalId	String	National Id / SSN
signatureRight	String	Signature right. Valid values are `'ALONE'` or `'GROUP'`

Get signature right

This endpoint returns signature rights information for a given combination of VAT number, national ID (SSN), and country code.

Currently Swedish, Norwegian, and Danish companies are supported using country code se for Sweden, no for Norway, and dk for Denmark.

Scopes

signature_right

Parameters

Name	Type	Description
vatNo	String	The VAT number for the company (8 digits for danish, 9 digits for Norwegian, and 10 digits for Swedish).
nationalId	String	National ID/ SSN
country	String	Countries for which the check is performed. Valid countries: `se` `no` `dk`

Returns

Returns the signature right for the given vatNo, nationalId, and country.

GET /v1/signature-right

$ curl "https://api.brevio.com/v1/signature-right?vatNo=${vat_no}" \
      "&nationalId=${national_id}&country=${country}"
  -H "Authorization: Bearer ${token}"

Response

{
  "changeDate": "2019-12-11",
  "vatNo": "5564779444",
  "nationalId": "196805029268",
  "signatureRight": "ALONE"
}

Changelog

All requests to the Brevio APIs check whether the Brevio-Version header is present, and applies the API version present (if valid). If the header isn't present the API uses your account's API settings.

Example: Sending 2023-02-14 as Brevio-Version will force the request to use the API version released on February 14th, 2023.

October 4, 2023 - `2023-10-04`

API responses

Renames and changes several fields on the audit request. See 2023-10-04 for details.
Renames sent to sentAt for confirmations.

Endpoint changes

Renames parameters auditAccountNumbers and lastingPowerOfAttorney to accountNumbers and lpa for creating audit requests.
Removes parameter reviewedSignatures for list all pending audit requests.
Renames parameter bankStartedProcessing to processing for list all pending audit requests.
Renames auditRequestTokens to tokens for finalizing audit requests, setting proccesing flag, and setting processing flag for manual audit requests.
Removes parameter processing for setting processing flag.
Removes parameter processing for setting processing flag for manual audit requests.
Renames "Upload power of attorney" endpoint to "Upload attachment" for manual audit requests, and changes the URL. See upload attachment to manual audit request.

April 24, 2023 - `2023-04-24`

Adds support for generic LPAs

March 24, 2023 - `2023-03-24`

Removes endDate from the lasting power of attorney creation as these now will not expire unless explicitly revoked or audit company resigns as auditor.
endDate will return null for List all LPAs and Create LPA if lasting power of attorney is created with latest api version or without endDate specified, meaning it's witout an expiration date.

March 20, 2023 - `2023-03-20`

Adds new endpoint for setting audit requests as started processing by banks.
Adds support for filtering on startedProcessing in list all pending audit requests endpoint for banks.

March 1, 2023 - `2023-03-01`

Adds support for bank review on audit requests. Please contact Brevio to enable this feature. When enabled, the bank can send in the field reviewedSignatures as part of the third party endpoint to get all their reviewed audit requests. The audit request will also return an array of bankReviewedCompanySignatures.

February 14, 2023 - `2023-02-14`

Adds support for Finnish companies which entails a few things:
- country parameter is now required in addition to vatNo for both company and subsidiaries.
- For backwards compatibility; if no country is supplied for older API versions, it will assume Denmark and not Finland as these are the same VAT number length.
- country is also added to the Company response objects.

November 3, 2022 - `2022-11-03`

Adds support for sending audit account numbers as part of the create audit requests endpoint.

October 26, 2022 - `2022-10-26`

Adds support for creating and listing lasting powers of attorney in the Confirm API.

October 24, 2022 - `2022-10-24`

Adds support for all types of audit requests in the Confirm API.

October 13, 2022 - `2022-10-13`

Adds support for all audit request types in the creation of audit requests for the Confirm API.

October 1, 2022 - `2022-10-01`

Adds support for multiple account numbers for audit requests in Confirm API. Key: accountNumbers.
Adds support for multiple signees for audit requests in Confirm API. Key: signees.
Changes response type for company key in audit request response to an object rather than a string in Confirm API.
Changes response type for confirmation key in audit request response from list of strings to an object in Confirm API.
Removes deprecated daughterCompanies key for creating batch of audit requests in Confirm API.
Renames auditor key in audit request response to user in Confirm API.
Removes deprecated keys from audit request response in Confirm API: companyName, daughterCompanies, signee, signeePID, clientEmail.
Renames key name to filename in download attachment response in Confirm API.
Renames sent key in sign request response to sentAt for Sign API.
Renames keys signedName and signeePID to name and pid for Sign API.

1.0

Initial release of the Brevio API.

Audit request

2023-10-04

Attributes

Renames bankReviewedCompanySignatures field to signatureReviews.
Renames bankStartedProcessing field to startedProcessing.
Changes lastingPowerOfAttorneyfield from string to .
Renames sentToClient field to sentToClientAt.

2023-03-24

Create lasting power of attorney

Parameters

The end date for for LPAs is now removed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor.

Removed

Name	Type	Description
endDate	String	ISO8601 date string.

List lasting powers of attorney

Respose

The end date for for LPAs is now changed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor. This means that if the LPA is set to not expire the endDate will be null.

Name	Type	Description
endDate	String	ISO8601 date string.

Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "endDate": null, // Changed to nullable
    "signed": false,
    "language": "en",
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    }
  }
]

2023-03-01

List all pending audit requests for third party (banks)

New request parameter

This option is exclusively for banks, please contact Brevio to enable the feature if needed.

Name	Type	Required	Description
reviewedSignatures	boolean	false	Optional field to return reviewed audit requests

New response attributes

Name	Type	Description
bankReviewedCompanySignatures	BankReviewedCompanySignature	Only available if review is enabled for the bank

BankReviewedCompanySignature

Name	Type	Description
reviewedBy	string	Field for banks to keep tabs on who internally reviewed the audit request signature
reviewedAt	datetime	When the employee reviewed the audit request signature
verified	boolean	The signature is either rejected or verified
company	Company	Which company was reviewed

GET /v1/confirm/audit-requests/third-party

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party?reviewedSignatures=true"
  -H "Authorization: Bearer ${token}"

Response

{
  "count": 33,
  "offset": 0,
  "next": 0,
  "total": 33,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Brevio AS",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": "Art Vandelay",
          "pid": null,
          "signed": true
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "third-party",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "email": "[email protected]",
        "officeAddress": "Gatevei 1313, 0561 Oslo"
      },
      "bankReviewedCompanySignatures": [
        {
          "reviewedBy": "Bob",
          "verified": true,
          "reviewedAt": "2022-10-03T11:00:23Z",
          "company": {
            "name": "ACME AS",
            "vatNo": "999999999",
            "country": "no"
          }
        }
      ]
    }
    // ...
  ]
}

2023-02-14

New parameters

Create audit request

Name	Type	Description
country	string	Adds required parameter `country` to top level param. A two letter ISO country code for where the VAT no belongs to
subsidiaries	List<Company>	Changed from list of VAT numbers to list of Company objects where `vatNo` and `country` are required per subsidiary.

POST /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '
    {
      "language": "nb",
      "vatNo": "999999999",
      "country": "no"
      "signees": [
        "[email protected]",
        "[email protected]",
        "[email protected]"
      ],
      "user": "[email protected]",
      "auditRequests": [
        {
          "bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
          "cutOffDate": "2022-12-31",
          "subsidiaries": [
            { vatNo: "999999998", country: "no" },
            { vatNo: "99999988", country: "fi" }
          ],
          "auditAccountNumbers": [
            {
              "accountNumber": "12341212345",
              "company": {
                "country": "no",
                "vatNo": "999888999"
              }
            }
          ]
        },
        // ...
      ]
    }
  '

List audit requests

Name	Type	Description
country	string	Adds country to Company for `company` and `subsidiaries`

GET /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "clientEmail": "[email protected]",
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "step": "client",
  "thirdParty": "DNB",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "vatNo": "999888999",
        "country": "no"
      }
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999",
    "country": "no" // New property
  },
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "pid": null,
      "signed": false
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doorknobs Oy",
      "vatNo": "99999988",
      "country": "fi" // New property
    }
  ],
  "user": {
    "name": "Arthur Auditor",
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]"
  }
}

Create lasting power of attorney

Name	Type	Description
country	string	Adds required parameter `country` to top level param. A two letter ISO country code for where the VAT no belongs to
subsidiaries	List<Company>	Changed from list of VAT numbers to list of Company objects where `vatNo` and `country` are required per subsidiary.

POST /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '
   {
      "endDate": "2025-11-24",
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "vatNo": "999999998",
      "country": "no",
      "subsidiaries": [
        { "vatNo": "999888777", "country": "no" },
        { "vatNo": "999888666", "country": "no" }
      ],
      "signees": ["[email protected]", "[email protected]"]
}
'

Response

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "endDate": "2025-11-24",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "test company 1",
      "vatNo": "999999996",
      "country": "no" // New property
    }
  ],
  "bank": {
    "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
    "name": "test",
    "hasLPA": true,
    "country": "no"
  },
  "company": {
    "name": "Test company",
    "vatNo": "999999998",
    "country": "no" // New property
  }
}

List lasting powers of attorneys

Name	Type	Description
companies	List<Company>	Replaces `vatNumbers` - Changed from list of VAT numbers to list of Company objects where `vatNo` and `country` are required per company.

GET /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d'
    {
      "companies": [{"vatNo": "999999999", "country": "no"}], # New property, replaces `vatNumbers`
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
    }'

New attributes

Name	Type	Description
accountNumbers	List<AccountNumber>	Changed `company` property in `accountNumbers` from a string containing the VAT number to a `Company` object with `vatNo` and `country`

Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "endDate": "2025-11-24",
    "signed": false,
    "language": "en",
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no" // New property
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no" // New property
    }
  }
]

2022-10-01

New attributes

Name	Type	Description
acccountNumbers	List<AccountNumber>	List of account numbers associated with the audit request.
company	Company	The main audit client
confirmation	Confirmation/null	Confirmation for the audit request. This field is `null` if the audit request has not been confirmed
signees	Signee[]	List of signees associated with the audit request
subsidiaries	List<Company>	List of subsidiaries associated with the audit request
user	User	The user associated with the sign request

Removed attributes

Name	Reason
acccountNumber	Audit requests can have multiple account numbers
auditor	The `user` keyword is more explicit
company	Replaces the string value with the `Company` object
companyName	Replaces the string value with the `Company` object
clientEmail	Audit requests can have multiple signees
daughterCompanies	Deprecated. Use `subsidiaries` instead
signee	Audit requests can have multiple signees
signeePID	Audit requests can have multiple signees

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2022-10-01"

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "clientEmail": "[email protected]",
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "step": "client",
  "thirdParty": "DNB",

  // New attributes
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": "999999999"
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "pid": null,
      "signed": false
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999999998"
    }
  ],
  "user": {
    "name": "Arthur Auditor",
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]"
  }
}

1.0

Attribute	Type	Description
token	String	Unique identifier
accountNumber	String	A single, verified bank account number for a particular company in a particular bank
attachments	List<String>	List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany	String	Name of the audit company to which the associated auditor of the audit request belongs
auditor	Auditor	The auditor associated with the request
clientEmail	String	Email address for the signee for the audit request
company	String	The VAT number of the main audit client
companyName	String	Audit client name, validated against the Norwegian company register
confirmation	List<String>	List of tokens used to uniquely identify an attachment uploaded as part of the confirmation
cutOffDate	Date	The end of the fiscal year for the associated audit client
daughterCompanies	List<String>	List of VAT numbers for subsidiaries associated with the audit request
language	String	The language used for the audit request.
lastUpdate	DateTime	Last time `step` was updated
manualReview	Boolean	Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template.
requestType	String	The type of the audit request.
sentToClient	Date	Date the audit request was first sent its signees
signee	String/null	The name of the person that has digitally signed the audit request, received from BankID. `Null` if the request has not been signed
signeePID	String/null	Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope `signee_pid`
step	String	The step in the audit request process the request is currently at. Valid values: `'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post'`
thirdParty	String	Name of the audit request's associated third party

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "accountNumber": "1232.20.12313",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "auditor": {
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]",
    "name": "Arthur Auditor"
  },
  "clientEmail": "[email protected]",
  "company": "999999999",
  "companyName": "ACME AS",
  "confirmation": [
    "3c2d6bb220754baecb477d894483b341a7affaf4d22b3df85e2afac3cea9789c",
    "139f8ad345b828c669b96d8b27a594cf6f0c9d43aae2ec244d73cda3bb155a31"
  ],
  "cutOffDate": "2022-12-31",
  "daughterCompanies": [],
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "signee": "Guybrush Threepwood",
  "step": "third-party",
  "subsidiaries": [],
  "thirdParty": "DNB"
}

Auditor

Attribute	Type	Description
address	String	Address for the user's physical office
email	String	Email address
name	String	User name verified by the national registry/SSO integration

Sign request

2023-02-14

New attributes - Create sign request

Added country as required parameter.

Name	Type	Description
country	String	Two letter ISO country code for where the VAT number belongs to. Valid values: `'no'`, `'se'`, `'dk'`, `'fi'`

POST /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d'{
    "vatNo": "999999999",
    "country": "no", # New paramater
    "signees": [
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 2
      }
    ],
    "language": "nb",
    "dueDays": 14,
    "message": "Sign request message",
    "user": "[email protected]",
    "attachments": [
      {
        "token": "0126a84017de0e70b6440820decbb565",
        "title": "Auditor report"
      },
      {
        "token": "95df519c2f4d5bf3040bab3e7a730f60",
        "title": "Engagement Letter",
        "template": "f7c2e7b859862ac29650bd098dfedfb6"
      }
    ]
    }'

New attributes - List all sign request

Added country as required parameter and added country to Company return object.

Name	Type	Description
country	String	Two letter ISO country code for where the VAT number belongs to. Valid values: `'no'`, `'se'`, `'dk'`, `'fi'`

GET /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '{
        "vatNo": "999999999",
        "country": "no" # New required parameter
      }'

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no" // New property
      },
      "dueDate": "2022-11-13",
      "dueDays": 30,
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sent": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign"
    }
  ]
}

New attributes - List all updated sign request

Added country to Company object

Name	Type	Description
country	String	Two letter ISO country code for where the VAT number belongs to. Valid values: `'no'`, `'se'`, `'dk'`, `'fi'`

GET /v1/sign/sign-requests/updates

$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '{"fromDate": "2022-01-01"}'

Response

{
  "count": 13,
  "offset": 0,
  "next": 0,
  "total": 13,
  "requests": [
    {
      "token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
      "attachments": [
        {
          "token": "b26859539b1e671d6fd96e71eb2cabc2",
          "filename": "auditor-report-2022.pdf",
          "signedPDF": false,
          "title": "Auditor report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no" // New property
      },
      "dueDate": "2022-01-31",
      "dueDays": 30,
      "lastUpdate": "2022-01-01T13:06:15Z",
      "sent": "2022-01-01T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        }
      ],
      "step": "sign"
    }
  ]
}

2022-10-01

New attributes

Renamed signee fields signeePID and signedName to pid and name respectively.

Name	Type	Description
company	Company	The company associated with the sign request
sentAt	DateTime	Date and time sign request was sent to all signees
user	User	The user associated with the sign request

Removed attributes

Name	Reason
company	Replaces the string value with the `Company` object
sent	Use `sentAt` instead

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2022-10-01"

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "step": "sign",

  // New attributes
  "sentAt": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "signed": false,
      "signedAt": null,
      "pid": null
    },
    {
      "email": "[email protected]",
      "name": "Ford Prefect",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "pid": null
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "99999999"
  },
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  }
}

Errors

The Brevio APIs use the following error codes.

Code	Description
400	Bad request - The request is invalid.
401	Unauthorized - Your API credentials are wrong, or you do not have access to this resource.
404	Not found - The specified resource could not be found.
500	Internal server error - We experienced an internal error. If the error persists, please contact us.

Response

{
  "status": 400,
  "message": "Bad request: vatNo is missing"
}