NAV

Introduction

The Brevio API is organized around REST.

Currently our APIs offer insight into data from the following services:

Once you have registered a new API user, you'll have access to our staging environment after a validation of your associated bank or audit company.

Once you have tested and verified your integration, you are ready to go through the process of accessing our production environment and your data. To begin this process, please contact us.

Parameters

$ curl "https://api.brevio.com/v1/some-endpoint"
  -H "Content-Type: application/json"
  -d '{ "param": "value", "param2": "value2" }'

Query string

$ curl "https://api.brevio.com/v1/some-endpoint?param=value&param=value2"
  -H "Content-Type: application/json"

For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:

For POST requests, parameters not included in the URL should be encoded as JSON with a Content-Type of application/json unless otherwise noted.

All parameters are noted as such.

Dates and DateTimes

All responses from our APIs are native values (e.g. integers, strings, and arrays of native values). Response attributes defined as Date or DateTime are ISO8601 compliant string representations for these values. e.g. 2022-01-01 and 2022-01-01T00:00:00Z respectively.

Environments

The Brevio APIs are available in two separate environments:

To test your integration you should first authenticate against the staging environment - the production environment won't be available to your registered user until you have signed an API license deal. To begin this process, please contact us.

Versioning

Specifying version header

$ curl "https://api.brevio.com/v1/some-endpoint"
  -H "Content-Type: application/json"
  -H "Brevio-Version: 2023-10-04"
  -d '{ "param": "value", "param2": "value2" }'

When backwards-incompatible changes are made to the API, a new, dated version is released. The current version is 2023-10-04. To see all API updates, view the changelog.

All requests use your account API settings, unless you override the API version. To set the API version for a specific request, send a Brevio-Version header.

Unless otherwise noted, all documentation examples use the latest API version. If your payload differs from the documentation, you have a different API version in your account API settings.

After using the Brevio-Version header to test your integration against the latest API version, please contact us to upgrade your account API settings.

Authentication

To ensure the Brevio APIs adhere to the latest security standards we utilise Oauth 2.0 to authenticate and authorize API clients.

We use the "client_credentials" grant flow from the Oauth 2.0 specification to authorize access to API endpoints.

If you want to authenticate against our staging environment all you have to do is register a new API user to begin the process described below.

Credentials

Once you've registered a new user you will be given a client_id and a client_secret. These will be used to retrieve access tokens, based upon which scope you have access to.

Scopes

Name Note
audit_company Can access both Brevio Confirm and Brevio Sign.
bank Can only access Brevio Confirm.
signature_right Grants access to the Signature Rights API.
signee_pid Grants access to view the personal ID (PID) of a signee.
vendor Grants access to create sign requests on behalf of a costumer.

All scopes are validated by when creating an API client.

The signature_right, signee_pid, and vendor scopes require specific access. Please contact us for more information.

Access tokens

We use bearer tokens to verify access to all Brevio API endpoints. Access tokens are generated by passing a base64 encoded valid client_id and client_secret combination to the access token creation endpoint.

Create access token

POST /auth/token

$ curl "https://api.brevio.com/auth/token"
  -H "Authorization: Basic ${base64_encoded_client_id_and_secret}"
  -d '{ "grant_type": "client_credentials", "scope": "bank" }'

To retrieve an access token you need to base64 encode your client_id and client_secret and pass them to the Basic authentication scheme.

You also need to specify the grant_type to be client_credentials, as well as specify the scope your client has access to.

Parameters

Name Type Description
grant_type String Must be client_credentials
scope Scope audit_company, bank, signature_right, signee_pid, vendor

Returns

Response

{
  "access_token": "tLUowHOUa2dmanlU_pr9WazuI_ubjRNoXMBeg_jzCo0",
  "token_type": "Bearer",
  "expires_in": 1209600,
  "scope": "audit_company signature_right",
  "created_at": 1665131755,
  "api_version": "2023-10-04"
}

Returns a valid access token for the given scope(s). The access token will indicate which API version the token is valid for.

Brevio Confirm API

The Confirm API grants your authorized API client access to data associated with its entity (e.g. bank or audit company) in the Brevio Confirm service.

Confirm API core resources

Below are listed all the core resources for the Brevio Confirm API.

Audit request

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "country": "no",
        "name": "ACME AS",
        "vatNo": "999999999"
      }
    }
  ],
  "attachments": [],
  "auditCompany": "Brevio AS",
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999",
    "country": "no"
  },
  "confirmation": {
    "attachments": [
      "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "a4c60323af9e76bb9877a75631dd6a51d62db93929a223ac4d91eacabf2bda1a"
    ],
    "sentAt": "2023-01-01"
  },
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "lastingPowerOfAttorney": null,
  "manualReview": false, // bank only
  "requestType": "bank",
  "sentToClientAt": "2022-10-01",
  "signatureReviews": [
    // bank only
    {
      "reviewedBy": "Bob Odenkirk",
      "verified": true,
      "reviewedAt": "2022-10-03T11:00:23Z",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      }
    }
  ],
  "signees": [
    {
      "email": "[email protected]",
      "name": "Arthur Dent",
      "pid": null,
      "signed": true
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "startedProcessing": true, // bank only
  "step": "received",
  "subsidiaries": [
    {
      "name": "ACME Doorknobs Oy",
      "vatNo": "99999988",
      "country": "fi"
    }
  ],
  "subType": null,
  "thirdParty": "DNB",
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  }
}

This object represents a single request for a confirmation from a third party for a particular audit client. A third party can be either a bank, lawyer, supplier, or client.

Each audit request pertains to exactly one audit client (company), and any number of subsidiaries (subsidiaries).

Attribute Type Description
token String Unique identifier
acccountNumbers List<AccountNumber> List of account numbers associated with the audit request.
attachments List<String> List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany String Name of the audit company to which the associated auditor of the audit request belongs
bank Bank The bank associated with this audit request.
company Company The main audit client.
confirmation Confirmation Confirmation for the audit request. This field is null if the audit request has not been confirmed.
cutOffDate Date The end of the fiscal year for the associated audit client.
invoiceReference String ID used for internal reference at the audit company. This field is null if the audit company does not have this setting enabled.
language String The language used for the audit request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
lastUpdate DateTime When was the audit request last updated?
lastingPowerOfAttorney LastingPowerOfAttorney Lasting power of attorney (LPA) associated with this request. This field is null if the audit request has no associated LPA, or if the request is not a bank request.
requestType String Valid valies: bank, client, lawyer, supplier.
sentToClientAt Date Date the audit request was first sent its signees.
signees List<Signee> List of signees associated with the audit request.
step String Valid values: started, client, needs-validation, third-party, received, cancelled, archived, post.
subsidiaries List<Company> List of subsidiaries associated with the audit request.
subType String Valid values: completeness, existence. This field is null unless the audit request has the client or supplier request type.
thirdParty String Name of the audit request's associated third party.
user User The auditor associated with the audit request.

Bank-only attributes

Attribute Type  Description
manualReview Boolean An audit request requires manual review in cases where the auditor has made changes to the standard template.
signatureReviews List<SignatureReview> List of signature reviews for the audit request. Only available if the bank has enabled signature reviews.
startedProcessing Boolean A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags.

Bank

Bank

{
  "token": "042172ae-9e59-4b8e-910f-3f707a727659",
  "country": "no",
  "disabled": false,
  "hasLPA": true,
  "lpaType": "specific",
  "name": "DNB"
}

This object represents a bank. You can retrieve it to view information about the bank when creating new audit requests or lasting powers of attorney.

Attribute Type Description
token String Unique identifier
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
disabled Boolean Disabled banks cannot receive new audit requests, but they can have existing requests sent before they were disabled.
hasLPA Boolean Does this bank support lasting powers of attorney (LPAs)?
lpaType String Valid values: none, specific, generic.
name String The name of the bank. Not guaranteed to be unique.

Confirmation

Confirmation

{
  "attachments": [
    "9e9f430c1d8e8716ae71d6311fb76e4534fd4959e8b2299d505afcfafd32c60d",
    "b82c013b8e3f9ae73352500d322a39538b269938bc9737e5f2a4d9df240d3e38"
  ],
  "sentAt": "2023-01-01T08:03:01Z"
}

This object represents a confirmation for an audit request.

Attribute Type Description
attachments List<String> List of tokens used to uniquely identify an attachment associated with the confirmation.
sentAt DateTime Timestamp of when the third party sent the confirmation.

Lasting power of attorney

Lasting power of attorney

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "attachment": null,
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999998"
  },
  "fromDate": null,
  "language": "en",
  "lpaType": "specific",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doors AS",
      "vatNo": "999999998",
      "country": "no"
    },
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999999997",
      "country": "no"
    }
  ]
}

This object represents a lasting power of attorney (LPA) - powers of attorney which remain valid for several audit seasons. Audit requests can use LPAs on behalf of audit clients for consecutive seasons until they are revoked.

LPAs must first be signed before they become active. When an audit request uses a signed LPA, the requests are sent directly to their respective third parties.

LPAs come in two distinct flavours:

Attribute Type Description
token String Unique identifier.
attachment String Unique identifier for the signed power of attorney (PDF). null if the LPA is not signed.
bank Bank The bank associated with this LPA. This field is null if the LPA type is generic.
company Company The main company assocaited with this LPA.
fromDate Date The date which this LPA was activated. This field is null if the LPA is not signed.
language String The language used for the LPA. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
lpaType String Valid values: generic, specific.
signed Boolean Has this LPA been signed?
signees List<Signee> List of signees associated with the LPA.
subsidiaries List<Company> List of subsidiaries associated with the LPA.

Manual audit request

Manual audit request

{
  "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "country": "no",
        "name": "ACME AS",
        "vatNo": "999999999"
      }
    }
  ],
  "attachments": [
    "228ed0e06e78413fdba88cea02cdce69eb339946b13af5dbb8172a7c92af76d7"
  ],
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "completedAt": null,
  "confirmation": null,
  "cutOffDate": "2023-12-31",
  "language": "en",
  "sentToPaymentAt": null,
  "sentToThirdPartyAt": null,
  "signatureReviews": [],
  "startedProcessing": false,
  "step": "started",
  "user": {
    "company": "Dent Audit Oy",
    "country": "fi",
    "email": "[email protected]",
    "firstName": "Arthur",
    "ISD": "+358",
    "lastName": "Dent",
    "phone": "501234567"
  }
}

This object represents an audit request which is initiated outside of Brevio. Auditors without a Brevio account can create manual audit request through a web interface provided by banks.

The bank can then confirm received manual audit requests in a predictable manner.

When manual audit requests are confirmed by their respective banks, the external auditor receives an email with a link to a downloadable, password-protected ZIP file containing the confirmation. The password for the ZIP file is sent to the auditor by SMS.

Attribute Type Description
token String Unique identifier.
acccountNumbers List<AccountNumber> List of account numbers associated with the audit request.
attachments List<String> List of tokens used to uniquely identify an attachment associated with the audit request.
bank Bank The bank associated with this audit request.
company Company The main audit client.
completedAt DateTime When was the audit request completed?
confirmation Confirmation Confirmation for the audit request. This field is null if the audit request has not been confirmed.
cutOffDate Date The end of the fiscal year for the associated audit client.
language String The language used for the audit request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
sentToPaymentAt DateTime When was the audit request sent to payment?
sentToThirdPartyAt DateTime When was the audit request sent to the bank?
signatureReviews List<SignatureReview> List of signature reviews for the audit request. Only available if the bank has enabled signature reviews.
startedProcessing Boolean A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags.
step String Valid values: started, awaiting_payment, sent_to_third_party, completed.
user ManualUser The auditor associated with the audit request.

Other resources

Account number

Account number

{
  "accountNumber": "1232.20.12313",
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999999"
  }
}

This object represents a filled-in (by either the audit client or the auditor) account number which the associated bank uses to charge its fee for producing a confirmation.

Attribute Type Description
accountNumber String A single, verified bank account number for a particular company in a particular bank.
company Company The company associated with this account number.

Company

Company

{
  "country": "no",
  "name": "ACME AS",
  "vatNo": "999999999"
}
Attribute Type Description
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
name String The company name as registered in the national registry for the company's country of operation.
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.

Manual user

Manual user

{
  "company": "Dent Audit Oy",
  "country": "fi",
  "email": "[email protected]",
  "firstName": "Arthur",
  "ISD": "+358",
  "lastName": "Dent",
  "phone": "501234567"
}
Attribute Type Description
company String Name of the user's audit company.
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
email String  The user's email address.
firstName String  The user's given name.
ISD String  The international subscriber dialing (ISD) code for the user's phone number ( +47 for Norway).
lastName String  The user's family name.
phone String  The user's phone number.

Signature review

Signature review

{
  "company": {
    "country": "no",
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "reviewedAt": "2022-10-03T11:00:23Z",
  "reviewedBy": "Bob Odenkirk",
  "verified": true
}

This object represents a signature review performed by a bank. Only banks that have enabled signature reviews in their settings can reject/verify digital signatures.

Name Type Description
company Company The company associated with the signature.
reviewedAt DateTime When was the review performed? This field is null if the review has not yet taken place.
reviewedBy String Who performed the review? This field is null if the review has not yet taken place.
verified Boolean Was the signature rejected or verified?

Signee

Signee

{
  "email": "[email protected]",
  "name": "Guybrush Threepwood",
  "pid": null,
  "signed": true
}

This object represents a signee. If the API client authenticated in the API request has the signee_pid scope, they can view the signee's Personal ID (PID).

Please contact us for more information.

Attribute Type Description
email String Email address of the signee.
name String Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is null if the signee has not signed.
pid String Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is null unless the API client has the signee_pid scope enabled.
signed Boolean Has the signee signed yet?

User

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}

This object represents the auditor responsible for the audit request.

Attribute Type Description
address String Address for the user's physical office.
email String The user's email address.
name  String  Name verified by the national registry/SSO integration.

Common endpoints

Lists all common endpoints which can be called by both audit companies and banks.

Download attachment

POST /v1/confirm/attachments/:token/signed-url

$ curl "https://api.brevio.com/v1/confirm/attachments/:token/signed-url"
  -H "Authorization: Bearer ${token}"

Generates a short-lived (24 hours) signed URL in accordance with information security best practices to download the attachment identified by the given token.

The attachments can be PDFs, images, Microsoft Office files (.xlsx etc.) and XML files.

Scopes

audit_company, bank

Parameters

None.

Returns

Response

{
  "filename": "signed-power-of-attorney.pdf",
  "url": "https://cdn.brevio.com/signed-power-of-attorney.pdf"
}

Returns a dictionary with a name field indicating the filename of the attachment, and an url field containing the signed URL.

Audit company endpoints

Lists all API endpoints only available to audit companies.

Create audit requests

POST /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '
    {
      "language": "nb",
      "vatNo": "999999999",
      "country": "no"
      "signees": [
        "[email protected]",
        "[email protected]",
        "[email protected]"
      ],
      "user": "[email protected]",
      "auditRequests": [
        {
          "bank": "042172ae-9e59-4b8e-910f-3f707a727659",
          "cutOffDate": "2022-12-31",
          "subsidiaries": [
            { vatNo: "999999998", country: "no" },
            { vatNo: "99999988", country: "fi" }
          ]
        }
      ]
    }
  '

Creates one or more audit requests for an audit client (identified by the vatNo and country parameters) to a list of signees (defined in the signees parameter).

Returns a list of tokens used to uniquely identify the created audit requests and a boolean flag indicating whether the audit requests were sent or not.

Scopes

audit_company

Parameters

Name Type Description
auditRequests
List<>
See audit requests for details.
country String Which country is the main audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
language String The language used for the email sent to the audit client and the digital signing process. Valid values: da, en, nb, sv.
user String Email address used to uniquely identify a user in the audit company. If the user is already registered in Brevio, the audit request will instantly show up in their dashboard. If they're not registered they will receive an email notifying them that they have been assigned to an audit request.
vatNo String VAT number for the main audit client. Will be validated against the national registry for the country defined in the country parameter.
signees List<String> List of email addresses for all signees that need to digitally sign the audit request. This field is if lasting powers of attorney are not included for all audit requests.

Audit requests

Audit requests

[
  {
    "bank": "dea270bd-9110-4b54-84bc-c2ecee3cc77c",
    "cutOffDate": "2023-12-31",
    "lpa": "2915823c-ae10-46b5-98d8-1677801d7361",
    "subsidiaries": [
      { "vatNo": "999999998", "country": "no" },
      { "vatNo": "99999988", "country": "fi" }
    ]
  },
  {
    "cutOffDate": "2023-12-31",
    "language": "en",
    "requestType": "lawyer",
    "thirdPartyEmail": "[email protected]",
    "thirdPartyRecipient": "Bob Loblaw"
  }
  // ...
]

List of each individal audit request sent on behalf of the audit client to the signees. parameters need only be present for matching request types (if specified in the description).

Name Type Description
bank String Only applies to bank requests. Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers.
cutOffDate String ISO8601 date string representing the end of the fiscal year for the audit client.
thirdPartyEmail String Does not apply to bank requests. Email of the third party for which a confirmation is requested.
thirdPartyRecipient String Does not apply to bank requests. Name of third party for which a confirmation is requested.
accountNumbers List<> Only applies to bank requests. See account numbers for details.
balance Only applies to client or supplier requests. See balance for details.
language String Language for the audit request. This also sets the language for the confirmation process. Valid values: da, en, nb, sv. Defaults to nb.
lpa String Only aplpies to bank requests. Unique token for a lasting power of attorney (LPA). See endpoint for listing LPAs to retrieve identifiers.
reminder Boolean Should the audit request generate emails to audit clients and third parties if they are not responded to in a timely fashion? Defaults to true.
requestType String Valid values: lawyer, bank, supplier, client. Defaults to bank.
subsidiaries List<> Only applies to bank or lawyer requests. List of subsidiary companies for which the audit request pertains. See company for details.

Account numbers

Account number

{
  "accountNumber": "1288.56.24131",
  "company": {
    "vatNo": "999999999",
    "country": "no"
  }
}

A list of account numbers for a particular bank (defined in the audit request parameters) and a particular company.

Attribute Type Description
accountNumber String A single, formatted bank account number for a particular company in a particular bank.
company See company for details.

Balance

Balance

{
  "amount": "5000",
  "currency": "USD"
}

Audit requests with the existence sub type need to provide a balance against which the confirmation is compared.

Name Type Description
amount String The amount you wish the client or supplier to verify.
currency String Currency code adhering to the ISO 4217 standard.

Company

Company

{
  "country": "no",
  "vatNo": "999999999"
}

Companies are present in the parameters for both account numbers and subsidiaries.

Name Type Description
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.

Returns

Response

{
  "tokens": [
    "616f6a6e7c4c5a3067afff6e6cd4ab0b4b889dfc922ef0f767d8a4d7cb7eddb0",
    "11abefac8cc529470fc8f1b73db29598cc49e51e049e158b68e4fe8ce5fb8628",
    "1f8c6c2b24ea3b7d51ec802a6c1396ef1c35edc7d3cd184693dbf0a617824cfa"
  ],
  "sent": true // if false, the user has received an email prompting them to register a Brevio account and authenticate through their national registry/SSO.
}

Returns a dictionary with two keys: tokens and sent. The tokens uniquely identify each created audit request, and the sent flag indicates whether the audit requests were sent to their respective clients or not.

List all audit requests

GET /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '{ "vatNo": "999999999", "country": "no" }'

Returns a paginated list for all audit requests for the audit company authenticated in the API request, filtered by audit client (and optionally request type).

The response contains at most 50 audit requests. To access all audit requests (in cases where there are more than 50) you have to paginate through the results.

Scopes

audit_company

Parameters

Name Type Description
vatNo String VAT number for the audit client.
country String Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
offset Integer The offset used for pagination
requestType String Valid values: bank, client, lawyer, supplier.

Returns

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Audit company AS",
      "bank": {
        "token": "042172ae-9e59-4b8e-910f-3f707a727659",
        "country": "no",
        "disabled": false,
        "hasLPA": true,
        "lpaType": "specific",
        "name": "DNB"
      },
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2023-12-31",
      "language": "nb",
      "lastUpdate": "2023-10-02T11:53:23Z",
      "requestType": "bank",
      "sentToClient": "2023-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "client",
      "subsidiaries": [],
      "subType": null,
      "thirdParty": "DNB",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Returns a paginated list of all audit requests for the audit company authenticated in the API request, filtered by VAT number, country, and optionally request type.

Finalize audit request

POST /v1/confirm/audit-requests/finalize

$ curl "https://api.brevio.com/v1/confirm/audit-requests/finalize"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "tokens": [
        "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
        "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
        "fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
      ]
    }'

Marks a set of audit requests, identified by their unique tokens, as received by the auditor outside of Brevio.

A maximum of 10 audit request tokens are allowed with each request.

Scopes

audit_company

Parameters

Name Type Description
tokens List<String> The list of audit request tokens identifying which audit requests to finalize.

Returns

Response

{
  "successful": [
    "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
    "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
  ],
  "failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}

Returns a dictionary with two keys: successful containing a list of audit request tokens which were finalized, and failed, which is a list of audit request tokens which failed during finalization.

List all banks

GET /v1/confirm/banks

$ curl "https://api.brevio.com/v1/confirm/banks"
  -H "Authorization: Bearer ${token}"

Returns a list of all supported banks.

Scopes

audit_company

Parameters

None.

Returns

Response

[
  {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  }
  // ...
]

Returns a list of all supported banks.

Create lasting power of attorney

POST /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -d '
   {
      "bank": "042172ae-9e59-4b8e-910f-3f707a727659",
      "vatNo": "999999998",
      "country": "no",
      "subsidiaries": [
        { "vatNo": "999888777", "country": "no" },
        { "vatNo": "999888666", "country": "no" }
      ],
      "signees": ["[email protected]", "[email protected]"]
}
'

Creates a new lsating power of attorney (LPA).

LPAs must be signed before they become usable, so the first time the newly created LPA is used with an audit request, it is sent to its signees. Once the LPA has been signed, it can be re-used for subsequent audit seasons, and sent directly to the bank.

Returns the created LPA.

Scopes

audit_company

Parameters

Name Type Description
country String Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
vatNo String The VAT number for the company. Will be validated against the national registry for the country defined in the country parameter.
bank String Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers.
language String Language for the LPA. Valid values: da, en, nb, sv. Defaults to en.
subsidiaries List<> List of subsidiary companies which the LPA covers. See company for details.
signees List<String> List of email addresses for all signees that need to digitally sign the audit request. This field is required if lasting powers of attorney is not included for all audit requests.

Company

Name Type Description
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.

Returns

Response

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "attachment": null,
  "bank": {
    "token": "042172ae-9e59-4b8e-910f-3f707a727659",
    "country": "no",
    "disabled": false,
    "hasLPA": true,
    "lpaType": "specific",
    "name": "DNB"
  },
  "company": {
    "name": "ACME AS",
    "vatNo": "999999998",
    "country": "no"
  },
  "fromDate": null,
  "lpaType": "specific",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doors AS",
      "vatNo": "999888777",
      "country": "no"
    },
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999888666",
      "country": "no"
    }
  ]
}

Returns a dictionary with information about the created LPA. See the LPA resource documentation for details.

List all lasting powers of attorney

GET /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -d'
    {
      "companies": [{"vatNo": "999999999", "country": "no"}],
      "bank": "4a2f6327-7838-4e60-a84d-77a9de2842ae"
    }'

Returns a filtered list of all lasting powers of attorney (LPA).

The list can be filtered by either unique identifiers (the tokens parameter), or by a combination of banks and companies.

if the tokens parameter is present, all other parameters are ignored.

If both banks and companies parameters are present, the result will only contain specific LPAs for the given banks and companies.

If only the companies parameter is present, the result will only containgeneric LPAs for the passed companies.

Scopes

audit_company

Parameters

Name Type Description
bank String Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers. Can only be used alongside the companies parameter.
companies List<> See companies for details.
tokens List<String> Unique identifiers for existing LPAs.
Companies

A list of companies to filter the LPAs by.

Name Type Description
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.

Returns

Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "attachment": null,
    "bank": {
      "token": "fbbe6f42-3c24-4964-9444-7c43d579a5e6",
      "country": "no",
      "hasLPA": true,
      "lpaType": "specific",
      "name": "Bank"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    },
    "fromDate": null,
    "language": "en",
    "lpaType": "specific",
    "signed": false,
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ]
  },
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b3",
    "attachment": "e7a064b36b6f63c07d7d5c27b2d32dfb",
    "bank": {
      "token": "3f3e7a14-0d80-4fb4-b998-7a96cb27e8e8",
      "country": "no",
      "hasLPA": true,
      "lpaType": "specific",
      "name": "Other Bank"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    },
    "fromDate": "2023-10-01",
    "language": "en",
    "lpaType": "specific",
    "signed": true,
    "signees": [
      {
        "name": "Arthur Dent",
        "signed": true,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ]
  }
]

Returns a list of LPAs for the audit company authenticated in the API request, filtered by the given parameters.

Bank endpoints

Lists all API endpoints only available to banks.

The endpoints are separated into two main areas:

List all pending audit requests

GET /v1/confirm/audit-requests/third-party

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party"
  -H "Authorization: Bearer ${token}"

Returns a paginated list for all audit requests that have been digitally signed and are awaiting confirmation from the bank authenticated in the API request.

Scopes

bank

Parameters

Name Type Description
offset Integer The offset used for pagination
processing Boolean Optional flag to filter results by whether the bank has begun processing the audit request.

Returns

Response

{
  "count": 33,
  "offset": 0,
  "next": 0,
  "total": 33,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [
        "9d60416a969378df27e7ca0122d42a7cecd02c37f1e7526cff7e549d8376690c"
      ],
      "auditCompany": "Brevio AS",
      "bank": {
        "token": "042172ae-9e59-4b8e-910f-3f707a727659",
        "country": "no",
        "disabled": false,
        "hasLPA": true,
        "lpaType": "specific",
        "name": "DNB"
      },
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      // Only available to banks which have enabled this setting
      "signatureReviews": [
        {
          "reviewedBy": "Bob",
          "verified": true,
          "reviewedAt": "2022-10-03T11:00:23Z",
          "company": {
            "name": "ACME AS",
            "vatNo": "999999999",
            "country": "no"
          }
        }
      ],
      "signees": [
        {
          "email": "[email protected]",
          "name": "Art Vandelay",
          "pid": null,
          "signed": true
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      // Only available to banks which have enabled this setting
      "startedProcessing": false,
      "step": "third-party",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Returns a paginated list of pending audit requests for the bank authenticated in the API request.

Set processing flag for audit requests

POST /v1/confirm/audit-requests/third-party/processing

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party/processing"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "tokens": [
        "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
        "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
        "fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
      ]
    }'

Marks a set of audit requests, identified by their unique tokens, as having begun processing by the bank authenticated in the API request.

Scopes

bank

Parameters

Name Type Description
tokens List<String> The list of audit request tokens indicating which audit requests to update.

Returns

Response

{
  "successful": [
    "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
    "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
  ],
  "failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}

Returns a dictionary with two keys: successful containing a list of audit request tokens which were successfully set as started processing, and failed for which the operation failed.

Upload attachments to a confirmation

POST /v1/confirm/audit-requests/:token/confirmations/upload

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/upload"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[]=@confirmation.pdf
  -F attachments[]=@confirmation-2.pdf
  -F attachments[]=@confirmation-3.pdf

Uploads one or more files for the confirmation of an audit request, identified by the given token. A maximum amount of five attachments are allowed to avoid timing out.

This API request does not finalize the audit request - this is only done by sending a confirmation.

Scopes

bank

Parameters

Name Type Description
attachments List<File> List of files to be added to the confirmation (at most five per request).

Returns

Response

{ "message": "Uploaded 3 attachments" }

Returns a message indicating the number of attachments uploaded.

Finalize erroneous audit request with comment

POST /v1/confirm/audit-requests/:token/confirmations/comment

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/comment"
  -H "Authorization: Bearer ${token}"
  -d '{ "comment": "The client (999999998) is not a customer of our bank" }'

Marks an audit request, identified by the given token, as finalized and sent in error.

This is the case if an auditor has sent an audit request to a bank for a client (or subsidiary) which isn't a customer of the bank. The bank must provide an explanatory comment (maximum 200 characters).

Once the comment has been sent, the auditor will receive a notification that the audit request has been finalized.

Scopes

bank

Parameters

Name Type Description
comment String Comment clarifying why the audit request was sent in error (maximum 200 characters).

Returns

Response

{ "message": "Audit request completed and notification sent to auditor" }

Returns a textual message indicating that the operation was successful.

Send confirmation for audit request

POST /v1/confirm/audit-requests/:token/confirmations

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[]=@confirmation.pdf
  -F attachments[]=@confirmation-2.pdf
  -F attachments[]=@confirmation-3.pdf

Sends a confirmation for an audit request identified by the given token, finalizing it. This is the only way to send a confirmation through the API.

A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).

If you have previously attached all required files, you can omit the attachments parameter from this API request.

Scopes

bank

Parameters

Name Type Description
attachments List<File> List of files to be added to the confirmation (at most five).

Returns

Response

{
  "token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
  "step": "received"
}

Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL, and step contains the current step of the audit request process for the audit request. This latter value should be received if nothing went wrong.

Create manual audit request

POST /v1/confirm/manual-audit-requests

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '
      {
        "accountNumber": "1234.12.12345",
        "company": {
          "name": "Blaylock Mining",
          "vatNo": "123456789",
          "country": "no"
        },
        "cutOffDate": "2022-12-31",
        "language": "nb",
        "user": {
          "firstName": "Doc",
          "lastName": "Holiday",
          "email": "[email protected]",
          "company": "Tombstone Bookkeeping",
          "phone": "99889988",
          "ISD": "+47",
          "country": "no"
        },
      }
    '

Creates a manual audit request for an audient client (company) for the bank authenticated in the API request.

Returns an object representing the manual audit request.

Scopes

bank

Parameters

Name Type Description
company The audit client for the audit request. See company for details.
cutOffDate String ISO8601 date string representing the end of the fiscal year for the audit client.
user The auditor initiating the audit request via the bank authenticated in the API request. See user for details.
language String Language for the audit request. This also sets the language for the confirmation process. Valid values: da, en, nb, sv.
accountNumber String A single, verified account number for a particular company in the bank authenticated in the API request.
Company
Name Type Description
name String The name of the audit client.
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.

User

Name Type Description
company String Name of the user's audit company.
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
email String  The user's email address.
firstName String  The user's given name.
ISD String  The international subscriber dialing (ISD) code for the user's phone number ( +47 for Norway).
lastName String  The user's family name.
phone String  The user's phone number.

Returns

Response

{
  "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
  "accountNumbers": [
    {
      "accountNumber": "1234.12.12345",
      "company": {
        "name": "Blaylock Mining",
        "vatNo": "123456789",
        "country": "no"
      }
    }
  ],
  "attachments": [],
  "company": {
    "country": "no",
    "vatNo": "999999999",
    "name": "ACME AS"
  },
  "completedAt": null,
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "sentToPaymentAt": null,
  "sentToThirdPartyAt": null,
  "step": "started",
  "user": {
    "company": "Tombstone Bookkeeping",
    "country": "no",
    "email": "[email protected]",
    "ISD": "+47",
    "firstName": "Doc",
    "lastName": "Holiday",
    "phone": "99889988"
  }
}

Returns a dictionary representing the created manual audit request.

The token is used to upload attachments, and finally send to send the manual audit request to the bank.

Upload attachment to manual audit request

POST /v1/confirm/manual-audit-requests/:token/attachments

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/attachments"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachment=@power_of_attorney.pdf

Uploads an attachment to a manual audit request, identified by the given token.

This endpoint associates the attachment with the audit request itself (usually a signed power of attorney). To upload an attachment to the confirmation, see upload attachment to confirmation.

Scopes

bank

Parameters

Name Type Description
attachment File The file to be attached to the manual audit request.

Returns

Response

{ "message": "Successfully uploaded attachment" }

Returns a message indicating the upload succeeded.

Send manual audit request

POST /v1/confirm/manual-audit-requests/:token/send

$ curl  "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/send"
  -H "Authorization: Bearer ${token}"

Starts a payment flow for the manual audit request, after which it is sent to the bank.

An email with a Stripe payment link is sent to the user. Once payment is fulfilled, the audit request is sent to the bank.

Scopes

bank

Returns

Response

{
  "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
  "accountNumbers": [
    {
      "accountNumber": "1234.12.12345",
      "company": {
        "name": "Blaylock Mining",
        "vatNo": "123456789",
        "country": "no"
      }
    }
  ],
  "company": {
    "country": "no",
    "vatNo": "999999999",
    "name": "ACME AS"
  },
  "completedAt": null,
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "sentToPaymentAt": "2023-06-06T08:58:12.660Z"
  "sentToThirdPartyAt": null,
  "step": "awaiting_payment",
  "user": {
    "company": "Tombstone Bookkeeping",
    "country": "no",
    "email": "[email protected]",
    "ISD": "+47",
    "firstName": "Doc",
    "lastName": "Holiday",
    "phone": "99889988"
  }
}

Returns a dictionary representing the updated manual audit request.

The fields step should be awaiting_payment, and sentToPaymentAt should not be null.

List all pending manual audit requests

GET /v1/confirm/manual-audit-requests/third-party

$ curl  "https://api.brevio.com/v1/confirm/manual-audit-requests/third-party"
  -H "Authorization: Bearer ${token}"
  -d 'signatureReviews=true'

Returns a paginated list for all manual audit requests that are awaiting confirmation form the bank authenticated in the API request.

Scopes

bank

Parameters

Name Type Description
offset Integer The offset used for pagination
signatureReviews Boolean Include signature reviews in the payload?
processing Boolean Include processing flag in the payload?

Returns

Response

{
  "count": 50,
  "total": 97,
  "next": 50,
  "offset": 0,
  "requests": [
    {
      "token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
      "accountNumbers": [
        {
          "accountNumber": "1234.12.12345",
          "company": {
            "name": "Blaylock Mining",
            "vatNo": "123456789",
            "country": "no"
          }
        }
      ],
      "attachments": [
        "3928799b6a48a541173d66b53e72b078df10a58b3dcda6819141bdf9f9f7fbd9",
        "0427282d9b69610a23eedebb995ef396db8e847c55ec903e1d6d77e50e1a64e8"
      ],
      "company": {
        "country": "no",
        "vatNo": "999999999",
        "name": "ACME AS"
      },
      "completedAt": null,
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "sentToPaymentAt": null,
      "sentToThirdPartyAt": null,
      "signatureReviews": {
        "reviewedBy": "Johnny Ringo",
        "verified": true,
        "reviewedAt": "2023-07-03T14:36:55.608Z",
        "company": {
          "name": "Blaylock Mining",
          "vatNo": "123456789",
          "country": "no"
        }
      },
      "step": "started",
      "user": {
        "company": "Tombstone Bookkeeping",
        "country": "no",
        "email": "[email protected]",
        "ISD": "+47",
        "firstName": "Doc",
        "lastName": "Holiday",
        "phone": "99889988"
      }
    }
    // ...
  ]
}

Returns a paginated list of manual pending audit requests for the bank authenticated in the API request.

Set processing flag for manual audit requests

POST /v1/confirm/manual-audit-requests/third-party/processing

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/third-party/processing"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "tokens": [
        "dab4363d-20dc-465c-92e0-8f0b1ab4be6c",
        "7f1f9ae2-7aec-4d1b-9d67-2829e0edbda7",
        "ad793a0f-dc73-4940-ba2c-811c20d0af87"
      ]
    }'

Marks a set of manual audit requests, identified by their unique tokens, as having begun processing by the bank authenticated in the API request.

Scopes

bank

Parameters

Name Type Description
tokens List<String> The list of manual audit request tokens indicating which audit requests to update.

Returns

Response

{
  "successful": [
    "dab4363d-20dc-465c-92e0-8f0b1ab4be6c",
    "7f1f9ae2-7aec-4d1b-9d67-2829e0edbda7"
  ],
  "failed": ["ad793a0f-dc73-4940-ba2c-811c20d0af87"]
}

Returns a dictionary with two keys: successful containing a list of manual audit request tokens which were successfully set as started processing, and failed for which the operation failed.

Upload attachments to a manual audit request confirmation

POST /v1/confirm/manual-audit-requests/:token/confirmations/upload

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/confirmations/upload"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[]=@confirmation.pdf
  -F attachments[]=@confirmation-2.pdf
  -F attachments[]=@confirmation-3.pdf

Uploads one or more files for the confirmation of an audit request, identified by the given token. A maximum amount of five attachments are allowed to avoid timing out.

This API request does not finalize the audit request - this is only done by sending a confirmation.

Scopes

bank

Parameters

Name Type Description
attachments List<File> List of files to be added to the confirmation (at most five per request).

Returns

Response

{ "message": "Uploaded 3 attachments" }

Returns a message indicating the number of attachments uploaded.

Send confirmation for manual audit request

POST /v1/confirm/manual-audit-requests/:token/confirmations

$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/confirmations"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[]=@confirmation.pdf
  -F attachments[]=@confirmation-2.pdf
  -F attachments[]=@confirmation-3.pdf

Response

{
  "token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
  "step": "completed"
}

Sends a confirmation for a manual audit request identified by the given token, finalizing it. This is the only way to send a confirmation through the API.

A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).

If you have previously attached all required files, you can omit the attachments parameter from this API request.

Scopes

bank

Parameters

Name Type Description
attachments List<File> List of files to be added to the confirmation (at most five).

Returns

Response

{
  "token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
  "step": "received"
}

Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL, and step contains the current step of the audit request process for the audit request. This latter value should be completed if nothing went wrong.

Brevio Sign API

The Sign API grants an authorized API client access to data associated with its entity in the Brevio Sign service.

Sign API core resources

Below are listed all the core resources for the Brevio Confirm API.

Sign request

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "99999999"
  },
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "sentAt": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "signed": false,
      "signedAt": null,
      "pid": null
    },
    {
      "email": "[email protected]",
      "name": "Ford Prefect",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "pid": null
    }
  ],
  "step": "sign",
  "user": {
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]",
    "name": "Arthur Dent"
  }
}

This object represents a single request for digital signatures for a list of documents by one or more signees. Each sign request pertains to exactly one company, but can contain between 1-5 uploaded documents and as many signees as needed.

Attribute Type  Description
token String Unique identifier.
attachments List<Attachment> List of all attachments associated with the sign request. Contains both the original uploaded documents, as well as their digitally signed counterparts.
company Company The company associated with the sign request.
dueDate Date The due date of the sign request. Once this date has passed (e.g. past 23:59:59 on the due date itself), the sign request has expired.
language String The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
lastUpdate DateTime When was the sign request last updated?
sentAt DateTime When was the sign request first sent? This field is null if the request has not been sent.
signees List<Signee> List of signees associated with the sign request.
step String Valid values: started, sign, cancelled, completed, archived.
user User The user associated with the sign request.

Attachment

Attachment

{
  "token": "21d2b46ae46b16845caad19c2d6aac34",
  "filename": "engagement-letter-2021.pdf",
  "signedPDF": false,
  "template": null,
  "title": "Engagement letter"
}

This object represents an attachment associated with a sign request. It is either (1) an uploaded document, or (2) a signed PDF.

Attribute Type Description
token String Unique identifier.
filename String Name of the uploaded file.
signedPDF Boolean Is this a digitally signed PDF?
template String Unique identifor for an associated document template.
title String Human-readable title for the attachment.

Document template

Docment template

{
  "token": "a0eaf8107e16f6af3a6d3659afc997d5",
  "i18ns": [
    {
      "language": "nb",
      "title": "Revisjonsberetning"
    },
    {
      "language": "en",
      "title": "Auditor's report"
    }
  ]
}

This object represents a template which can be associated with an uploaded document. This makes it easier to filter sign requests by their document templates when listing sign requests.

Each document template has mulitple internationalizations, with human-readable titles for each language.

Attribute Type Description
token String Unique identifier.
i18ns List<Internationalization> List of internationalizations associated with the document template.

Internationalization

Internationalization

{
  "language": "nb",
  "title": "Årsregnskap"
}

This object represents a internationalization for a document template, containing information about which language it pertains to, and what the human-readable title for the template is.

The internationalizations are managed by audit company administrators through the web UI.

Attribute Type Description
language String The language used for the internationalization. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv.
title String Human-readable title for the internationalization visible to auditors in the graphical user interface.

Other resources

Company

Company

{
  "country": "no",
  "name": "ACME AS",
  "vatNo": "999999999"
}
Attribute Type Description
country String Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
name String The company name as registered in the national registry for the company's country of operation.
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.

Signee

Signee

{
  "email": "[email protected]",
  "name": "Guybrush Threepwood III",
  "pid": null,
  "signed": true,
  "signedAt": "2022-01-01T08:33:12Z"
}

This object represents a signee. If the API client authenticated in the API request has the signee_pid scope, they can view the signee's Personal ID (PID).

Please contact us for more information.

Attribute Type Description
email String Email address of the signee.
name String Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is null if the signee has not signed.
pid String Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is null unless the API client has the signee_pid scope enabled.
signed Boolean Has the signee signed yet?
signedAt DateTime When was the sign request signed by this signee? This field is null if the signee hasn't signed.

User

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}
Attribute Type Description
address String Address for the user's physical office.
email String The user's email address.
name  String  Name verified by the national registry/SSO integration.

List all document templates

GET /v1/sign/document-templates

$ curl "https://api.brevio.com/v1/sign/document-templates"
  -H "Authorization: Bearer ${token}"

Returns a list of all document templates for the audit company authenticated in the API request.

The returned tokens can be used to filter sign requests by the templateToken attribute in the list all sign requests endpoint.

Scopes

audit_company

Parameters

None.

Returns

Response

{
  "templates": [
    {
      "token": "a0eaf8107e16f6af3a6d3659afc997d5",
      "i18ns": [
        {
          "language": "nb",
          "title": "Revisjonsberetning"
        },
        {
          "language": "en",
          "title": "Auditor's report"
        }
      ]
    },
    {
      "token": "9a75bf516d7d26b55e96b97a648c566e",
      "i18ns": [
        {
          "language": "nb",
          "title": "Årsregnskap"
        },
        {
          "language": "en",
          "title": "Annual report"
        }
      ]
    }
    // ...
  ]
}

Returns a list of document templates for the audit company authenticated in the API request.

Create attachments

POST /v1/sign/attachments

curl "https://api.brevio.com/v1/sign/attachments"
  --H 'Content-Type: multipart/form-data'
  --H "Authorization: Bearer ${token}"
  -F "[email protected]"
  -F "attachments[]=@engagement_letter.pdf"
  -F "attachments[]=@auditor_report.pdf"

Creates an attachment for each uploaded PDF.

A maximum amount of five attachments are allowed to avoid timing out.

The vendor scope can use this endpoint to upload attachments on behalf of its consumers by passing a valid consumerKey.

Returns a dictionary with a list of tokens uniquely identifying each created attachment.

Scopes

audit_company, vendor

Parameters

Name Type Description
attachments List<File> List of files (only PDF files allowed) to be uploaded. At most five per request.
user String Email address for the user which should be associated with the uploaded attachments.
consumerKey String The consumer key for the consumer you wish to create the attachment on behalf of. for vendor scopes.

Returns

Response

{
  "tokens": [
    "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
    "f0cc7f7e9ade1644913a32b3ba440a8ee019bd9a2c7f69bb3a3c97a484155a63"
  ]
}

Returns a dictionary with a tokens key, which contains tokens uniquely identifying each created attachment.

Create sign request

POST /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -d'{
    "attachments": [
      {
        "token": "0126a84017de0e70b6440820decbb565",
        "title": "Auditor report"
      },
      {
        "token": "95df519c2f4d5bf3040bab3e7a730f60",
        "title": "Engagement Letter",
        "template": "f7c2e7b859862ac29650bd098dfedfb6"
      }
    ],
    "country": "no",
    "signees": [
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 2
      }
    ],
    "language": "nb",
    "dueDays": 14,
    "message": "Sign request message",
    "user": "[email protected]",
    "vatNo": "999999999"
    }'

Creates a new sign request for a company (identified by the vatNo and country parameters), containing a list of PDF documents do be digitally signed (the attachments parameter) by one or more signees (the signees parameter).

The sign request is associated with the user passed in the user parameter, and there's a validation check whether the user is employed by the audit company authenticated in the API request at the time of creation.

The vendor scope can use this endpoint to create a sign request on behalf of its consumers by passing a valid consumerKey.

Returns a dictionary with the token of the created sign request.

Scopes

audit_company, vendor

Parameters

Name Type Description
attachments
List<>
List of attachments for the sign request. See attachments for details.
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation.
country String Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
user String Email address used to uniquely identify a user in the audit company making the API request.
language String The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. Defaults to nb.
signees List<> List of signees associated with the sign request. See signees for details.
dueDays Integer The number of days until the sign request expires. Valid values: 7, 14, 30. Defaults to 30.
message String Message to be displayed in the sign request (will replace the default message generated by Brevio).
consumerKey String The consumer key for the consumer you wish to create the sign request on behalf of. for vendor scopes.

Attachments

List of attachments referring to previously uploaded PDF files.

Attribute Type Description
token String Unique identifier.
title String Human-readable title. When there are more than one attachment for a sign request, the titles are joined together with comma-separation.
templateToken String Token identifying a document template.

Signees

Signees

[
  {
    "email": "[email protected]",
    "order": 1
  },
  {
    "email": "[email protected]",
    "order": 2 // This signee will *only* receive the sign request *after* the previous signee has signed.
  }
]

List of signees (identified by their email) who are required to sign all PDF documents in the sign request.

If you want a particular signee to sign the PDF documents before another, you can specify the signing order in the order parameter. Signees with the same order will receive the sign request at the same time, and those with a larger order will receive the sign request only after all previous signee orders have signed.

Attribute Type Description
email String Email address of the signee.
order Integer Should this signee sign the sign request in a particular order?

Returns

Response

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9"
}

Returns a dictionary with a token key containing the unique token for the created sign request.

List all sign requests

GET /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -d '{"vatNo": "999999999", "country": "no" }'

Returns a paginated list for all sign requests for the audit company authenticated in the API request, filtered by company (identified by the vatNo and country parameters). The results can also optionally be filtered by a document template.

The payload contains at most 50 requests. To access all sign requests (in cases where there are more than 50) you have to paginate through the results.

Scopes

audit_company, signee_pid

Parameters

Name Type Description
vatNo String VAT number for the audit client.
country String Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se.
offset Integer The offset used for pagination.
templateToken String Unique identifier for a document template to filter the sign requests by. If a sign request contains any attachments with the document template then it is included in the result.

Returns

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no"
      },
      "dueDate": "2022-11-13",
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sentAt": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Returns a paginated list of all sign requests for the audit company authenticated in the API request, filtered by VAT number, country, and optionally document template.

List updated sign requests

GET /v1/sign/sign-requests/updates

$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
  -H "Authorization: Bearer ${token}"
  -d '{"fromDate": "2022-01-01"}'

Returns a paginated list for all sign requests for the audit company authenticated in the API request, which have been updated after a specific date (the fromDate parameter).

The results are inclusive, meaning all passing 2022-01-01 will return all sign requests updated after 2022-01-01 00:001.

The payload contains at most 50 requests. To access all sign requests (in cases where there are more than 50) you have to paginate through the results.

Name Type Description
fromDate String ISO8601 date string representing the inclusive start of the date filter
offset Integer The offset used for pagination

Returns

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no"
      },
      "dueDate": "2022-11-13",
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sentAt": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign",
      "user": {
        "address": "Gatevei 1313, 0561 Oslo",
        "email": "[email protected]",
        "name": "Arthur Dent"
      }
    }
    // ...
  ]
}

Returns a paginated list of all sign requests for the audit company authenticated in the API request, updated after the specified date.

Download attachment

POST /v1/sign/attachments/:token/signed-url

$ curl "https://api.brevio.com/v1/sign/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
  -H "Authorization: Bearer ${token}

Generates a short-lived (24 hours) signed URL in accordance with information security best practices to download the attachment identified by the given token.

Scopes

audit_company

Parameters

None.

Returns

Response

{
  "filename": "signed-auditor-report.pdf",
  "url": "https://cdn.brevio.com/signed-auditor-report.pdf"
}

Returns a dictionary with a filename field indicating the filename of the attachment, and an url field containing the signed URL.

Brevio Signature Right API

The signature right API grants an authorized API client access to data used to verify whether a given national ID is allowed to digitally sign documents for a given company, either in combination with others or individually.

Through the API you can accomplish the following:

Signature Right API core resources

Signature Right

Attribute Type Description
changeDate Date The date when signing rule was last changed (valid from)
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation
country String Two letter ISO country code
nationalId String National Id / SSN
signatureRight String Signature right. Valid values are 'ALONE' or 'GROUP'

Get signature right

GET /v1/signature-right

$ curl "https://api.brevio.com/v1/signature-right?vatNo=${vat_no}" \
      "&nationalId=${national_id}&country=${country}"
  -H "Authorization: Bearer ${token}"

Response

{
  "changeDate": "2019-12-11",
  "vatNo": "5564779444",
  "nationalId": "196805029268",
  "signatureRight": "ALONE"
}

This endpoint returns signature rights information for a given combination of VAT number, national ID (SSN), and country code.

Currently Swedish, Norwegian, and Danish companies are supported using country code se for Sweden, no for Norway, and dk for Denmark.

Scopes

signature_right

Parameters

Name Type Description
vatNo String The VAT number for the company (8 digits for danish, 9 digits for Norwegian, and 10 digits for Swedish).
nationalId String National ID/ SSN
country String Countries for which the check is performed. Valid countries: se no dk

Returns

Returns the signature right for the given vatNo, nationalId, and country.

Changelog

All requests to the Brevio APIs check whether the Brevio-Version header is present, and applies the API version present (if valid). If the header isn't present the API uses your account's API settings.

Example: Sending 2023-02-14 as Brevio-Version will force the request to use the API version released on February 14th, 2023.

October 4, 2023 - 2023-10-04

API responses

Endpoint changes

April 24, 2023 - 2023-04-24

March 24, 2023 - 2023-03-24

March 20, 2023 - 2023-03-20

March 1, 2023 - 2023-03-01

February 14, 2023 - 2023-02-14

November 3, 2022 - 2022-11-03

October 26, 2022 - 2022-10-26

October 24, 2022 - 2022-10-24

October 13, 2022 - 2022-10-13

October 1, 2022 - 2022-10-01

1.0

Initial release of the Brevio API.

Audit request

2023-10-04

Attributes

2023-03-24

Create lasting power of attorney

Parameters

The end date for for LPAs is now removed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor.

Removed
Name Type Description
endDate String ISO8601 date string.

List lasting powers of attorney

Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "endDate": null, // Changed to nullable
    "signed": false,
    "language": "en",
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    }
  }
]
Respose

The end date for for LPAs is now changed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor. This means that if the LPA is set to not expire the endDate will be null.

Name Type Description
endDate String ISO8601 date string.

2023-03-01

List all pending audit requests for third party (banks)

New request parameter

This option is exclusively for banks, please contact Brevio to enable the feature if needed.

Name Type Required Description
reviewedSignatures boolean false Optional field to return reviewed audit requests

New response attributes

Name Type Description
bankReviewedCompanySignatures BankReviewedCompanySignature Only available if review is enabled for the bank

BankReviewedCompanySignature

Name Type Description
reviewedBy string Field for banks to keep tabs on who internally reviewed the audit request signature
reviewedAt datetime When the employee reviewed the audit request signature
verified boolean The signature is either rejected or verified
company Company Which company was reviewed

GET /v1/confirm/audit-requests/third-party

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party?reviewedSignatures=true"
  -H "Authorization: Bearer ${token}"

Response

{
  "count": 33,
  "offset": 0,
  "next": 0,
  "total": 33,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Brevio AS",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": "Art Vandelay",
          "pid": null,
          "signed": true
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "third-party",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "email": "[email protected]",
        "officeAddress": "Gatevei 1313, 0561 Oslo"
      },
      "bankReviewedCompanySignatures": [
        {
          "reviewedBy": "Bob",
          "verified": true,
          "reviewedAt": "2022-10-03T11:00:23Z",
          "company": {
            "name": "ACME AS",
            "vatNo": "999999999",
            "country": "no"
          }
        }
      ]
    }
    // ...
  ]
}

2023-02-14

POST /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '
    {
      "language": "nb",
      "vatNo": "999999999",
      "country": "no"
      "signees": [
        "[email protected]",
        "[email protected]",
        "[email protected]"
      ],
      "user": "[email protected]",
      "auditRequests": [
        {
          "bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
          "cutOffDate": "2022-12-31",
          "subsidiaries": [
            { vatNo: "999999998", country: "no" },
            { vatNo: "99999988", country: "fi" }
          ],
          "auditAccountNumbers": [
            {
              "accountNumber": "12341212345",
              "company": {
                "country": "no",
                "vatNo": "999888999"
              }
            }
          ]
        },
        // ...
      ]
    }
  '

New attributes

Create audit request
Name Type Description
country string Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to
subsidiaries List<Company> Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary.
auditAccountNumbers List<AuditAccountNumber> Changed company property in AuditAccountNumber from a string containing the VAT number to a Company object with vatNo and country

GET /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "clientEmail": "[email protected]",
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "step": "client",
  "thirdParty": "DNB",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "vatNo": "999888999",
        "country": "no"
      }
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999",
    "country": "no" // New property
  },
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "pid": null,
      "signed": false
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doorknobs Oy",
      "vatNo": "99999988",
      "country": "fi" // New property
    }
  ],
  "user": {
    "name": "Arthur Auditor",
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]"
  }
}
List audit requests
Name Type Description
country string Adds country to Company for company and subsidiaries
accountNumber Company Changes company property in accountNumber from a string with VAT number to a Company object consisting of vatNo and country
Create lasting power of attorney

POST /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '
   {
      "endDate": "2025-11-24",
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "vatNo": "999999998",
      "country": "no",
      "subsidiaries": [
        { "vatNo": "999888777", "country": "no" },
        { "vatNo": "999888666", "country": "no" }
      ],
      "signees": ["[email protected]", "[email protected]"]
}
'

Response

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "endDate": "2025-11-24",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "test company 1",
      "vatNo": "999999996",
      "country": "no" // New property
    }
  ],
  "bank": {
    "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
    "name": "test",
    "hasLPA": true,
    "country": "no"
  },
  "company": {
    "name": "Test company",
    "vatNo": "999999998",
    "country": "no" // New property
  }
}
Name Type Description
country string Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to
subsidiaries List<Company> Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary.
List lasting powers of attorneys

GET /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d'
    {
      "companies": [{"vatNo": "999999999", "country": "no"}], # New property, replaces `vatNumbers`
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
    }'
Name Type Description
companies List<Company> Replaces vatNumbers - Changed from list of VAT numbers to list of Company objects where vatNo and country are required per company.

Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "endDate": "2025-11-24",
    "signed": false,
    "language": "en",
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no" // New property
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no" // New property
    }
  }
]

2022-10-01

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2022-10-01"

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "clientEmail": "[email protected]",
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "step": "client",
  "thirdParty": "DNB",

  // New attributes
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": "999999999"
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "pid": null,
      "signed": false
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999999998"
    }
  ],
  "user": {
    "name": "Arthur Auditor",
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]"
  }
}

New attributes

Name Type Description
acccountNumbers List<AccountNumber> List of account numbers associated with the audit request.
company Company The main audit client
confirmation Confirmation/null Confirmation for the audit request. This field is null if the audit request has not been confirmed
signees Signee[] List of signees associated with the audit request
subsidiaries List<Company> List of subsidiaries associated with the audit request
user User The user associated with the sign request

Removed attributes

Name Reason
acccountNumber Audit requests can have multiple account numbers
auditor The user keyword is more explicit
company Replaces the string value with the Company object
companyName Replaces the string value with the Company object
clientEmail Audit requests can have multiple signees
daughterCompanies Deprecated. Use subsidiaries instead
signee Audit requests can have multiple signees
signeePID Audit requests can have multiple signees

1.0

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "accountNumber": "1232.20.12313",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "auditor": {
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]",
    "name": "Arthur Auditor"
  },
  "clientEmail": "[email protected]",
  "company": "999999999",
  "companyName": "ACME AS",
  "confirmation": [
    "3c2d6bb220754baecb477d894483b341a7affaf4d22b3df85e2afac3cea9789c",
    "139f8ad345b828c669b96d8b27a594cf6f0c9d43aae2ec244d73cda3bb155a31"
  ],
  "cutOffDate": "2022-12-31",
  "daughterCompanies": [],
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "signee": "Guybrush Threepwood",
  "step": "third-party",
  "subsidiaries": [],
  "thirdParty": "DNB"
}
Attribute Type Description
token String Unique identifier
accountNumber String A single, verified bank account number for a particular company in a particular bank
attachments List<String> List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany String Name of the audit company to which the associated auditor of the audit request belongs
auditor Auditor The auditor associated with the request
clientEmail String Email address for the signee for the audit request
company String The VAT number of the main audit client
companyName String Audit client name, validated against the Norwegian company register
confirmation List<String> List of tokens used to uniquely identify an attachment uploaded as part of the confirmation
cutOffDate Date The end of the fiscal year for the associated audit client
language String The language used for the audit request.
lastUpdate DateTime Last time step was updated
manualReview Boolean Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template.
requestType String The type of the audit request.
sentToClient Date Date the audit request was first sent its signees
signee String/null The name of the person that has digitally signed the audit request, received from BankID. Null if the request has not been signed
signeePID String/null Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope signee_pid
step String The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post'
subsidiaries List<String> List of VAT numbers for subsidiaries associated with the audit request
thirdParty String Name of the audit request's associated third party

Auditor

Attribute Type Description
address String Address for the user's physical office
email String Email address
name  String  User name verified by the national registry/SSO integration

Sign request

2023-02-14

POST /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d'{
    "vatNo": "999999999",
    "country": "no", # New paramater
    "signees": [
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 2
      }
    ],
    "language": "nb",
    "dueDays": 14,
    "message": "Sign request message",
    "user": "[email protected]",
    "attachments": [
      {
        "token": "0126a84017de0e70b6440820decbb565",
        "title": "Auditor report"
      },
      {
        "token": "95df519c2f4d5bf3040bab3e7a730f60",
        "title": "Engagement Letter",
        "template": "f7c2e7b859862ac29650bd098dfedfb6"
      }
    ]
    }'

New attributes - Create sign request

Added country as required parameter.

Name Type  Description
country String Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'

GET /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '{
        "vatNo": "999999999",
        "country": "no" # New required parameter
      }'

Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no" // New property
      },
      "dueDate": "2022-11-13",
      "dueDays": 30,
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sent": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign"
    }
  ]
}

New attributes - List all sign request

Added country as required parameter and added country to Company return object.

Name Type  Description
country String Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'

GET /v1/sign/sign-requests/updates

$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '{"fromDate": "2022-01-01"}'

Response

{
  "count": 13,
  "offset": 0,
  "next": 0,
  "total": 13,
  "requests": [
    {
      "token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
      "attachments": [
        {
          "token": "b26859539b1e671d6fd96e71eb2cabc2",
          "filename": "auditor-report-2022.pdf",
          "signedPDF": false,
          "title": "Auditor report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no" // New property
      },
      "dueDate": "2022-01-31",
      "dueDays": 30,
      "lastUpdate": "2022-01-01T13:06:15Z",
      "sent": "2022-01-01T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        }
      ],
      "step": "sign"
    }
  ]
}

New attributes - List all updated sign request

Added country to Company object

Name Type  Description
country String Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'

2022-10-01

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2022-10-01"

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "step": "sign",

  // New attributes
  "sentAt": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "signed": false,
      "signedAt": null,
      "pid": null
    },
    {
      "email": "[email protected]",
      "name": "Ford Prefect",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "pid": null
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "99999999"
  },
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  }
}

New attributes

Renamed signee fields signeePID and signedName to pid and name respectively.

Name Type  Description
company Company The company associated with the sign request
sentAt DateTime Date and time sign request was sent to all signees
user User The user associated with the sign request

Removed attributes

Name Reason
company Replaces the string value with the Company object
sent Use sentAt instead

Errors

Response

{
  "status": 400,
  "message": "Bad request: vatNo is missing"
}

The Brevio APIs use the following error codes.

Code Description
400 Bad request - The request is invalid.
401 Unauthorized - Your API credentials are wrong, or you do not have access to this resource.
404 Not found - The specified resource could not be found.
500 Internal server error - We experienced an internal error. If the error persists, please contact us.