Introduction
The Brevio API is organized around REST.
Currently our APIs offer insight into data from the following services:
- Brevio Confirm (available for banks and audit companies)
- Brevio Sign (available for audit companies)
- Signature rights (available for banks)
Once you have registered a new API user, you'll have access to our staging environment after a validation of your associated bank or audit company.
Once you have tested and verified your integration, you are ready to go through the process of accessing our production environment and your data. To begin this process, please contact us.
Parameters
$ curl "https://api.brevio.com/v1/some-endpoint"
-H "Content-Type: application/json"
-d '{ "param": "value", "param2": "value2" }'
Query string
$ curl "https://api.brevio.com/v1/some-endpoint?param=value¶m=value2"
-H "Content-Type: application/json"
For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:
For POST requests, parameters not included in the URL should be encoded as JSON with a Content-Type of application/json unless otherwise noted.
All parameters are noted as such.
Dates and DateTimes
All responses from our APIs are native values (e.g. integers, strings, and arrays of native values). Response attributes
defined as Date or DateTime are ISO8601 compliant string representations for these values. e.g. 2022-01-01 and 2022-01-01T00:00:00Z
respectively.
Environments
The Brevio APIs are available in two separate environments:
- https://api-dev.brevio.com (staging)
- https://api.brevio.com (production)
To test your integration you should first authenticate against the staging environment - the production environment won't be available to your registered user until you have signed an API license deal. To begin this process, please contact us.
Versioning
Specifying version header
$ curl "https://api.brevio.com/v1/some-endpoint"
-H "Content-Type: application/json"
-H "Brevio-Version: 2023-10-04"
-d '{ "param": "value", "param2": "value2" }'
When backwards-incompatible changes are made to the API, a new, dated version is released. The current version is 2023-10-04. To see all API updates, view the changelog.
All requests use your account API settings, unless you override the API version. To set the API version for a specific
request, send a Brevio-Version header.
Unless otherwise noted, all documentation examples use the latest API version. If your payload differs from the documentation, you have a different API version in your account API settings.
After using the Brevio-Version header to test your integration against the latest API version, please
contact us to upgrade your account API settings.
Authentication
To ensure the Brevio APIs adhere to the latest security standards we utilise Oauth 2.0 to authenticate and authorize API clients.
We use the "client_credentials" grant flow from
the Oauth 2.0 specification to authorize access to API endpoints.
If you want to authenticate against our staging environment all you have to do is register a new API user to begin the process described below.
Credentials
Once you've registered a new user you will be given a client_id and a client_secret. These will be used to retrieve access tokens, based upon which scope you have access to.
Scopes
| Name | Note |
|---|---|
audit_company |
Can access both Brevio Confirm and Brevio Sign. |
bank |
Can only access Brevio Confirm. |
signature_right |
Grants access to the Signature Rights API. |
signee_pid |
Grants access to view the personal ID (PID) of a signee. |
vendor |
Grants access to create sign requests on behalf of a costumer. |
All scopes are validated by when creating an API client.
The signature_right, signee_pid, and vendor scopes require specific access. Please contact us for more information.
Access tokens
We use bearer tokens to verify access to all Brevio API endpoints. Access tokens are generated by
passing a base64 encoded valid client_id and client_secret combination to the access token creation endpoint.
Create access token
POST
/auth/token
$ curl "https://api.brevio.com/auth/token"
-H "Authorization: Basic ${base64_encoded_client_id_and_secret}"
-d '{ "grant_type": "client_credentials", "scope": "bank" }'
To retrieve an access token you need to base64 encode your client_id and client_secret
and pass them to the Basic authentication scheme.
You also need to specify the grant_type to be client_credentials, as well
as specify the scope your client has access to.
Parameters
| Name | Type | Description |
|---|---|---|
| grant_type | String | Must be client_credentials |
| scope | Scope | audit_company, bank, signature_right, signee_pid, vendor |
Returns
Response
{
"access_token": "tLUowHOUa2dmanlU_pr9WazuI_ubjRNoXMBeg_jzCo0",
"token_type": "Bearer",
"expires_in": 1209600,
"scope": "audit_company signature_right",
"created_at": 1665131755,
"api_version": "2023-10-04"
}
Returns a valid access token for the given scope(s). The access token will indicate which API version the token is valid for.
Brevio Confirm API
The Confirm API grants your authorized API client access to data associated with its entity (e.g. bank or audit company) in the Brevio Confirm service.
Confirm API core resources
Below are listed all the core resources for the Brevio Confirm API.
Audit request
Audit request
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
}
}
],
"attachments": [],
"auditCompany": "Brevio AS",
"bank": {
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
},
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": {
"attachments": [
"3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"a4c60323af9e76bb9877a75631dd6a51d62db93929a223ac4d91eacabf2bda1a"
],
"sentAt": "2023-01-01"
},
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"lastingPowerOfAttorney": null,
"manualReview": false, // bank only
"requestType": "bank",
"sentToClientAt": "2022-10-01",
"signatureReviews": [
// bank only
{
"reviewedBy": "Bob Odenkirk",
"verified": true,
"reviewedAt": "2022-10-03T11:00:23Z",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
}
],
"signees": [
{
"email": "[email protected]",
"name": "Arthur Dent",
"pid": null,
"signed": true
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"startedProcessing": true, // bank only
"step": "received",
"subsidiaries": [
{
"name": "ACME Doorknobs Oy",
"vatNo": "99999988",
"country": "fi"
}
],
"subType": null,
"thirdParty": "DNB",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
}
}
This object represents a single request for a confirmation from a third party for a particular audit client. A third party can be either a bank, lawyer, supplier, or client.
Each audit request pertains to exactly one audit client (company), and any number of subsidiaries
(subsidiaries).
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| acccountNumbers | List<AccountNumber> | List of account numbers associated with the audit request. |
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees). |
| auditCompany | String | Name of the audit company to which the associated auditor of the audit request belongs |
| bank | Bank | The bank associated with this audit request. |
| company | Company | The main audit client. |
| confirmation | Confirmation | Confirmation for the audit request. This field is null if the audit request has not been confirmed. |
| cutOffDate | Date | The end of the fiscal year for the associated audit client. |
| invoiceReference | String | ID used for internal reference at the audit company. This field is null if the audit company does not have this setting enabled. |
| language | String | The language used for the audit request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. |
| lastUpdate | DateTime | When was the audit request last updated? |
| lastingPowerOfAttorney | LastingPowerOfAttorney | Lasting power of attorney (LPA) associated with this request. This field is null if the audit request has no associated LPA, or if the request is not a bank request. |
| requestType | String | Valid valies: bank, client, lawyer, supplier. |
| sentToClientAt | Date | Date the audit request was first sent its signees. |
| signees | List<Signee> | List of signees associated with the audit request. |
| step | String | Valid values: started, client, needs-validation, third-party, received, cancelled, archived, post. |
| subsidiaries | List<Company> | List of subsidiaries associated with the audit request. |
| subType | String | Valid values: completeness, existence. This field is null unless the audit request has the client or supplier request type. |
| thirdParty | String | Name of the audit request's associated third party. |
| user | User | The auditor associated with the audit request. |
Bank-only attributes
| Attribute | Type | Description |
|---|---|---|
| manualReview | Boolean | An audit request requires manual review in cases where the auditor has made changes to the standard template. |
| signatureReviews | List<SignatureReview> | List of signature reviews for the audit request. Only available if the bank has enabled signature reviews. |
| startedProcessing | Boolean | A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags. |
Bank
Bank
{
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
}
This object represents a bank. You can retrieve it to view information about the bank when creating new audit requests or lasting powers of attorney.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| disabled | Boolean | Disabled banks cannot receive new audit requests, but they can have existing requests sent before they were disabled. |
| hasLPA | Boolean | Does this bank support lasting powers of attorney (LPAs)? |
| lpaType | String | Valid values: none, specific, generic. |
| name | String | The name of the bank. Not guaranteed to be unique. |
Confirmation
Confirmation
{
"attachments": [
"9e9f430c1d8e8716ae71d6311fb76e4534fd4959e8b2299d505afcfafd32c60d",
"b82c013b8e3f9ae73352500d322a39538b269938bc9737e5f2a4d9df240d3e38"
],
"sentAt": "2023-01-01T08:03:01Z"
}
This object represents a confirmation for an audit request.
| Attribute | Type | Description |
|---|---|---|
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the confirmation. |
| sentAt | DateTime | Timestamp of when the third party sent the confirmation. |
Lasting power of attorney
Lasting power of attorney
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
"attachment": null,
"bank": {
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
},
"company": {
"country": "no",
"name": "ACME AS",
"vatNo": "999999998"
},
"fromDate": null,
"language": "en",
"lpaType": "specific",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
},
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "ACME Doors AS",
"vatNo": "999999998",
"country": "no"
},
{
"name": "ACME Doorknobs AS",
"vatNo": "999999997",
"country": "no"
}
]
}
This object represents a lasting power of attorney (LPA) - powers of attorney which remain valid for several audit seasons. Audit requests can use LPAs on behalf of audit clients for consecutive seasons until they are revoked.
LPAs must first be signed before they become active. When an audit request uses a signed LPA, the requests are sent directly to their respective third parties.
LPAs come in two distinct flavours:
- Generic: generic LPAs are only associated with a company (and optional subsidiaries), and can be used with any bank which supports generic LPAs.
- Specific: specific LPAs are associated with a specific bank, and can only be used for that particular bank.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier. |
| attachment | String | Unique identifier for the signed power of attorney (PDF). null if the LPA is not signed. |
| bank | Bank | The bank associated with this LPA. This field is null if the LPA type is generic. |
| company | Company | The main company assocaited with this LPA. |
| fromDate | Date | The date which this LPA was activated. This field is null if the LPA is not signed. |
| language | String | The language used for the LPA. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. |
| lpaType | String | Valid values: generic, specific. |
| signed | Boolean | Has this LPA been signed? |
| signees | List<Signee> | List of signees associated with the LPA. |
| subsidiaries | List<Company> | List of subsidiaries associated with the LPA. |
Manual audit request
Manual audit request
{
"token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
}
}
],
"attachments": [
"228ed0e06e78413fdba88cea02cdce69eb339946b13af5dbb8172a7c92af76d7"
],
"bank": {
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
},
"company": {
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
},
"completedAt": null,
"confirmation": null,
"cutOffDate": "2023-12-31",
"language": "en",
"sentToPaymentAt": null,
"sentToThirdPartyAt": null,
"signatureReviews": [],
"startedProcessing": false,
"step": "started",
"user": {
"company": "Dent Audit Oy",
"country": "fi",
"email": "[email protected]",
"firstName": "Arthur",
"ISD": "+358",
"lastName": "Dent",
"phone": "501234567"
}
}
This object represents an audit request which is initiated outside of Brevio. Auditors without a Brevio account can create manual audit request through a web interface provided by banks.
The bank can then confirm received manual audit requests in a predictable manner.
When manual audit requests are confirmed by their respective banks, the external auditor receives an email with a link to a downloadable, password-protected ZIP file containing the confirmation. The password for the ZIP file is sent to the auditor by SMS.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier. |
| acccountNumbers | List<AccountNumber> | List of account numbers associated with the audit request. |
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the audit request. |
| bank | Bank | The bank associated with this audit request. |
| company | Company | The main audit client. |
| completedAt | DateTime | When was the audit request completed? |
| confirmation | Confirmation | Confirmation for the audit request. This field is null if the audit request has not been confirmed. |
| cutOffDate | Date | The end of the fiscal year for the associated audit client. |
| language | String | The language used for the audit request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. |
| sentToPaymentAt | DateTime | When was the audit request sent to payment? |
| sentToThirdPartyAt | DateTime | When was the audit request sent to the bank? |
| signatureReviews | List<SignatureReview> | List of signature reviews for the audit request. Only available if the bank has enabled signature reviews. |
| startedProcessing | Boolean | A flag set by the bank, indicating they've started processing the audit request. Only available if the bank has enabled processing flags. |
| step | String | Valid values: started, awaiting_payment, sent_to_third_party, completed. |
| user | ManualUser | The auditor associated with the audit request. |
Other resources
Account number
Account number
{
"accountNumber": "1232.20.12313",
"company": {
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
}
}
This object represents a filled-in (by either the audit client or the auditor) account number which the associated bank uses to charge its fee for producing a confirmation.
| Attribute | Type | Description |
|---|---|---|
| accountNumber | String | A single, verified bank account number for a particular company in a particular bank. |
| company | Company | The company associated with this account number. |
Company
Company
{
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
}
| Attribute | Type | Description |
|---|---|---|
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| name | String | The company name as registered in the national registry for the company's country of operation. |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
Manual user
Manual user
{
"company": "Dent Audit Oy",
"country": "fi",
"email": "[email protected]",
"firstName": "Arthur",
"ISD": "+358",
"lastName": "Dent",
"phone": "501234567"
}
| Attribute | Type | Description |
|---|---|---|
| company | String | Name of the user's audit company. |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| String | The user's email address. | |
| firstName | String | The user's given name. |
| ISD | String | The international subscriber dialing (ISD) code for the user's phone number ( +47 for Norway). |
| lastName | String | The user's family name. |
| phone | String | The user's phone number. |
Signature review
Signature review
{
"company": {
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
},
"reviewedAt": "2022-10-03T11:00:23Z",
"reviewedBy": "Bob Odenkirk",
"verified": true
}
This object represents a signature review performed by a bank. Only banks that have enabled signature reviews in their settings can reject/verify digital signatures.
| Name | Type | Description |
|---|---|---|
| company | Company | The company associated with the signature. |
| reviewedAt | DateTime | When was the review performed? This field is null if the review has not yet taken place. |
| reviewedBy | String | Who performed the review? This field is null if the review has not yet taken place. |
| verified | Boolean | Was the signature rejected or verified? |
Signee
Signee
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
This object represents a signee. If the API client authenticated in the API request has the signee_pid scope,
they can view the signee's Personal ID (PID).
Please contact us for more information.
| Attribute | Type | Description |
|---|---|---|
| String | Email address of the signee. | |
| name | String | Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is null if the signee has not signed. |
| pid | String | Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is null unless the API client has the signee_pid scope enabled. |
| signed | Boolean | Has the signee signed yet? |
User
User
{
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
This object represents the auditor responsible for the audit request.
| Attribute | Type | Description |
|---|---|---|
| address | String | Address for the user's physical office. |
| String | The user's email address. | |
| name | String | Name verified by the national registry/SSO integration. |
Common endpoints
Lists all common endpoints which can be called by both audit companies and banks.
Download attachment
POST
/v1/confirm/attachments/:token/signed-url
$ curl "https://api.brevio.com/v1/confirm/attachments/:token/signed-url"
-H "Authorization: Bearer ${token}"
Generates a short-lived (24 hours) signed URL in accordance with information security
best practices to download the attachment identified by the given token.
The attachments can be PDFs, images, Microsoft Office files (.xlsx etc.) and XML files.
Scopes
audit_company, bank
Parameters
None.
Returns
Response
{
"filename": "signed-power-of-attorney.pdf",
"url": "https://cdn.brevio.com/signed-power-of-attorney.pdf"
}
Returns a dictionary with a name field indicating the filename of the attachment, and an url field
containing the signed URL.
Audit company endpoints
Lists all API endpoints only available to audit companies.
Create audit requests
POST
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-d '
{
"language": "nb",
"vatNo": "999999999",
"country": "no"
"signees": [
"[email protected]",
"[email protected]",
"[email protected]"
],
"user": "[email protected]",
"auditRequests": [
{
"bank": "042172ae-9e59-4b8e-910f-3f707a727659",
"cutOffDate": "2022-12-31",
"subsidiaries": [
{ vatNo: "999999998", country: "no" },
{ vatNo: "99999988", country: "fi" }
]
}
]
}
'
Creates one or more audit requests for an audit client (identified by the vatNo and country parameters) to
a list of signees (defined in the signees parameter).
Returns a list of tokens used to uniquely identify the created audit requests and a boolean flag indicating whether the audit requests were sent or not.
Scopes
audit_company
Parameters
| Name | Type | Description |
|---|---|---|
| auditRequests | List<> |
See audit requests for details. |
| country | String | Which country is the main audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| language | String | The language used for the email sent to the audit client and the digital signing process. Valid values: da, en, nb, sv. |
| user | String | Email address used to uniquely identify a user in the audit company. If the user is already registered in Brevio, the audit request will instantly show up in their dashboard. If they're not registered they will receive an email notifying them that they have been assigned to an audit request. |
| vatNo | String | VAT number for the main audit client. Will be validated against the national registry for the country defined in the country parameter. |
| signees | List<String> | List of email addresses for all signees that need to digitally sign the audit request. This field is if lasting powers of attorney are not included for all audit requests. |
Audit requests
Audit requests
[
{
"bank": "dea270bd-9110-4b54-84bc-c2ecee3cc77c",
"cutOffDate": "2023-12-31",
"lpa": "2915823c-ae10-46b5-98d8-1677801d7361",
"subsidiaries": [
{ "vatNo": "999999998", "country": "no" },
{ "vatNo": "99999988", "country": "fi" }
]
},
{
"cutOffDate": "2023-12-31",
"language": "en",
"requestType": "lawyer",
"thirdPartyEmail": "[email protected]",
"thirdPartyRecipient": "Bob Loblaw"
}
// ...
]
Audit requests
[
{
"bank": "dea270bd-9110-4b54-84bc-c2ecee3cc77c",
"cutOffDate": "2023-12-31",
"lpa": "2915823c-ae10-46b5-98d8-1677801d7361",
"subsidiaries": [
{ "vatNo": "999999998", "country": "no" },
{ "vatNo": "99999988", "country": "fi" }
]
},
{
"cutOffDate": "2023-12-31",
"language": "en",
"requestType": "lawyer",
"thirdPartyEmail": "[email protected]",
"thirdPartyRecipient": "Bob Loblaw"
}
// ...
]
List of each individal audit request sent on behalf of the audit client to the signees. parameters need only be present for matching request types (if specified in the description).
| Name | Type | Description |
|---|---|---|
| bank | String | Only applies to bank requests. Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers. |
| cutOffDate | String | ISO8601 date string representing the end of the fiscal year for the audit client. |
| thirdPartyEmail | String | Does not apply to bank requests. Email of the third party for which a confirmation is requested. |
| thirdPartyRecipient | String | Does not apply to bank requests. Name of third party for which a confirmation is requested. |
| accountNumbers | List<> | Only applies to bank requests. See account numbers for details. |
| balance | Only applies to client or supplier requests. See balance for details. |
|
| language | String | Language for the audit request. This also sets the language for the confirmation process. Valid values: da, en, nb, sv. Defaults to nb. |
| lpa | String | Only aplpies to bank requests. Unique token for a lasting power of attorney (LPA). See endpoint for listing LPAs to retrieve identifiers. |
| reminder | Boolean | Should the audit request generate emails to audit clients and third parties if they are not responded to in a timely fashion? Defaults to true. |
| requestType | String | Valid values: lawyer, bank, supplier, client. Defaults to bank. |
| subsidiaries | List<> | Only applies to bank or lawyer requests. List of subsidiary companies for which the audit request pertains. See company for details. |
Account numbers
Account number
{
"accountNumber": "1288.56.24131",
"company": {
"vatNo": "999999999",
"country": "no"
}
}
Account number
{
"accountNumber": "1288.56.24131",
"company": {
"vatNo": "999999999",
"country": "no"
}
}
A list of account numbers for a particular bank (defined in the audit request parameters) and a particular company.
| Attribute | Type | Description |
|---|---|---|
| accountNumber | String | A single, formatted bank account number for a particular company in a particular bank. |
| company | See company for details. |
Balance
Balance
{
"amount": "5000",
"currency": "USD"
}
Balance
{
"amount": "5000",
"currency": "USD"
}
Audit requests with the existence sub type need to provide a balance against which the confirmation
is compared.
| Name | Type | Description |
|---|---|---|
| amount | String | The amount you wish the client or supplier to verify. |
| currency | String | Currency code adhering to the ISO 4217 standard. |
Company
Company
{
"country": "no",
"vatNo": "999999999"
}
Company
{
"country": "no",
"vatNo": "999999999"
}
Companies are present in the parameters for both account numbers and subsidiaries.
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
Returns
Response
{
"tokens": [
"616f6a6e7c4c5a3067afff6e6cd4ab0b4b889dfc922ef0f767d8a4d7cb7eddb0",
"11abefac8cc529470fc8f1b73db29598cc49e51e049e158b68e4fe8ce5fb8628",
"1f8c6c2b24ea3b7d51ec802a6c1396ef1c35edc7d3cd184693dbf0a617824cfa"
],
"sent": true // if false, the user has received an email prompting them to register a Brevio account and authenticate through their national registry/SSO.
}
Returns a dictionary with two keys: tokens and sent. The tokens uniquely identify each created audit request, and the
sent flag indicates whether the audit requests were sent to their respective clients or not.
List all audit requests
GET
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-d '{ "vatNo": "999999999", "country": "no" }'
Returns a paginated list for all audit requests for the audit company authenticated in the API request, filtered by audit client (and optionally request type).
The response contains at most 50 audit requests. To access all audit requests (in cases where there are more than 50) you have to paginate through the results.
Scopes
audit_company
Parameters
| Name | Type | Description |
|---|---|---|
| vatNo | String | VAT number for the audit client. |
| country | String | Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| offset | Integer | The offset used for pagination |
| requestType | String | Valid values: bank, client, lawyer, supplier. |
Returns
Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [],
"auditCompany": "Audit company AS",
"bank": {
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
},
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": null,
"cutOffDate": "2023-12-31",
"language": "nb",
"lastUpdate": "2023-10-02T11:53:23Z",
"requestType": "bank",
"sentToClient": "2023-10-01",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"step": "client",
"subsidiaries": [],
"subType": null,
"thirdParty": "DNB",
"user": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
}
// ...
]
}
Returns a paginated list of all audit requests for the audit company authenticated in the API request, filtered by VAT number, country, and optionally request type.
Finalize audit request
POST
/v1/confirm/audit-requests/finalize
$ curl "https://api.brevio.com/v1/confirm/audit-requests/finalize"
-H "Authorization: Bearer ${token}"
-d
'{
"tokens": [
"64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
"d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
"fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
]
}'
Marks a set of audit requests, identified by their unique tokens, as received by the auditor outside of Brevio.
A maximum of 10 audit request tokens are allowed with each request.
Scopes
audit_company
Parameters
| Name | Type | Description |
|---|---|---|
| tokens | List<String> | The list of audit request tokens identifying which audit requests to finalize. |
Returns
Response
{
"successful": [
"64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
"d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
],
"failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}
Returns a dictionary with two keys: successful containing a list of audit request tokens which were finalized, and failed, which is a list of audit request tokens which failed during finalization.
List all banks
GET
/v1/confirm/banks
$ curl "https://api.brevio.com/v1/confirm/banks"
-H "Authorization: Bearer ${token}"
Returns a list of all supported banks.
Scopes
audit_company
Parameters
None.
Returns
Response
[
{
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
}
// ...
]
Returns a list of all supported banks.
Create lasting power of attorney
POST
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-d '
{
"bank": "042172ae-9e59-4b8e-910f-3f707a727659",
"vatNo": "999999998",
"country": "no",
"subsidiaries": [
{ "vatNo": "999888777", "country": "no" },
{ "vatNo": "999888666", "country": "no" }
],
"signees": ["[email protected]", "[email protected]"]
}
'
Creates a new lsating power of attorney (LPA).
LPAs must be signed before they become usable, so the first time the newly created LPA is used with an audit request, it is sent to its signees. Once the LPA has been signed, it can be re-used for subsequent audit seasons, and sent directly to the bank.
Returns the created LPA.
Scopes
audit_company
Parameters
| Name | Type | Description |
|---|---|---|
| country | String | Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| vatNo | String | The VAT number for the company. Will be validated against the national registry for the country defined in the country parameter. |
| bank | String | Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers. |
| language | String | Language for the LPA. Valid values: da, en, nb, sv. Defaults to en. |
| subsidiaries | List<> | List of subsidiary companies which the LPA covers. See company for details. |
| signees | List<String> | List of email addresses for all signees that need to digitally sign the audit request. This field is required if lasting powers of attorney is not included for all audit requests. |
Company
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
Returns
Response
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
"attachment": null,
"bank": {
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
},
"company": {
"name": "ACME AS",
"vatNo": "999999998",
"country": "no"
},
"fromDate": null,
"lpaType": "specific",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
},
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "ACME Doors AS",
"vatNo": "999888777",
"country": "no"
},
{
"name": "ACME Doorknobs AS",
"vatNo": "999888666",
"country": "no"
}
]
}
Returns a dictionary with information about the created LPA. See the LPA resource documentation for details.
List all lasting powers of attorney
GET
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-d'
{
"companies": [{"vatNo": "999999999", "country": "no"}],
"bank": "4a2f6327-7838-4e60-a84d-77a9de2842ae"
}'
Returns a filtered list of all lasting powers of attorney (LPA).
The list can be filtered by either unique identifiers (the tokens parameter), or by
a combination of banks and companies.
if the tokens parameter is present, all other parameters are ignored.
If both banks and companies parameters are present, the result will only contain
specific LPAs for the given banks and companies.
If only the companies parameter is present, the result will only containgeneric LPAs for the passed companies.
Scopes
audit_company
Parameters
| Name | Type | Description |
|---|---|---|
| bank | String | Unique identifier for the bank. See endpoint for listing banks to retrieve identifiers. Can only be used alongside the companies parameter. |
| companies | List<> | See companies for details. |
| tokens | List<String> | Unique identifiers for existing LPAs. |
Companies
A list of companies to filter the LPAs by.
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
Returns
Response
[
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
"attachment": null,
"bank": {
"token": "fbbe6f42-3c24-4964-9444-7c43d579a5e6",
"country": "no",
"hasLPA": true,
"lpaType": "specific",
"name": "Bank"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no"
},
"fromDate": null,
"language": "en",
"lpaType": "specific",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no"
}
]
},
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b3",
"attachment": "e7a064b36b6f63c07d7d5c27b2d32dfb",
"bank": {
"token": "3f3e7a14-0d80-4fb4-b998-7a96cb27e8e8",
"country": "no",
"hasLPA": true,
"lpaType": "specific",
"name": "Other Bank"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no"
},
"fromDate": "2023-10-01",
"language": "en",
"lpaType": "specific",
"signed": true,
"signees": [
{
"name": "Arthur Dent",
"signed": true,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no"
}
]
}
]
Returns a list of LPAs for the audit company authenticated in the API request, filtered by the given parameters.
Bank endpoints
Lists all API endpoints only available to banks.
The endpoints are separated into two main areas:
- Regular audit requests
- Manual audit requests
List all pending audit requests
GET
/v1/confirm/audit-requests/third-party
$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party"
-H "Authorization: Bearer ${token}"
Returns a paginated list for all audit requests that have been digitally signed and are awaiting confirmation from the bank authenticated in the API request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| offset | Integer | The offset used for pagination |
| processing | Boolean | Optional flag to filter results by whether the bank has begun processing the audit request. |
Returns
Response
{
"count": 33,
"offset": 0,
"next": 0,
"total": 33,
"requests": [
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [
"9d60416a969378df27e7ca0122d42a7cecd02c37f1e7526cff7e549d8376690c"
],
"auditCompany": "Brevio AS",
"bank": {
"token": "042172ae-9e59-4b8e-910f-3f707a727659",
"country": "no",
"disabled": false,
"hasLPA": true,
"lpaType": "specific",
"name": "DNB"
},
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
// Only available to banks which have enabled this setting
"signatureReviews": [
{
"reviewedBy": "Bob",
"verified": true,
"reviewedAt": "2022-10-03T11:00:23Z",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
}
],
"signees": [
{
"email": "[email protected]",
"name": "Art Vandelay",
"pid": null,
"signed": true
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
// Only available to banks which have enabled this setting
"startedProcessing": false,
"step": "third-party",
"subsidiaries": [],
"thirdParty": "DNB",
"user": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
}
// ...
]
}
Returns a paginated list of pending audit requests for the bank authenticated in the API request.
Set processing flag for audit requests
POST
/v1/confirm/audit-requests/third-party/processing
$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party/processing"
-H "Authorization: Bearer ${token}"
-d
'{
"tokens": [
"64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
"d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
"fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
]
}'
Marks a set of audit requests, identified by their unique tokens, as having begun processing by the bank authenticated in the API request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| tokens | List<String> | The list of audit request tokens indicating which audit requests to update. |
Returns
Response
{
"successful": [
"64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
"d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
],
"failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}
Returns a dictionary with two keys: successful containing a list of audit request tokens which were successfully set as
started processing, and failed for which the operation failed.
Upload attachments to a confirmation
POST
/v1/confirm/audit-requests/:token/confirmations/upload
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/upload"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachments[]=@confirmation.pdf
-F attachments[]=@confirmation-2.pdf
-F attachments[]=@confirmation-3.pdf
Uploads one or more files for the confirmation of an audit request, identified by the given token.
A maximum amount of five attachments are allowed to avoid timing out.
This API request does not finalize the audit request - this is only done by sending a confirmation.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<File> | List of files to be added to the confirmation (at most five per request). |
Returns
Response
{ "message": "Uploaded 3 attachments" }
Returns a message indicating the number of attachments uploaded.
Finalize erroneous audit request with comment
POST
/v1/confirm/audit-requests/:token/confirmations/comment
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/comment"
-H "Authorization: Bearer ${token}"
-d '{ "comment": "The client (999999998) is not a customer of our bank" }'
Marks an audit request, identified by the given token, as finalized and sent in error.
This is the case if an auditor has sent an audit request to a bank for a client (or subsidiary) which isn't a customer of the bank. The bank must provide an explanatory comment (maximum 200 characters).
Once the comment has been sent, the auditor will receive a notification that the audit request has been finalized.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| comment | String | Comment clarifying why the audit request was sent in error (maximum 200 characters). |
Returns
Response
{ "message": "Audit request completed and notification sent to auditor" }
Returns a textual message indicating that the operation was successful.
Send confirmation for audit request
POST
/v1/confirm/audit-requests/:token/confirmations
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachments[]=@confirmation.pdf
-F attachments[]=@confirmation-2.pdf
-F attachments[]=@confirmation-3.pdf
Sends a confirmation for an audit request identified by the given token, finalizing it. This is the only
way to send a confirmation through the API.
A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).
If you have previously attached all required files, you can omit the attachments parameter from this API request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<File> | List of files to be added to the confirmation (at most five). |
Returns
Response
{
"token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
"step": "received"
}
Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL,
and step contains the current step of the audit request process for the audit request. This latter value should be received if
nothing went wrong.
Create manual audit request
POST
/v1/confirm/manual-audit-requests
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests"
-H "Authorization: Bearer ${token}"
-d '
{
"accountNumber": "1234.12.12345",
"company": {
"name": "Blaylock Mining",
"vatNo": "123456789",
"country": "no"
},
"cutOffDate": "2022-12-31",
"language": "nb",
"user": {
"firstName": "Doc",
"lastName": "Holiday",
"email": "[email protected]",
"company": "Tombstone Bookkeeping",
"phone": "99889988",
"ISD": "+47",
"country": "no"
},
}
'
Creates a manual audit request for an audient client (company) for the
bank authenticated in the API request.
Returns an object representing the manual audit request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| company | The audit client for the audit request. See company for details. | |
| cutOffDate | String | ISO8601 date string representing the end of the fiscal year for the audit client. |
| user | The auditor initiating the audit request via the bank authenticated in the API request. See user for details. | |
| language | String | Language for the audit request. This also sets the language for the confirmation process. Valid values: da, en, nb, sv. |
| accountNumber | String | A single, verified account number for a particular company in the bank authenticated in the API request. |
Company
| Name | Type | Description |
|---|---|---|
| name | String | The name of the audit client. |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
User
| Name | Type | Description |
|---|---|---|
| company | String | Name of the user's audit company. |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| String | The user's email address. | |
| firstName | String | The user's given name. |
| ISD | String | The international subscriber dialing (ISD) code for the user's phone number ( +47 for Norway). |
| lastName | String | The user's family name. |
| phone | String | The user's phone number. |
Returns
Response
{
"token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
"accountNumbers": [
{
"accountNumber": "1234.12.12345",
"company": {
"name": "Blaylock Mining",
"vatNo": "123456789",
"country": "no"
}
}
],
"attachments": [],
"company": {
"country": "no",
"vatNo": "999999999",
"name": "ACME AS"
},
"completedAt": null,
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"sentToPaymentAt": null,
"sentToThirdPartyAt": null,
"step": "started",
"user": {
"company": "Tombstone Bookkeeping",
"country": "no",
"email": "[email protected]",
"ISD": "+47",
"firstName": "Doc",
"lastName": "Holiday",
"phone": "99889988"
}
}
Returns a dictionary representing the created manual audit request.
The token is used to upload attachments, and finally send to send the manual audit
request to the bank.
Upload attachment to manual audit request
POST
/v1/confirm/manual-audit-requests/:token/attachments
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/attachments"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachment=@power_of_attorney.pdf
Uploads an attachment to a manual audit request, identified by the given token.
This endpoint associates the attachment with the audit request itself (usually a signed power of attorney). To upload an attachment to the confirmation, see upload attachment to confirmation.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| attachment | File | The file to be attached to the manual audit request. |
Returns
Response
{ "message": "Successfully uploaded attachment" }
Returns a message indicating the upload succeeded.
Send manual audit request
POST
/v1/confirm/manual-audit-requests/:token/send
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/send"
-H "Authorization: Bearer ${token}"
Starts a payment flow for the manual audit request, after which it is sent to the bank.
An email with a Stripe payment link is sent to the user. Once payment is fulfilled, the audit request is sent to the bank.
Scopes
bank
Returns
Response
{
"token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
"accountNumbers": [
{
"accountNumber": "1234.12.12345",
"company": {
"name": "Blaylock Mining",
"vatNo": "123456789",
"country": "no"
}
}
],
"company": {
"country": "no",
"vatNo": "999999999",
"name": "ACME AS"
},
"completedAt": null,
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"sentToPaymentAt": "2023-06-06T08:58:12.660Z"
"sentToThirdPartyAt": null,
"step": "awaiting_payment",
"user": {
"company": "Tombstone Bookkeeping",
"country": "no",
"email": "[email protected]",
"ISD": "+47",
"firstName": "Doc",
"lastName": "Holiday",
"phone": "99889988"
}
}
Returns a dictionary representing the updated manual audit request.
The fields step should be awaiting_payment, and sentToPaymentAt should not be null.
List all pending manual audit requests
GET
/v1/confirm/manual-audit-requests/third-party
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/third-party"
-H "Authorization: Bearer ${token}"
-d 'signatureReviews=true'
Returns a paginated list for all manual audit requests that are awaiting confirmation form the bank authenticated in the API request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| offset | Integer | The offset used for pagination |
| signatureReviews | Boolean | Include signature reviews in the payload? |
| processing | Boolean | Include processing flag in the payload? |
Returns
Response
{
"count": 50,
"total": 97,
"next": 50,
"offset": 0,
"requests": [
{
"token": "5a697491-4eb1-47df-b01b-057075a4e1f8",
"accountNumbers": [
{
"accountNumber": "1234.12.12345",
"company": {
"name": "Blaylock Mining",
"vatNo": "123456789",
"country": "no"
}
}
],
"attachments": [
"3928799b6a48a541173d66b53e72b078df10a58b3dcda6819141bdf9f9f7fbd9",
"0427282d9b69610a23eedebb995ef396db8e847c55ec903e1d6d77e50e1a64e8"
],
"company": {
"country": "no",
"vatNo": "999999999",
"name": "ACME AS"
},
"completedAt": null,
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"sentToPaymentAt": null,
"sentToThirdPartyAt": null,
"signatureReviews": {
"reviewedBy": "Johnny Ringo",
"verified": true,
"reviewedAt": "2023-07-03T14:36:55.608Z",
"company": {
"name": "Blaylock Mining",
"vatNo": "123456789",
"country": "no"
}
},
"step": "started",
"user": {
"company": "Tombstone Bookkeeping",
"country": "no",
"email": "[email protected]",
"ISD": "+47",
"firstName": "Doc",
"lastName": "Holiday",
"phone": "99889988"
}
}
// ...
]
}
Returns a paginated list of manual pending audit requests for the bank authenticated in the API request.
Set processing flag for manual audit requests
POST
/v1/confirm/manual-audit-requests/third-party/processing
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/third-party/processing"
-H "Authorization: Bearer ${token}"
-d
'{
"tokens": [
"dab4363d-20dc-465c-92e0-8f0b1ab4be6c",
"7f1f9ae2-7aec-4d1b-9d67-2829e0edbda7",
"ad793a0f-dc73-4940-ba2c-811c20d0af87"
]
}'
Marks a set of manual audit requests, identified by their unique tokens, as having begun processing by the bank authenticated in the API request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| tokens | List<String> | The list of manual audit request tokens indicating which audit requests to update. |
Returns
Response
{
"successful": [
"dab4363d-20dc-465c-92e0-8f0b1ab4be6c",
"7f1f9ae2-7aec-4d1b-9d67-2829e0edbda7"
],
"failed": ["ad793a0f-dc73-4940-ba2c-811c20d0af87"]
}
Returns a dictionary with two keys: successful containing a list of manual audit request tokens which were successfully set as
started processing, and failed for which the operation failed.
Upload attachments to a manual audit request confirmation
POST
/v1/confirm/manual-audit-requests/:token/confirmations/upload
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/confirmations/upload"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachments[]=@confirmation.pdf
-F attachments[]=@confirmation-2.pdf
-F attachments[]=@confirmation-3.pdf
Uploads one or more files for the confirmation of an audit request, identified by the given token.
A maximum amount of five attachments are allowed to avoid timing out.
This API request does not finalize the audit request - this is only done by sending a confirmation.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<File> | List of files to be added to the confirmation (at most five per request). |
Returns
Response
{ "message": "Uploaded 3 attachments" }
Returns a message indicating the number of attachments uploaded.
Send confirmation for manual audit request
POST
/v1/confirm/manual-audit-requests/:token/confirmations
$ curl "https://api.brevio.com/v1/confirm/manual-audit-requests/:token/confirmations"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachments[]=@confirmation.pdf
-F attachments[]=@confirmation-2.pdf
-F attachments[]=@confirmation-3.pdf
Response
{
"token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
"step": "completed"
}
Sends a confirmation for a manual audit request identified by the given token, finalizing it. This is the only
way to send a confirmation through the API.
A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (no more than five - if you need to upload more than that, use the upload endpoint first).
If you have previously attached all required files, you can omit the attachments parameter from this API request.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<File> | List of files to be added to the confirmation (at most five). |
Returns
Response
{
"token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
"step": "received"
}
Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL,
and step contains the current step of the audit request process for the audit request. This latter value should be completed if
nothing went wrong.
Brevio Sign API
The Sign API grants an authorized API client access to data associated with its entity in the Brevio Sign service.
Sign API core resources
Below are listed all the core resources for the Brevio Confirm API.
Sign request
Sign request
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "99999999"
},
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15",
"sentAt": "2022-10-13T16:29:32",
"signees": [
{
"email": "[email protected]",
"name": null,
"signed": false,
"signedAt": null,
"pid": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"signed": true,
"signedAt": "2022-10-14 13:06:15",
"pid": null
}
],
"step": "sign",
"user": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
}
This object represents a single request for digital signatures for a list of documents by one or more signees. Each sign request pertains to exactly one company, but can contain between 1-5 uploaded documents and as many signees as needed.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier. |
| attachments | List<Attachment> | List of all attachments associated with the sign request. Contains both the original uploaded documents, as well as their digitally signed counterparts. |
| company | Company | The company associated with the sign request. |
| dueDate | Date | The due date of the sign request. Once this date has passed (e.g. past 23:59:59 on the due date itself), the sign request has expired. |
| language | String | The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. |
| lastUpdate | DateTime | When was the sign request last updated? |
| sentAt | DateTime | When was the sign request first sent? This field is null if the request has not been sent. |
| signees | List<Signee> | List of signees associated with the sign request. |
| step | String | Valid values: started, sign, cancelled, completed, archived. |
| user | User | The user associated with the sign request. |
Attachment
Attachment
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
}
This object represents an attachment associated with a sign request. It is either (1) an uploaded document, or (2) a signed PDF.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier. |
| filename | String | Name of the uploaded file. |
| signedPDF | Boolean | Is this a digitally signed PDF? |
| template | String | Unique identifor for an associated document template. |
| title | String | Human-readable title for the attachment. |
Document template
Docment template
{
"token": "a0eaf8107e16f6af3a6d3659afc997d5",
"i18ns": [
{
"language": "nb",
"title": "Revisjonsberetning"
},
{
"language": "en",
"title": "Auditor's report"
}
]
}
This object represents a template which can be associated with an uploaded document. This makes it easier to filter sign requests by their document templates when listing sign requests.
Each document template has mulitple internationalizations, with human-readable titles for each language.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier. |
| i18ns | List<Internationalization> | List of internationalizations associated with the document template. |
Internationalization
Internationalization
{
"language": "nb",
"title": "Årsregnskap"
}
This object represents a internationalization for a document template, containing information about which language it pertains to, and what the human-readable title for the template is.
The internationalizations are managed by audit company administrators through the web UI.
| Attribute | Type | Description |
|---|---|---|
| language | String | The language used for the internationalization. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. |
| title | String | Human-readable title for the internationalization visible to auditors in the graphical user interface. |
Other resources
Company
Company
{
"country": "no",
"name": "ACME AS",
"vatNo": "999999999"
}
| Attribute | Type | Description |
|---|---|---|
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| name | String | The company name as registered in the national registry for the company's country of operation. |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
Signee
Signee
{
"email": "[email protected]",
"name": "Guybrush Threepwood III",
"pid": null,
"signed": true,
"signedAt": "2022-01-01T08:33:12Z"
}
This object represents a signee. If the API client authenticated in the API request has the signee_pid scope,
they can view the signee's Personal ID (PID).
Please contact us for more information.
| Attribute | Type | Description |
|---|---|---|
| String | Email address of the signee. | |
| name | String | Name verified against the personal register of the signee's country of origin (verified during the digital signature). This field is null if the signee has not signed. |
| pid | String | Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. This field is null unless the API client has the signee_pid scope enabled. |
| signed | Boolean | Has the signee signed yet? |
| signedAt | DateTime | When was the sign request signed by this signee? This field is null if the signee hasn't signed. |
User
User
{
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
| Attribute | Type | Description |
|---|---|---|
| address | String | Address for the user's physical office. |
| String | The user's email address. | |
| name | String | Name verified by the national registry/SSO integration. |
List all document templates
GET
/v1/sign/document-templates
$ curl "https://api.brevio.com/v1/sign/document-templates"
-H "Authorization: Bearer ${token}"
Returns a list of all document templates for the audit company authenticated in the API request.
The returned tokens can be used to filter sign requests by the templateToken attribute in the
list all sign requests endpoint.
Scopes
audit_company
Parameters
None.
Returns
Response
{
"templates": [
{
"token": "a0eaf8107e16f6af3a6d3659afc997d5",
"i18ns": [
{
"language": "nb",
"title": "Revisjonsberetning"
},
{
"language": "en",
"title": "Auditor's report"
}
]
},
{
"token": "9a75bf516d7d26b55e96b97a648c566e",
"i18ns": [
{
"language": "nb",
"title": "Årsregnskap"
},
{
"language": "en",
"title": "Annual report"
}
]
}
// ...
]
}
Returns a list of document templates for the audit company authenticated in the API request.
Create attachments
POST
/v1/sign/attachments
curl "https://api.brevio.com/v1/sign/attachments"
--H 'Content-Type: multipart/form-data'
--H "Authorization: Bearer ${token}"
-F "[email protected]"
-F "attachments[]=@engagement_letter.pdf"
-F "attachments[]=@auditor_report.pdf"
Creates an attachment for each uploaded PDF.
A maximum amount of five attachments are allowed to avoid timing out.
The vendor scope can use this endpoint to upload attachments on behalf of its consumers by passing a valid consumerKey.
Returns a dictionary with a list of tokens uniquely identifying each created attachment.
Scopes
audit_company, vendor
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<File> | List of files (only PDF files allowed) to be uploaded. At most five per request. |
| user | String | Email address for the user which should be associated with the uploaded attachments. |
| consumerKey | String | The consumer key for the consumer you wish to create the attachment on behalf of. for vendor scopes. |
Returns
Response
{
"tokens": [
"9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"f0cc7f7e9ade1644913a32b3ba440a8ee019bd9a2c7f69bb3a3c97a484155a63"
]
}
Returns a dictionary with a tokens key, which contains tokens uniquely identifying each created attachment.
Create sign request
POST
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-d'{
"attachments": [
{
"token": "0126a84017de0e70b6440820decbb565",
"title": "Auditor report"
},
{
"token": "95df519c2f4d5bf3040bab3e7a730f60",
"title": "Engagement Letter",
"template": "f7c2e7b859862ac29650bd098dfedfb6"
}
],
"country": "no",
"signees": [
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 2
}
],
"language": "nb",
"dueDays": 14,
"message": "Sign request message",
"user": "[email protected]",
"vatNo": "999999999"
}'
Creates a new sign request for a company (identified by the vatNo and country parameters), containing
a list of PDF documents do be digitally signed (the attachments parameter) by one or more signees (the
signees parameter).
The sign request is associated with the user passed in the user parameter, and there's a validation check whether
the user is employed by the audit company authenticated in the API request at the time of creation.
The vendor scope can use this endpoint to create a sign request on behalf of its consumers by passing a valid consumerKey.
Returns a dictionary with the token of the created sign request.
Scopes
audit_company, vendor
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<> |
List of attachments for the sign request. See attachments for details. |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation. |
| country | String | Which country is the company registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| user | String | Email address used to uniquely identify a user in the audit company making the API request. |
| language | String | The language used for the sign request. Adheres to the ISO 639-1 standard. Valid values: da, en, nb, sv. Defaults to nb. |
| signees | List<> | List of signees associated with the sign request. See signees for details. |
| dueDays | Integer | The number of days until the sign request expires. Valid values: 7, 14, 30. Defaults to 30. |
| message | String | Message to be displayed in the sign request (will replace the default message generated by Brevio). |
| consumerKey | String | The consumer key for the consumer you wish to create the sign request on behalf of. for vendor scopes. |
Attachments
List of attachments referring to previously uploaded PDF files.
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier. |
| title | String | Human-readable title. When there are more than one attachment for a sign request, the titles are joined together with comma-separation. |
| templateToken | String | Token identifying a document template. |
Signees
Signees
[
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 2 // This signee will *only* receive the sign request *after* the previous signee has signed.
}
]
List of signees (identified by their email) who are required to sign all PDF documents in the sign request.
If you want a particular signee to sign the PDF documents before another, you can specify the signing order in the order parameter.
Signees with the same order will receive the sign request at the same time, and those with a larger order will receive the
sign request only after all previous signee orders have signed.
| Attribute | Type | Description |
|---|---|---|
| String | Email address of the signee. | |
| order | Integer | Should this signee sign the sign request in a particular order? |
Returns
Response
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9"
}
Returns a dictionary with a token key containing the unique token for the created sign request.
List all sign requests
GET
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-d '{"vatNo": "999999999", "country": "no" }'
Returns a paginated list for all sign requests for the audit company authenticated in the API request,
filtered by company (identified by the vatNo and country parameters). The results can also optionally
be filtered by a document template.
The payload contains at most 50 requests. To access all sign requests (in cases where there are more than 50) you have to paginate through the results.
Scopes
audit_company, signee_pid
Parameters
| Name | Type | Description |
|---|---|---|
| vatNo | String | VAT number for the audit client. |
| country | String | Which country is the audit client registered in? Two character country code, as defined by ISO 3166-1 alpha-2. Valid values: dk, fi, no,se. |
| offset | Integer | The offset used for pagination. |
| templateToken | String | Unique identifier for a document template to filter the sign requests by. If a sign request contains any attachments with the document template then it is included in the result. |
Returns
Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no"
},
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15Z",
"sentAt": "2022-10-13T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"pid": null,
"signed": true,
"signedAt": "2019-10-14T13:06:15Z"
}
],
"step": "sign",
"user": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
}
// ...
]
}
Returns a paginated list of all sign requests for the audit company authenticated in the API request, filtered by VAT number, country, and optionally document template.
List updated sign requests
GET
/v1/sign/sign-requests/updates
$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
-H "Authorization: Bearer ${token}"
-d '{"fromDate": "2022-01-01"}'
Returns a paginated list for all sign requests for the audit company authenticated in the API request,
which have been updated after a specific date (the fromDate parameter).
The results are inclusive, meaning all passing 2022-01-01 will return all sign requests updated after 2022-01-01 00:001.
The payload contains at most 50 requests. To access all sign requests (in cases where there are more than 50) you have to paginate through the results.
| Name | Type | Description |
|---|---|---|
| fromDate | String | ISO8601 date string representing the inclusive start of the date filter |
| offset | Integer | The offset used for pagination |
Returns
Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no"
},
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15Z",
"sentAt": "2022-10-13T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"pid": null,
"signed": true,
"signedAt": "2019-10-14T13:06:15Z"
}
],
"step": "sign",
"user": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
}
// ...
]
}
Returns a paginated list of all sign requests for the audit company authenticated in the API request, updated after the specified date.
Download attachment
POST
/v1/sign/attachments/:token/signed-url
$ curl "https://api.brevio.com/v1/sign/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
-H "Authorization: Bearer ${token}
Generates a short-lived (24 hours) signed URL in accordance with information security
best practices to download the attachment identified by the given token.
Scopes
audit_company
Parameters
None.
Returns
Response
{
"filename": "signed-auditor-report.pdf",
"url": "https://cdn.brevio.com/signed-auditor-report.pdf"
}
Returns a dictionary with a filename field indicating the filename of the attachment, and an url field
containing the signed URL.
Brevio Signature Right API
The signature right API grants an authorized API client access to data used to verify whether a given national ID is allowed to digitally sign documents for a given company, either in combination with others or individually.
Through the API you can accomplish the following:
- Retrieve Signature Right information: Get information regarding a person's signature right for a given company.
Signature Right API core resources
Signature Right
| Attribute | Type | Description |
|---|---|---|
| changeDate | Date | The date when signing rule was last changed (valid from) |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation |
| country | String | Two letter ISO country code |
| nationalId | String | National Id / SSN |
| signatureRight | String | Signature right. Valid values are 'ALONE' or 'GROUP' |
Get signature right
GET
/v1/signature-right
$ curl "https://api.brevio.com/v1/signature-right?vatNo=${vat_no}" \
"&nationalId=${national_id}&country=${country}"
-H "Authorization: Bearer ${token}"
Response
{
"changeDate": "2019-12-11",
"vatNo": "5564779444",
"nationalId": "196805029268",
"signatureRight": "ALONE"
}
This endpoint returns signature rights information for a given combination of VAT number, national ID (SSN), and country code.
Currently Swedish, Norwegian, and Danish companies are supported using country code se for Sweden, no for Norway, and dk for Denmark.
Scopes
signature_right
Parameters
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number for the company (8 digits for danish, 9 digits for Norwegian, and 10 digits for Swedish). |
| nationalId | String | National ID/ SSN |
| country | String | Countries for which the check is performed. Valid countries: se no dk |
Returns
Returns the signature right for the given vatNo, nationalId, and country.
Changelog
All requests to the Brevio APIs check whether the Brevio-Version header is present, and applies the
API version present (if valid). If the header isn't present the API uses your account's API settings.
Example: Sending 2023-02-14 as Brevio-Version will force the request to use the API version released on February 14th, 2023.
October 4, 2023 - 2023-10-04
API responses
- Renames and changes several fields on the audit request. See 2023-10-04 for details.
- Renames
senttosentAtfor confirmations.
Endpoint changes
- Renames parameters
auditAccountNumbersandlastingPowerOfAttorneytoaccountNumbersandlpafor creating audit requests. - Removes parameter
reviewedSignaturesfor list all pending audit requests and list all pending manual audit requests. - Renames parameter
bankStartedProcessingtoprocessingfor list all pending audit requests and list all pending manual audit requests. - Renames
auditRequestTokenstotokensfor finalizing audit requests, setting proccesing flag, and setting processing flag for manual audit requests. - Removes parameter
processingfor setting processing flag. - Renames parameter
phoneCountryCodetoISDfor creating manual audit requests. - Removes parameter
processingfor setting processing flag for manual audit requests. - Renames "Upload power of attorney" endpoint to "Upload attachment" for manual audit requests, and changes the URL. See upload attachment to manual audit request.
April 24, 2023 - 2023-04-24
- Adds support for generic LPAs
March 24, 2023 - 2023-03-24
- Removes
endDatefrom the lasting power of attorney creation as these now will not expire unless explicitly revoked or audit company resigns as auditor. endDatewill returnnullfor List all LPAs and Create LPA if lasting power of attorney is created with latest api version or withoutendDatespecified, meaning it's witout an expiration date.
March 20, 2023 - 2023-03-20
- Adds new endpoint for setting audit requests as started processing by banks.
- Adds support for filtering on
startedProcessingin list all pending audit requests endpoint for banks.
March 1, 2023 - 2023-03-01
- Adds support for bank review on audit requests. Please contact Brevio to enable this feature.
When enabled, the bank can send in the field
reviewedSignaturesas part of the third party endpoint to get all their reviewed audit requests. The audit request will also return an array of bankReviewedCompanySignatures.
February 14, 2023 - 2023-02-14
- Adds support for Finnish companies which entails a few things:
countryparameter is now required in addition tovatNofor both company and subsidiaries.- For backwards compatibility; if no
countryis supplied for older API versions, it will assume Denmark and not Finland as these are the same VAT number length. countryis also added to theCompanyresponse objects.
November 3, 2022 - 2022-11-03
- Adds support for sending audit account numbers as part of the create audit requests endpoint.
October 26, 2022 - 2022-10-26
- Adds support for creating and listing lasting powers of attorney in the Confirm API.
October 24, 2022 - 2022-10-24
- Adds support for all types of audit requests in the Confirm API.
October 13, 2022 - 2022-10-13
- Adds support for all audit request types in the creation of audit requests for the Confirm API.
October 1, 2022 - 2022-10-01
- Adds support for multiple account numbers for audit requests in Confirm API. Key:
accountNumbers. - Adds support for multiple signees for audit requests in Confirm API. Key:
signees. - Changes response type for
companykey in audit request response to an object rather than a string in Confirm API. - Changes response type for
confirmationkey in audit request response from list of strings to an object in Confirm API. - Removes deprecated
daughterCompanieskey for creating batch of audit requests in Confirm API. - Renames
auditorkey in audit request response touserin Confirm API. - Removes deprecated keys from audit request response in Confirm API:
companyName,daughterCompanies,signee,signeePID,clientEmail. - Renames key
nametofilenamein download attachment response in Confirm API. - Renames
sentkey in sign request response tosentAtfor Sign API. - Renames keys
signedNameandsigneePIDtonameandpidfor Sign API.
1.0
Initial release of the Brevio API.
Audit request
2023-10-04
Attributes
- Renames
bankReviewedCompanySignaturesfield tosignatureReviews. - Renames
bankStartedProcessingfield tostartedProcessing. - Changes
lastingPowerOfAttorneyfield fromstringto . - Renames
sentToClientfield tosentToClientAt.
2023-03-24
Create lasting power of attorney
Parameters
The end date for for LPAs is now removed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor.
Removed
| Name | Type | Description |
|---|---|---|
| endDate | String | ISO8601 date string. |
List lasting powers of attorney
Response
[
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
"endDate": null, // Changed to nullable
"signed": false,
"language": "en",
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no"
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no"
}
}
]
Respose
The end date for for LPAs is now changed as LPAs from now on should not expire unless explicitly revoked or audit company resigns as auditor. This means that if the LPA is set to not expire the endDate will be null.
| Name | Type | Description |
|---|---|---|
| endDate | String | ISO8601 date string. |
2023-03-01
List all pending audit requests for third party (banks)
New request parameter
This option is exclusively for banks, please contact Brevio to enable the feature if needed.
| Name | Type | Required | Description |
|---|---|---|---|
| reviewedSignatures | boolean | false | Optional field to return reviewed audit requests |
New response attributes
| Name | Type | Description |
|---|---|---|
| bankReviewedCompanySignatures | BankReviewedCompanySignature | Only available if review is enabled for the bank |
BankReviewedCompanySignature
| Name | Type | Description |
|---|---|---|
| reviewedBy | string | Field for banks to keep tabs on who internally reviewed the audit request signature |
| reviewedAt | datetime | When the employee reviewed the audit request signature |
| verified | boolean | The signature is either rejected or verified |
| company | Company | Which company was reviewed |
GET
/v1/confirm/audit-requests/third-party
$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party?reviewedSignatures=true"
-H "Authorization: Bearer ${token}"
Response
{
"count": 33,
"offset": 0,
"next": 0,
"total": 33,
"requests": [
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [],
"auditCompany": "Brevio AS",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signees": [
{
"email": "[email protected]",
"name": "Art Vandelay",
"pid": null,
"signed": true
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"step": "third-party",
"subsidiaries": [],
"thirdParty": "DNB",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
},
"bankReviewedCompanySignatures": [
{
"reviewedBy": "Bob",
"verified": true,
"reviewedAt": "2022-10-03T11:00:23Z",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
}
]
}
// ...
]
}
2023-02-14
POST
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '
{
"language": "nb",
"vatNo": "999999999",
"country": "no"
"signees": [
"[email protected]",
"[email protected]",
"[email protected]"
],
"user": "[email protected]",
"auditRequests": [
{
"bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
"cutOffDate": "2022-12-31",
"subsidiaries": [
{ vatNo: "999999998", country: "no" },
{ vatNo: "99999988", country: "fi" }
],
"auditAccountNumbers": [
{
"accountNumber": "12341212345",
"company": {
"country": "no",
"vatNo": "999888999"
}
}
]
},
// ...
]
}
'
New attributes
Create audit request
| Name | Type | Description |
|---|---|---|
| country | string | Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to |
| subsidiaries | List<Company> | Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary. |
| auditAccountNumbers | List<AuditAccountNumber> | Changed company property in AuditAccountNumber from a string containing the VAT number to a Company object with vatNo and country |
GET
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"attachments": [],
"auditCompany": "Brevio AS",
"clientEmail": "[email protected]",
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"step": "client",
"thirdParty": "DNB",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no" // New property
},
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"subsidiaries": [
{
"name": "ACME Doorknobs Oy",
"vatNo": "99999988",
"country": "fi" // New property
}
],
"user": {
"name": "Arthur Auditor",
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]"
}
}
List audit requests
| Name | Type | Description |
|---|---|---|
| country | string | Adds country to Company for company and subsidiaries |
| accountNumber | Company | Changes company property in accountNumber from a string with VAT number to a Company object consisting of vatNo and country |
Create lasting power of attorney
POST
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '
{
"endDate": "2025-11-24",
"bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"vatNo": "999999998",
"country": "no",
"subsidiaries": [
{ "vatNo": "999888777", "country": "no" },
{ "vatNo": "999888666", "country": "no" }
],
"signees": ["[email protected]", "[email protected]"]
}
'
Response
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
"endDate": "2025-11-24",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
},
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "test company 1",
"vatNo": "999999996",
"country": "no" // New property
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "Test company",
"vatNo": "999999998",
"country": "no" // New property
}
}
| Name | Type | Description |
|---|---|---|
| country | string | Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to |
| subsidiaries | List<Company> | Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary. |
List lasting powers of attorneys
GET
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d'
{
"companies": [{"vatNo": "999999999", "country": "no"}], # New property, replaces `vatNumbers`
"bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
}'
| Name | Type | Description |
|---|---|---|
| companies | List<Company> | Replaces vatNumbers - Changed from list of VAT numbers to list of Company objects where vatNo and country are required per company. |
Response
[
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
"endDate": "2025-11-24",
"signed": false,
"language": "en",
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no" // New property
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no" // New property
}
}
]
2022-10-01
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2022-10-01"
Audit request
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"attachments": [],
"auditCompany": "Brevio AS",
"clientEmail": "[email protected]",
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"step": "client",
"thirdParty": "DNB",
// New attributes
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": "999999999"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999999999"
},
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"subsidiaries": [
{
"name": "ACME Doorknobs AS",
"vatNo": "999999998"
}
],
"user": {
"name": "Arthur Auditor",
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]"
}
}
New attributes
| Name | Type | Description |
|---|---|---|
| acccountNumbers | List<AccountNumber> | List of account numbers associated with the audit request. |
| company | Company | The main audit client |
| confirmation | Confirmation/null | Confirmation for the audit request. This field is null if the audit request has not been confirmed |
| signees | Signee[] | List of signees associated with the audit request |
| subsidiaries | List<Company> | List of subsidiaries associated with the audit request |
| user | User | The user associated with the sign request |
Removed attributes
| Name | Reason |
|---|---|
| acccountNumber | Audit requests can have multiple account numbers |
| auditor | The user keyword is more explicit |
| company | Replaces the string value with the Company object |
| companyName | Replaces the string value with the Company object |
| clientEmail | Audit requests can have multiple signees |
| daughterCompanies | Deprecated. Use subsidiaries instead |
| signee | Audit requests can have multiple signees |
| signeePID | Audit requests can have multiple signees |
1.0
Audit request
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumber": "1232.20.12313",
"attachments": [],
"auditCompany": "Brevio AS",
"auditor": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Auditor"
},
"clientEmail": "[email protected]",
"company": "999999999",
"companyName": "ACME AS",
"confirmation": [
"3c2d6bb220754baecb477d894483b341a7affaf4d22b3df85e2afac3cea9789c",
"139f8ad345b828c669b96d8b27a594cf6f0c9d43aae2ec244d73cda3bb155a31"
],
"cutOffDate": "2022-12-31",
"daughterCompanies": [],
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signee": "Guybrush Threepwood",
"step": "third-party",
"subsidiaries": [],
"thirdParty": "DNB"
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| accountNumber | String | A single, verified bank account number for a particular company in a particular bank |
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees). |
| auditCompany | String | Name of the audit company to which the associated auditor of the audit request belongs |
| auditor | Auditor | The auditor associated with the request |
| clientEmail | String | Email address for the signee for the audit request |
| company | String | The VAT number of the main audit client |
| companyName | String | Audit client name, validated against the Norwegian company register |
| confirmation | List<String> | List of tokens used to uniquely identify an attachment uploaded as part of the confirmation |
| cutOffDate | Date | The end of the fiscal year for the associated audit client |
| language | String | The language used for the audit request. |
| lastUpdate | DateTime | Last time step was updated |
| manualReview | Boolean | Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template. |
| requestType | String | The type of the audit request. |
| sentToClient | Date | Date the audit request was first sent its signees |
| signee | String/null | The name of the person that has digitally signed the audit request, received from BankID. Null if the request has not been signed |
| signeePID | String/null | Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope signee_pid |
| step | String | The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post' |
| subsidiaries | List<String> | List of VAT numbers for subsidiaries associated with the audit request |
| thirdParty | String | Name of the audit request's associated third party |
Auditor
| Attribute | Type | Description |
|---|---|---|
| address | String | Address for the user's physical office |
| String | Email address | |
| name | String | User name verified by the national registry/SSO integration |
Sign request
2023-02-14
POST
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d'{
"vatNo": "999999999",
"country": "no", # New paramater
"signees": [
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 2
}
],
"language": "nb",
"dueDays": 14,
"message": "Sign request message",
"user": "[email protected]",
"attachments": [
{
"token": "0126a84017de0e70b6440820decbb565",
"title": "Auditor report"
},
{
"token": "95df519c2f4d5bf3040bab3e7a730f60",
"title": "Engagement Letter",
"template": "f7c2e7b859862ac29650bd098dfedfb6"
}
]
}'
New attributes - Create sign request
Added country as required parameter.
| Name | Type | Description |
|---|---|---|
| country | String | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
GET
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '{
"vatNo": "999999999",
"country": "no" # New required parameter
}'
Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no" // New property
},
"dueDate": "2022-11-13",
"dueDays": 30,
"lastUpdate": "2022-10-14T13:06:15Z",
"sent": "2022-10-13T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"pid": null,
"signed": true,
"signedAt": "2019-10-14T13:06:15Z"
}
],
"step": "sign"
}
]
}
New attributes - List all sign request
Added country as required parameter and added country to Company return object.
| Name | Type | Description |
|---|---|---|
| country | String | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
GET
/v1/sign/sign-requests/updates
$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '{"fromDate": "2022-01-01"}'
Response
{
"count": 13,
"offset": 0,
"next": 0,
"total": 13,
"requests": [
{
"token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
"attachments": [
{
"token": "b26859539b1e671d6fd96e71eb2cabc2",
"filename": "auditor-report-2022.pdf",
"signedPDF": false,
"title": "Auditor report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no" // New property
},
"dueDate": "2022-01-31",
"dueDays": 30,
"lastUpdate": "2022-01-01T13:06:15Z",
"sent": "2022-01-01T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
}
],
"step": "sign"
}
]
}
New attributes - List all updated sign request
Added country to Company object
| Name | Type | Description |
|---|---|---|
| country | String | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
2022-10-01
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2022-10-01"
Sign request
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15",
"step": "sign",
// New attributes
"sentAt": "2022-10-13T16:29:32",
"signees": [
{
"email": "[email protected]",
"name": null,
"signed": false,
"signedAt": null,
"pid": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"signed": true,
"signedAt": "2022-10-14 13:06:15",
"pid": null
}
],
"company": {
"name": "ACME AS",
"vatNo": "99999999"
},
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
}
}
New attributes
Renamed signee fields signeePID and signedName to pid and name respectively.
| Name | Type | Description |
|---|---|---|
| company | Company | The company associated with the sign request |
| sentAt | DateTime | Date and time sign request was sent to all signees |
| user | User | The user associated with the sign request |
Removed attributes
| Name | Reason |
|---|---|
| company | Replaces the string value with the Company object |
| sent | Use sentAt instead |
Errors
Response
{
"status": 400,
"message": "Bad request: vatNo is missing"
}
The Brevio APIs use the following error codes.
| Code | Description |
|---|---|
| 400 | Bad request - The request is invalid. |
| 401 | Unauthorized - Your API credentials are wrong, or you do not have access to this resource. |
| 404 | Not found - The specified resource could not be found. |
| 500 | Internal server error - We experienced an internal error. If the error persists, please contact us. |