Introduction
The Brevio API is organized around REST.
Currently our APIs offer insight into data from the following services:
- Brevio Confirm (available for banks and audit companies)
- Brevio Sign (available for audit companies)
- Brevio Signature-right
After registering you have instant access to our staging environment.
Once you have tested and verified your integration, you are ready to go through the process of accessing our production environment and your data. To begin this process, please contact us.
Parameters
$ curl "https://api.brevio.com/v1/some-endpoint"
-H "Content-Type: application/json"
-d '{ "param": "value", "param2": "value2" }'
For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:
GET https://api.brevio.com/v1/some-endpoint?param=value¶m2=value2
For POST requests, parameters not included in the URL should be encoded as JSON with a Content-Type of application/json unless otherwise noted.
All noted parameters are required unless specified otherwise.
Dates and DateTimes
All responses from our APIs are native values (e.g. integers, strings, and arrays of native values). Response attributes
defined as Date or DateTime are ISO8601 compliant string representations for these values. e.g. 2022-01-01 and 2022-01-01T00:00:00Z
respectively.
Environments
The Brevio APIs are available in two separate environments:
- https://api-dev.brevio.com (staging)
- https://api.brevio.com (production)
To test your integration you should first authenticate against the staging environment - the production environment won't be available to your registered user until you have signed an API license deal. To begin this process, please contact us.
Versioning
When backwards-incompatible changes are made to the API, a new, dated version is released. The current version is 2023-02-14. To see all API updates, view the changelog.
All requests use your account API settings, unless you override the API version. To set the API version for a specific
request, send a Brevio-Version header.
Unless otherwise noted, all documentation examples use the latest API version. If your payload differs from the documentation, you have a different API version in your account API settings.
After using the Brevio-Version header to test your integration against the latest API version, please
contact us to upgrade your account API settings.
Authentication
To ensure the Brevio APIs adhere to the latest security standards we utilise Oauth 2.0 to authenticate and authorize API clients.
We use the "client_credentials" grant flow from
the Oauth 2.0 specification to authorize access to API endpoints.
If you want to authenticate against our staging environment all you have to do is register a new API user to begin the process described below.
Credentials
Once you've registered a new user you will be given a client_id and a client_secret. These will be used to retrieve access tokens, based upon which scope you have access to.
Currently audit_company, bank, signature_right, signee_pid, and vendor are valid scopes. All scopes will be
validated by Brevio upon the creation of an API client.
The signature_right and signee_pid scopes requires specific access, please contact us for more information.
The vendor scope allows an API client to perform API calls on behalf of a consumer, which is identified by
a unique consumerKey passed with each API call. Please contact us for more information.
Access tokens
We use bearer tokens to verify access to all Brevio API endpoints. Access tokens are generated by
passing a base64 encoded valid client_id and client_secret combination to the access token creation endpoint.
Create access token
POST
/auth/token
$ curl "https://api.brevio.com/auth/token"
-H "Authorization: Basic ${base64_encoded_client_id_and_secret}"
-d '{ "grant_type": "client_credentials", "scope": "bank" }'
API Response
{
"access_token": "tLUowHOUa2dmanlU_pr9WazuI_ubjRNoXMBeg_jzCo0",
"api_version": "1.0",
"token_type": "Bearer",
"expires_in": 1209600,
"created_at": 1665131755
}
To retrieve an access token you need to base64 encode your client_id and client_secret
and pass them to the Basic authentication scheme.
You also need to specify the grant_type to be client_credentials, as well
as specify the scope your client has access to.
Parameters
| Name | Type | Description |
|---|---|---|
| grant_type | String | Must be 'client_credentials' |
| scope | String | Valid values: 'audit_company' 'bank' 'signature_right' 'signee_pid' 'vendor' |
Returns
Returns a valid access token for the given scope(s). The access token will indicate which API version the token is valid for.
Brevio Confirm API
The Confirm API grants your authorized API client access to data associated with its entity in the Brevio Confirm service, whether you represent a bank or an audit company.
Through the API you can accomplish the following:
- Retrieve data for audit requests: Access all audit requests associated with your entity
- Mark audit requests as finalized: If an auditor has received a confirmation outside Brevio the audit request can be finalized without user input
- Download attachments: Download attachments for audit requests associated with your entity
- Create new audit requests: Create new audit requests in batches to the same client
- Reply to audit requests: Upload confirmations for your entity's received audit requests
Confirm API core resources
Below are listed all the core resources for the Brevio Confirm API.
Audit request
Audit requests define a single request for a confirmation from a third party for a particular audit client. A third party can be
either a bank, lawyer, supplier, or client. Each audit request pertains to exactly one audit client (named company in
the response payload), and any number of subsidiaries.
For instance, you might send an audit request to DNB for "Acme Doors AS", and include "Acme Doorknobs AS" and "Acme Keyholes AS" as subsidiaries in the audit request.
Audit request
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [],
"auditCompany": "Brevio AS",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": {
"attachments": [
"3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"a4c60323af9e76bb9877a75631dd6a51d62db93929a223ac4d91eacabf2bda1a"
],
"sent": "2023-01-01"
},
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signees": [
{
"email": "[email protected]",
"name": "Arthur Dent",
"pid": null,
"signed": true
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"step": "received",
"subsidiaries": [
{
"name": "ACME Doorknobs Oy",
"vatNo": "99999988",
"country": "fi"
}
],
"thirdParty": "DNB",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
},
"bankReviewedCompanySignatures": [
{
"reviewedBy": "Bob",
"verified": true,
"reviewedAt": "2022-10-03T11:00:23Z",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
}
]
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| acccountNumbers | List<AccountNumber> | List of account numbers associated with the audit request. |
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees). |
| auditCompany | String | Name of the audit company to which the associated auditor of the audit request belongs |
| company | Company | The main audit client |
| confirmation | Confirmation/null | Confirmation for the audit request. This field is null if the audit request has not been confirmed |
| cutOffDate | Date | The end of the fiscal year for the associated audit client |
| language | String | The language used for the audit request. |
| lastUpdate | DateTime | Last time step was updated |
| manualReview | Boolean | Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template. |
| requestType | String | The type of the audit request. |
| sentToClient | Date | Date the audit request was first sent its signees |
| signees | Signee[] | List of signees associated with the audit request |
| step | String | The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post' |
| subsidiaries | List<Company> | List of subsidiaries associated with the audit request |
| thirdParty | String | Name of the audit request's associated third party |
| user | User | The user associated with the audit request |
| bankReviewedCompanySignatures | BankReviewedCompanySignature | Only available if review is enabled for the bank |
BankReviewedCompanySignature
| Name | Type | Description |
|---|---|---|
| reviewedBy | string | Field for banks to keep tabs on who internally reviewed the audit request signature |
| reviewedAt | datetime | When the employee reviewed the audit request signature |
| verified | boolean | The signature is either rejected or verified |
| company | Company | Which company was reviewed |
Account number
Account number
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
| Attribute | Type | Description |
|---|---|---|
| accountNumber | String | A single, verified bank account number for a particular company in a particular bank |
| company | Company | Company object with vatNo and country of the associated company, validated against the national registry for its associated country |
Bank
Bank
{
"token": "4d88918a739dc0407dba87260e0cacf36a534079f26ad590e5c7a5fc3281b1ac",
"country": "no",
"disabled": false,
"name": "DNB"
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| country | String | Two character country code, as defined by ISO 3166-1 alpha-2. E.g. `'no' |
| disabled | Boolean | Disabled banks cannot receive new audit requests, but they can have existing requests sent before the disabling occurred |
| name | String | The name of the bank. Not guaranteed to be unique. |
Company
Company
{
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
| Attribute | Type | Description |
|---|---|---|
| name | String | The company name as registered in the national registry for the company's country of operation |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation |
| country | String | Two letter ISO country code for which the VAT number belongs to |
Confirmation
Confirmation
{
"attachments": [
"9e9f430c1d8e8716ae71d6311fb76e4534fd4959e8b2299d505afcfafd32c60d",
"b82c013b8e3f9ae73352500d322a39538b269938bc9737e5f2a4d9df240d3e38"
],
"sent": "2023-01-01T08:03:01Z"
}
| Attribute | Type | Description |
|---|---|---|
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the confirmation |
| sent | DateTime | Time the third party sent the audit request confirmation |
Signee
Signee
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
| Attribute | Type | Description |
|---|---|---|
| String | Email address | |
| name | String/null | Name verified against the personal register of the signee's country of origin (verified during digital signature) |
| pid | String/null | Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope 'signee_pid' |
| signed | Boolean | Boolean flag indicating whether the signee has digitally signed the audit request |
User
User
{
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
| Attribute | Type | Description |
|---|---|---|
| address | String | Address for the user's physical office |
| String | Email address | |
| name | String | User name verified by the national registry/SSO integration |
Common
Lists all API endpoints for both audit companies and banks.
Download attachment
POST
/v1/confirm/attachments/:token/signed-url
$ curl "https://api.brevio.com/v1/confirm/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
-H "Authorization: Bearer ${token}
API Response
{
"filename": "signed-power-of-attorney.pdf",
"url": "https://cdn.brevio.com/signed-power-of-attorney.pdf"
}
Generates a short-lived (24 hours) signed URL in accordance with information security
best pratices to download the attachment with the given token.
The attachments can be PDFs, images, Microsoft Office files (.xlsx etc.) and XML files.
Scopes
audit_company, bank
Parameters
None.
Returns
Returns a dictionary with a name field indicating the filename of the attachment, and an url field
containing the signed URL.
Audit companies
Lists all API endpoints only available to audit companies.
Create audit requests
POST
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-d '
{
"language": "nb",
"vatNo": "999999999",
"country": "no"
"signees": [
"[email protected]",
"[email protected]",
"[email protected]"
],
"user": "[email protected]",
"auditRequests": [
{
"bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
"cutOffDate": "2022-12-31",
"subsidiaries": [
{ vatNo: "999999998", country: "no" },
{ vatNo: "99999988", country: "fi" }
]
},
// ...
]
}
'
API Response
{
"tokens": [
"616f6a6e7c4c5a3067afff6e6cd4ab0b4b889dfc922ef0f767d8a4d7cb7eddb0",
"11abefac8cc529470fc8f1b73db29598cc49e51e049e158b68e4fe8ce5fb8628",
"1f8c6c2b24ea3b7d51ec802a6c1396ef1c35edc7d3cd184693dbf0a617824cfa"
],
"sent": true // if false, the user has received an e-mail prompting her to register a Brevio account and authenticate through BankID
}
Creates one or more audit requests for an audit client identified by the vatNo parameter. We only allow emails with an associated Brevio account (the user parameter), authenticated either through SSO or BankID, to send audit requests on behalf of an audit company.
To see all banks that are supported please consult the list all banks endpoint.
Returns a list of tokens used to uniquely identify the created audit requests, ordered by creation date alongside a flag which indicates whether the audit requests were sent or not.
Scopes
audit_company
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| auditRequests | List<AuditRequestParams> | true | Audit requests that will be sent to the audit client |
| language | String | true | The language used for the e-mail sent to the audit client (also controls the language for the signing process) |
| user | String | true | E-mail address used to uniquely identify a user in the audit company making the API request. If the user is already registered in Brevio the audit request will instantly show up in her dashboard. If she is not registered she will receive an e-mail notifying her that she has been assigned to an audit request |
| vatNo | String | true | The VAT number for the audit requests' associated audit client |
| country | String | true | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
| signees | List<String> | false | List of email addresses for all signees that need to digitally sign the audit request. This field is required if lasting powers of attorney is not included for all audit requests. |
Audit request parameter
| Name | Type | Required | Description |
|---|---|---|---|
| cutOffDate | String | true | ISO8601 date string representing the end of the fiscal year for the associated audit client |
| bank | String | false | Token of the bank the audit request pertains to (see endpoint for listing banks GET /v1/confirm/banks) |
| language | String | false | Language for the audit request, also sets the language for the confirmation process. Valid values: 'nb', 'en', 'sv', 'da'. Defaults to 'nb' |
| subsidiaries | List<Company> | false | List of Companies with vatNo and country for any associated subsidiaries for the audit request, only available for bank and lawyer request type |
| reminder | Boolean | false | Boolean flag determining whether the audit requests should generate reminder emails to audit clients and third parties if they are not responded to in a timely fashion. Defaults to true |
| requestType | String | false | Specifies which kind of third party the audit request pertains to. Valid values: lawyer, bank, supplier, client. Defaults to bank |
| balance | BalanceParam | false | When sending request type client and supplier. Leave this field blank if you are testing completeness. Add the the balance as of cutOffDate if testing existence. |
| thirdPartyRecipient | String | false | Name of third party, required if the request type is not bank |
| thirdPartyEmail | String | false | Email of the third party that should confirm the audit request, this field is not needed in case the request type is a bank. |
| lastingPowerOfAttorney | String | false | Unique token for a lasting power of attorney (LPA) to be used for the audit request, this is only available for request type bank. If the LPA is not signed and does not have any signees we will populate it based on the signees param. If it is populated and not signed, but does not contain all signees provided in the signees field we will raise an error. NB: If the LPA is signed, the audit request will be sent directly to the bank, otherwise it will first be sent to the signees. |
| auditAccountNumbers | List<AuditAccountNumberParam> | false | List of audit account numbers for the given company and subsidiaries, this field is only valid for request type bank where the bank requires one or more account numbers to be specified. |
Balance parameter
| Name | Type | Description |
|---|---|---|
| amount | String | The amount you wish the client or supplier to verify. |
| currency | String | Currency codes adhere to the ISO 4217 standard |
Audit Account number Parameter
| Attribute | Type | Description |
|---|---|---|
| accountNumber | String | A single, verified bank account number for a particular company in a particular bank |
| company | Company | A Company object with vatNo and country for the associated company, validated against the national registry for its associated country |
Company in Subsidiaries and Audit Account number parameter
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number of the subsidiary. |
| country | String | Two letter ISO country code for which the VAT number belongs to |
Returns
A list of the created audit requests' tokens and a boolean flag indicating whether the requests were sent or not.
List all audit requests
GET
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-d '{ "vatNo": "999999999", "country": "no" }'
API Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [],
"auditCompany": "Brevio AS",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"step": "client",
"subsidiaries": [],
"thirdParty": "DNB",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
}
}
// ...
]
}
Returns a paginated list for all audit requests sent to an audit client identified by their VAT number.
The response contains at most 50 audit requests. To access all audit requests (in cases where there are more than 50) you have to paginate through the results.
Scopes
audit_company
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| vatNo | String | true | The VAT number for the audit requests' associated audit client |
| country | String | true | Two letter ISO country code for where the VAT number belongs to. |
| offset | Integer | false | The offset used for pagination |
| requestType | RequestType | false | The desired request type you wish to filter the results by (see Audit Request attribute description below for a list of valid values) |
Returns
A paginated list of all audit requests filtered by VAT number.
Finalize an audit request
POST /v1/confirm/audit-requests/finalize
$ curl "https://api.brevio.com/v1/confirm/audit-requests/finalize"
-H "Authorization: Bearer ${token}"
-d
'{
"auditRequestTokens": [
"64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
"d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
"fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
]
}'
API response
{
"successful": [
"64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
"d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
],
"failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}
Marks a set of audit requests, identified by their unique tokens, as received by the auditor outside of Brevio.
A total of 10 audit request tokens are allowed with each request.
Scopes
audit_company
Parameters
| Name | Type | Description |
|---|---|---|
| auditRequestTokens | List<String> | The list of audit request tokens indicating which audit requests to finalize. NB A maximum of 10 tokens is allowed |
Returns
A dictionary with two keys: successful containing a list of audit request tokens which were finalized, and failed, which is a list of audit request tokens which failed during finalization.
List all banks
GET
/v1/confirm/banks
$ curl "https://api.brevio.com/v1/confirm/banks"
-H "Authorization: Bearer ${token}"
API Response
[
{
"token": "4d88918a739dc0407dba87260e0cacf36a534079f26ad590e5c7a5fc3281b1ac",
"country": "no",
"disabled": false,
"name": "DNB",
"hasLPA": true
}
// ...
]
Returns a list of all supported banks.
Scopes
audit_company
Parameters
None.
Returns
Lists all supported banks.
Create lasting power of attorney
POST
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-d '
{
"endDate": "2025-11-24",
"bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"vatNo": "999999998",
"country": "no",
"subsidiaries": [
{ "vatNo": "999888777", "country": "no" },
{ "vatNo": "999888666", "country": "no" }
],
"signees": ["[email protected]", "[email protected]"]
}
'
API Response
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
"endDate": "2025-11-24",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
},
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "test company 1",
"vatNo": "999999996",
"country": "no"
},
{
"name": "test company 2",
"vatNo": "999999997",
"country": "no"
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "Test company",
"vatNo": "999999998",
"country": "no"
}
}
Creates a new lasting power of attorney (LPA). LPAs are powers of attorney which last for up to 5 years, and can be re-used when sending audit requests of behalf of audit clients. When an active LPA is used, the audit client doesn’t need to sign the audit request, and the request itself will go directly to the bank (with the LPA attached). The LPA needs to be signed before it becomes active, so the first time the LPA is used with an audit request, the LPA is sent to the associated signees for signature. This endpoint does not send anything, and instead creates an unsigned LPA which can be attached to a new audit request (through the create-audit-requests endpoint).
Scopes
audit_company
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| vatNo | String | true | The VAT number of the client |
| country | String | true | Two letter ISO country code for where the VAT number belongs to. |
| bank | String | true | Token of the bank the audit request pertains to (see endpoint for listing banks GET /v1/confirm/banks). NB! The bank has to support Lasting powers of attorney |
| endDate | String | false | ISO8601 date string representing the end of the duration of the lasting powers of attorney, default value is current date + 5 years (max value). |
| subsidiaries | List<Company> | false | List of Companies with vatNo and country for any associated subsidiaries |
| forceCreate | Boolean | false | Boolean flag, used to brute force create. Be very careful when using this flag as all existing Lasting powers of attorneys that are associated with the given VAT number (including subsidiaries) will be disabled when all signees has signed! You have to contact support to re-enable LPAs, we advice caution and that you double check on the get endpoint before using this! |
| signees | List<String> | false | List of email addresses for all signees that need to digitally sign the audit request. If signees is not provided we will populate it based on the first time it is used when creating audit requests. |
| language | String | false | The language code used for generating the PDF, based on the templates of your audit requests. Valid values are nb, se, de or en and default value is en |
Company param
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number of the associated client |
| country | String | The two letter ISO country code of the associated client |
List lasting powers of attorney
GET
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-d'
{
"companies": [{"vatNo": "999999999", "country": "no"}],
"bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
}'
| Name | Type | Required | Description |
|---|---|---|---|
| bank | String | true (if tokens is nil) |
Token of the bank the audit request pertains to (see endpoint for listing banks GET /v1/confirm/banks). Required if tokens is nil |
| companies | List<Company> | true (if tokens is nil) |
Companies with vatNo and country to filter the LPAs by. If this field is present, the bank field is required. |
| tokens | List<String> | true (if bank and companies are nil) |
Unique identifying tokens of existing LPAs to filter the results by |
API Response
[
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
"endDate": "2025-11-24",
"signed": false,
"language": "en",
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no"
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no"
}
},
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b3",
"endDate": "2025-11-24",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no"
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no"
}
}
]
Banks
Lists all API endpoints only available to banks.
List all pending audit requests
GET
/v1/confirm/audit-requests/third-party
$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party"
-H "Authorization: Bearer ${token}"
API Response
{
"count": 33,
"offset": 0,
"next": 0,
"total": 33,
"requests": [
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [],
"auditCompany": "Brevio AS",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signees": [
{
"email": "[email protected]",
"name": "Art Vandelay",
"pid": null,
"signed": true
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"step": "third-party",
"subsidiaries": [],
"thirdParty": "DNB",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
},
"bankReviewedCompanySignatures": [
{
"reviewedBy": "Bob",
"verified": true,
"reviewedAt": "2022-10-03T11:00:23Z",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
}
]
}
// ...
]
}
Returns a paginated list for all audit requests that have been digitally signed and are awaiting confirmation from their respective third parties. The list is filtered based on the bank associated with the API client.
Scopes
bank
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| offset | Integer | false | The offset used for pagination |
| reviewedSignatures | boolean | false | Optional field to return reviewed audit requests |
Returns
A paginated list of pending audit requests for the bank associated with the API client.
Upload attachments to a confirmation
POST
/v1/confirm/audit-requests/:token/confirmations/upload
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/upload"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachments[]=@confirmation.pdf
-F attachments[]=@confirmation-2.pdf
-F attachments[]=@confirmation-3.pdf
API Response
{ "message": "Uploaded 3 attachments" }
Uploads one or more files for the confirmation of an audit request, identified by the given token. NOTE: This does not finalize the audit request, that is only done through the confirmation endpoint.
Scopes
bank
Parameters
| Name | Type | Description |
|---|---|---|
| attachments | List<File> | List of files (at most five) |
Returns
Returns a message to indicate the number of attachments uploaded.
Finalize erroneous audit request with comment
POST
/v1/confirm/audit-requests/:token/confirmations/comment
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/comment"
-H "Authorization: Bearer ${token}"
-d '{ "comment": "The client (999999998) is not a customer of our bank" }'
API Response
{ "message": "Audit request completed and notification sent to auditor" }
Marks an audit request, identified by the given token, as finalized and sent in error.
This is the case if an auditor has sent an audit request to a bank for a client (or subsidiary) which isn't a customer of the bank. The bank must provide an explanatory comment (maximum 200 characters)
Once the comment has been sent, the auditor will receive a notification that the audit request has been finalized.
Scopes
bank
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| comment | String | true | Comment clarifying why the audit request was sent in error (maximum 200 characters). |
Returns
Returns a textual message indicating that the operation was successful.
Send a confirmation
POST
/v1/confirm/audit-requests/:token/confirmations
$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations"
-H "Content-Type: multipart/form-data"
-H "Authorization: Bearer ${token}"
-F attachments[]=@confirmation.pdf
-F attachments[]=@confirmation-2.pdf
-F attachments[]=@confirmation-3.pdf
API Response
{
"token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
"step": "received"
}
Sends a confirmation for an audit request identified by the given token, finalizing it.
A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (5 maximum).
Scopes
bank
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| attachments | List<File> | false | List of files (at most five) |
Returns
Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL,
and step contains the current step of the audit request process for the audit request. This latter value should be received if
nothing went wrong.
Brevio Sign API
The Sign API grants an authorized API client access to data associated with its entity in the Brevio Sign service.
Through the API you can accomplish the following:
- Create new sign requests: Create new sign requests without the need for human interaction through the web service.
- Retrieve data for sign requests: Access all sign requests associated with your audit company, conditionally filtered by document templates or update dates.
- Download signed documents: Download all digitally signed uploaded PDFs associated with a sign request.
Sign API core resources
Sign request
Sign request
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "99999999"
},
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15",
"sentAt": "2022-10-13T16:29:32",
"signees": [
{
"email": "[email protected]",
"name": null,
"signed": false,
"signedAt": null,
"pid": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"signed": true,
"signedAt": "2022-10-14 13:06:15",
"pid": null
}
],
"step": "sign",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
}
}
A sign request represents a request to sign a list of documents by one or more signees. Each sign request is associated with exactly one company (identified by the company's VAT number, verified by the national registry in the company's country of business).
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| attachments | List<Attachment> | List of attachments |
| company | Company | The company associated with the sign request |
| dueDate | Date | Date the current sign request is due (e.g. can no longer be signed) |
| lastUpdate | DateTime | Last time step was updated |
| sentAt | DateTime | Date and time sign request was sent to all signees |
| signees | List<Signee> | List of all associated signees |
| step | String | The step in the signature process the request is currently at. Valid values: 'started' 'sign' 'completed' 'archived' 'cancelled' |
| user | User | The user associated with the sign request |
Attachment
Attachment
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier for the attachment |
| filename | String | Filename for the attachment |
| signedPDF | Boolean | Boolean flag indicating whether this is a digitally signed PDF |
| template | String? | Unique identifor for an optional associated document template |
| title | String | The title for the uploaded attachment |
Company
Company
{
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
| Attribute | Type | Description |
|---|---|---|
| name | String | The company name as registered in the national registry for the company's country of operation |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation |
| country | String | Two letter ISO country code for where the company resides in. |
Document Template
Docment template
{
"token": "a0eaf8107e16f6af3a6d3659afc997d5",
"i18ns": [
{
"language": "nb",
"title": "Revisjonsberetning"
},
{
"language": "en",
"title": "Auditor's report"
}
]
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier for the document template. |
| i18ns | List<Internationalization> | List of all associated internationalizations. |
Internationalization
Internationalization
{
"language": "nb",
"title": "Årsregnskap"
}
| Attribute | Type | Description |
|---|---|---|
| language | String | Language code adhereing to the ISO 639-1 standard. |
| title | String | Title for the internationalization visible to auditors in the graphical user interface. |
Signee
Signee
{
"email": "[email protected]",
"name": "Guybrush Threepwood III",
"pid": null,
"signed": true,
"signedAt": "2022-01-01T08:33:12Z"
}
| Attribute | Type | Description |
|---|---|---|
| String | The signee's email address (where all sign requests will be sent) | |
| name | String/null | Name retrieved from the national registry upon completing the signature process |
| pid | String/null | Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope 'signee_pid' |
| signed | Boolean | Has the signee signed the sign request? |
| signedAt | DateTime/null | When was the sign request signed by this signee? (if at all) |
User
User
{
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Dent"
}
| Attribute | Type | Description |
|---|---|---|
| address | String | Address for the user's physical office |
| String | Email address | |
| name | String | User name verified by the national registry/SSO integration |
List all document templates
GET
/v1/sign/document-templates
$ curl "https://api.brevio.com/v1/sign/document-templates"
-H "Authorization: Bearer ${token}"
API Response
{
"templates": [
{
"token": "a0eaf8107e16f6af3a6d3659afc997d5",
"i18ns": [
{
"language": "nb",
"title": "Revisjonsberetning"
},
{
"language": "en",
"title": "Auditor's report"
}
]
},
{
"token": "9a75bf516d7d26b55e96b97a648c566e",
"i18ns": [
{
"language": "nb",
"title": "Årsregnskap"
},
{
"language": "en",
"title": "Annual report"
}
]
}
]
}
Returns a list of all document templates.
A document template has a list of internationalizations (returned as i18ns).
These internationalizations are managed by admins for the audit company and provide a legible title for
auditors to choose from in the graphical user interface.
The returned tokens can be used to filter sign requests by the templateToken attribute in the
list all sign requests endpoint.
Scopes
audit_company
Parameters
None.
Returns
Returns a list of document templates.
Create attachments
POST
/v1/sign/attachments
curl "https://api.brevio.com/v1/sign/attachments"
--H 'Content-Type: multipart/form-data'
--H "Authorization: Bearer ${token}"
-F "[email protected]"
-F "attachments[][email protected]_letter.pdf"
-F "attachments[][email protected]_report.pdf"
API Response
{
"tokens": [
"9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"f0cc7f7e9ade1644913a32b3ba440a8ee019bd9a2c7f69bb3a3c97a484155a63"
]
}
Creates one or more attachments for uploaded PDFs. Currently a maximum of five attachments are allowed per API request.
A vendor can use this endpoint to upload attachments on behalf of its consumers by passing a valid consumerKey.
Returns a list of tokens uniquely identifying each attachment.
Scopes
audit_company, vendor
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| attachments | List<File> | true | List of files (only PDF files allowed) to be uploaded to the Brevio platform. Currently a maximum of five attachments per API request is allowed. |
| user | String | true | Email address for the user which should be associated with the uploaded attachments. |
| consumerKey | String | false | The consumer key for the consumer you wish to create the attachment on behalf of. Required for vendor scopes. |
Returns
Returns a dictionary containing a list of tokens uniquely identifying each attachment.
Create a sign request
POST
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-d'{
"vatNo": "999999999",
"country": "no",
"signees": [
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 2
}
],
"language": "nb",
"dueDays": 14,
"message": "Sign request message",
"user": "[email protected]",
"attachments": [
{
"token": "0126a84017de0e70b6440820decbb565",
"title": "Auditor report"
},
{
"token": "95df519c2f4d5bf3040bab3e7a730f60",
"title": "Engagement Letter",
"template": "f7c2e7b859862ac29650bd098dfedfb6"
}
]
}'
API Response
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9"
}
Creates a new sign request for a list of attachments to be signed by one or more signees for a particular company (identified by their VAT number).
A vendor can use this endpoint to create a sign request on behalf of its consumers by passing a valid consumerKey.
Once the sign request is created, it is not sent right away, but placed in the 'Started' column for the associated auditor to be edited/verified before sending.
Returns the token of the created sign request.
Scopes
audit_company, vendor
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| attachments | List<AttachmentParam> | true | List of Attachments for the sign request (currently a maximum of five attachments per sign request is allowed). |
| vatNo | String | true | The VAT number for the sign request's associated company |
| country | String | true | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
| language | String | true | The language of the sign request. Valid values: 'nb' 'en' 'sv' 'da'. Defaults to 'nb'. |
| user | String | true | Email address used to uniquely identify a user in the audit company making the API request. |
| signees | List<SigneeParam> | false | List of Signees who are required to sign the sign request. |
| dueDays | Integer | false | The number of days hence until the sign request expires. Valid values: 7 14 30. Defaults to 30. |
| message | String | false | Message to be displayed in the sign request (will replace the default message). |
| consumerKey | String | false | The consumer key for the consumer you wish to create the sign request on behalf of. Required for vendor scopes. |
Attachment parameter
| Attribute | Type | Required | Description |
|---|---|---|---|
| token | String | true | Unique token identifying the attachment (received when creating the attachment) |
| title | String | true | Title for the uploaded attachment, shown in a comma-separated list in the sign request |
| template | String | false | Token identifying an optional DocumentTemplate for this attachment |
Signee parameter
| Attribute | Type | Required | Description |
|---|---|---|---|
| String | true | Email address | |
| order | Integer | false | Signature order for the signee. Add this only if you want the particular signee to sign before or after other signees (signees with the same order will receive the sign request at the same time.) |
Returns
Returns a dictionary containing the unqiue token for the created sign request.
List all sign requests
GET
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-d '{"vatNo": "999999999", "country": "no" }'
API Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no"
},
"dueDate": "2022-11-13",
"dueDays": 30,
"lastUpdate": "2022-10-14T13:06:15Z",
"sent": "2022-10-13T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"pid": null,
"signed": true,
"signedAt": "2019-10-14T13:06:15Z"
}
],
"step": "sign"
}
// ...
]
}
Returns a paginated list for all sign requests sent to a company identified by their VAT number. The results can also optionally be filtered by a document template.
The payload contains at most 50 requests. To access all associated sign requests (in cases where there are more than 50) you have to paginate through the results.
Scopes
audit_company, signee_pid (optional)
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| vatNo | String | true | The VAT number to filter the list by |
| country | String | true | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
| templateToken | String | false | The token of a desired document template you wish to filter the results by. If a sign request contains any attachments with the provided document template then it is included in the result. |
| offset | Integer | false | The offset used for pagination |
Returns
Returns a paginated list of all sign requests filtered by VAT number and (optionally) a document template.
List updated sign requests
GET
/v1/sign/sign-requests/updates
$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
-H "Authorization: Bearer ${token}"
-d '{"fromDate": "2022-01-01"}'
API Response
{
"count": 13,
"offset": 0,
"next": 0,
"total": 13,
"requests": [
{
"token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
"attachments": [
{
"token": "b26859539b1e671d6fd96e71eb2cabc2",
"filename": "auditor-report-2022.pdf",
"signedPDF": false,
"title": "Auditor report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no"
},
"dueDate": "2022-01-31",
"dueDays": 30,
"lastUpdate": "2022-01-01T13:06:15Z",
"sent": "2022-01-01T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
}
],
"step": "sign"
}
// ...
]
}
Returns a paginated list of all sign requests updated after a specific date (fromDate parameter). The results are inclusive, meaning
all passing 2022-01-01 will return all sign requests updated after 2022-01-01 00:001.
The payload contains at most 50 requests. To access all associated sign requests (in cases where there are more than 50) you have to paginate through the results.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| fromDate | String | true | ISO8601 date string representing the inclusive start of the date filter |
| offset | Integer | false | The offset used for pagination |
Returns
Returns a paginated list of all sign requests updated after the specified date.
Download attachment
POST
/v1/sign/attachments/:token/signed-url
$ curl "https://api.brevio.com/v1/sign/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
-H "Authorization: Bearer ${token}
API Response
{
"filename": "signed-auditor-report.pdf",
"url": "https://cdn.brevio.com/signed-auditor-report.pdf"
}
Generates a short-lived (24 hours) signed URL in accordance with information security
best pratices to download the attachment with the given token.
Scopes
audit_company
Parameters
None.
Returns
Returns a dictionary with a filename field indicating the filename of the attachment, and an url field
containing the signed URL.
Brevio Signature Right API
The signature right API grants an authorized API client access to data used to verify whether a given national ID is allowed to digitally sign documents for a given company, either in combination with others or individually.
Through the API you can accomplish the following:
- Retrieve Signature Right information: Get information regarding a person's signature right for a given company.
Signature Right API core resources
Signature Right
| Attribute | Type | Description |
|---|---|---|
| changeDate | Date | The date when signing rule was last changed (valid from) |
| vatNo | String | The VAT number for the company, validated against the national registry for the company's country of operation |
| country | String | Two letter ISO country code |
| nationalId | String | National Id / SSN |
| signatureRight | String | Signature right. Valid values are 'ALONE' or 'GROUP' |
Get signature right
GET
/v1/signature-right
$ curl "https://api.brevio.com/v1/signature-right?vatNo=${vat_no}" \
"&nationalId=${national_id}&country=${country}"
-H "Authorization: Bearer ${token}"
API Response
{
"changeDate": "2019-12-11",
"vatNo": "5564779444",
"nationalId": "196805029268",
"signatureRight": "ALONE"
}
This endpoint returns signature rights information for a given combination of VAT number, national ID (SSN), and country code.
Currently Swedish, Norwegian, and Danish companies are supported using country code se for Sweden, no for Norway, and dk for Denmark.
Scopes
signature_right
Parameters
| Name | Type | Description |
|---|---|---|
| vatNo | String | The VAT number for the company (8 digits for danish, 9 digits for Norwegian, and 10 digits for Swedish). |
| nationalId | String | National ID/ SSN |
| country | String | Countries for which the check is performed. Valid countries: se no dk |
Returns
Returns the signature right for the given vatNo, nationalId, and country.
Changelog
All requests to the Brevio APIs check whether the Brevio-Version header is present, and applies the
API version present (if valid). If the header isn't present the API uses your account API settings.
Example: Sending 2023-02-14 as Brevio-Version will force the request to use the API version released on February 14th, 2023.
March 1, 2023
- Adds support for bank review on audit requests. Please contact Brevio to enable this feature.
When enabled, the bank can send in the field
reviewedSignaturesas part of the third party endpoint to get all their reviewed audit requests. The audit request will also return an array of bankReviewedCompanySignatures.
February 14, 2023
- Adds support for Finnish companies which entails a few things:
countryparameter is now required in addition tovatNofor both company and subsidiaries.- For backwards compatibility; if no
countryis supplied for older API versions, it will assume Denmark and not Finland as these are the same VAT number length. countryis also added to theCompanyresponse objects.
November 3, 2022
- Added support for sending audit account numbers as part of the create audit requests endpoint.
October 26, 2022
- Adds support for creating and listing lasting powers of attorney in the Confirm API.
October 24, 2022
- Adds support for all types of audit requests in the Confirm API.
October 13, 2022
- Adds support for all audit request types in the creation of audit requests for the Confirm API.
October 1, 2022
- Adds support for multiple account numbers for audit requests in Confirm API. Key:
accountNumbers. - Adds support for multiple signees for audit requests in Confirm API. Key:
signees. - Changes response type for
companykey in audit request response to an object rather than a string in Confirm API. - Changes response type for
confirmationkey in audit request response from list of strings to an object in Confirm API. - Removes deprecated
daughterCompanieskey for creating batch of audit requests in Confirm API. - Renames
auditorkey in audit request response touserin Confirm API. - Removes deprecated keys from audit request response in Confirm API:
companyName,daughterCompanies,signee,signeePID,clientEmail. - Renames key
nametofilenamein download attachment response in Confirm API. - Renames
sentkey in sign request response tosentAtfor Sign API. - Renames keys
signedNameandsigneePIDtonameandpidfor Sign API.
1.0
Initial release of the Brevio API.
Audit request
2023-03-01
List all pending audit requests for third party (banks)
New request parameter
This option is exclusively for banks, please contact Brevio to enable the feature if needed.
| Name | Type | Required | Description |
|---|---|---|---|
| reviewedSignatures | boolean | false | Optional field to return reviewed audit requests |
New response attributes
| Name | Type | Description |
|---|---|---|
| bankReviewedCompanySignatures | BankReviewedCompanySignature | Only available if review is enabled for the bank |
BankReviewedCompanySignature
| Name | Type | Description |
|---|---|---|
| reviewedBy | string | Field for banks to keep tabs on who internally reviewed the audit request signature |
| reviewedAt | datetime | When the employee reviewed the audit request signature |
| verified | boolean | The signature is either rejected or verified |
| company | Company | Which company was reviewed |
GET
/v1/confirm/audit-requests/third-party
$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party?reviewedSignatures=true"
-H "Authorization: Bearer ${token}"
API Response
{
"count": 33,
"offset": 0,
"next": 0,
"total": 33,
"requests": [
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"attachments": [],
"auditCompany": "Brevio AS",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
},
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signees": [
{
"email": "[email protected]",
"name": "Art Vandelay",
"pid": null,
"signed": true
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"step": "third-party",
"subsidiaries": [],
"thirdParty": "DNB",
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
},
"bankReviewedCompanySignatures": [
{
"reviewedBy": "Bob",
"verified": true,
"reviewedAt": "2022-10-03T11:00:23Z",
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no"
}
}
]
}
// ...
]
}
2023-02-14
POST
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '
{
"language": "nb",
"vatNo": "999999999",
"country": "no"
"signees": [
"[email protected]",
"[email protected]",
"[email protected]"
],
"user": "[email protected]",
"auditRequests": [
{
"bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
"cutOffDate": "2022-12-31",
"subsidiaries": [
{ vatNo: "999999998", country: "no" },
{ vatNo: "99999988", country: "fi" }
],
"auditAccountNumbers": [
{
"accountNumber": "12341212345",
"company": {
"country": "no",
"vatNo": "999888999"
}
}
]
},
// ...
]
}
'
New attributes
Create audit request
| Name | Type | Description |
|---|---|---|
| country | string | Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to |
| subsidiaries | List<Company> | Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary. |
| auditAccountNumbers | List<AuditAccountNumber> | Changed company property in AuditAccountNumber from a string containing the VAT number to a Company object with vatNo and country |
GET
/v1/confirm/audit-requests
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"attachments": [],
"auditCompany": "Brevio AS",
"clientEmail": "[email protected]",
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"step": "client",
"thirdParty": "DNB",
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": {
"vatNo": "999888999",
"country": "no"
}
}
],
"company": {
"name": "ACME AS",
"vatNo": "999999999",
"country": "no" // New property
},
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"subsidiaries": [
{
"name": "ACME Doorknobs Oy",
"vatNo": "99999988",
"country": "fi" // New property
}
],
"user": {
"name": "Arthur Auditor",
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]"
}
}
List audit requests
| Name | Type | Description |
|---|---|---|
| country | string | Adds country to Company for company and subsidiaries |
| accountNumber | Company | Changes company property in accountNumber from a string with VAT number to a Company object consisting of vatNo and country |
Create lasting power of attorney
POST
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '
{
"endDate": "2025-11-24",
"bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"vatNo": "999999998",
"country": "no",
"subsidiaries": [
{ "vatNo": "999888777", "country": "no" },
{ "vatNo": "999888666", "country": "no" }
],
"signees": ["[email protected]", "[email protected]"]
}
'
API Response
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
"endDate": "2025-11-24",
"signed": false,
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
},
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "test company 1",
"vatNo": "999999996",
"country": "no" // New property
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "Test company",
"vatNo": "999999998",
"country": "no" // New property
}
}
| Name | Type | Description |
|---|---|---|
| country | string | Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to |
| subsidiaries | List<Company> | Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary. |
List lasting powers of attorneys
GET
/v1/confirm/lasting-powers-of-attorney
$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d'
{
"companies": [{"vatNo": "999999999", "country": "no"}], # New property, replaces `vatNumbers`
"bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
}'
| Name | Type | Description |
|---|---|---|
| companies | List<Company> | Replaces vatNumbers - Changed from list of VAT numbers to list of Company objects where vatNo and country are required per company. |
API Response
[
{
"token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
"endDate": "2025-11-24",
"signed": false,
"language": "en",
"signees": [
{
"name": null,
"signed": false,
"email": "[email protected]"
}
],
"subsidiaries": [
{
"name": "Brev Invest AS",
"vatNo": "927146878",
"country": "no" // New property
}
],
"bank": {
"token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
"name": "test",
"hasLPA": true,
"country": "no"
},
"company": {
"name": "BRE Boligutleie AS",
"vatNo": "925178845",
"country": "no" // New property
}
}
]
2022-10-01
$ curl "https://api.brevio.com/v1/confirm/audit-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2022-10-01"
Audit request
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"attachments": [],
"auditCompany": "Brevio AS",
"clientEmail": "[email protected]",
"confirmation": null,
"cutOffDate": "2022-12-31",
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"step": "client",
"thirdParty": "DNB",
// New attributes
"accountNumbers": [
{
"accountNumber": "1232.20.12313",
"company": "999999999"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999999999"
},
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false
},
{
"email": "[email protected]",
"name": "Guybrush Threepwood",
"pid": null,
"signed": true
}
],
"subsidiaries": [
{
"name": "ACME Doorknobs AS",
"vatNo": "999999998"
}
],
"user": {
"name": "Arthur Auditor",
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]"
}
}
New attributes
| Name | Type | Description |
|---|---|---|
| acccountNumbers | List<AccountNumber> | List of account numbers associated with the audit request. |
| company | Company | The main audit client |
| confirmation | Confirmation/null | Confirmation for the audit request. This field is null if the audit request has not been confirmed |
| signees | Signee[] | List of signees associated with the audit request |
| subsidiaries | List<Company> | List of subsidiaries associated with the audit request |
| user | User | The user associated with the sign request |
Removed attributes
| Name | Reason |
|---|---|
| acccountNumber | Audit requests can have multiple account numbers |
| auditor | The user keyword is more explicit |
| company | Replaces the string value with the Company object |
| companyName | Replaces the string value with the Company object |
| clientEmail | Audit requests can have multiple signees |
| daughterCompanies | Deprecated. Use subsidiaries instead |
| signee | Audit requests can have multiple signees |
| signeePID | Audit requests can have multiple signees |
1.0
Audit request
{
"token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
"accountNumber": "1232.20.12313",
"attachments": [],
"auditCompany": "Brevio AS",
"auditor": {
"address": "Gatevei 1313, 0561 Oslo",
"email": "[email protected]",
"name": "Arthur Auditor"
},
"clientEmail": "[email protected]",
"company": "999999999",
"companyName": "ACME AS",
"confirmation": [
"3c2d6bb220754baecb477d894483b341a7affaf4d22b3df85e2afac3cea9789c",
"139f8ad345b828c669b96d8b27a594cf6f0c9d43aae2ec244d73cda3bb155a31"
],
"cutOffDate": "2022-12-31",
"daughterCompanies": [],
"language": "nb",
"lastUpdate": "2022-10-02T11:53:23Z",
"manualReview": false,
"requestType": "bank",
"sentToClient": "2022-10-01",
"signee": "Guybrush Threepwood",
"step": "third-party",
"subsidiaries": [],
"thirdParty": "DNB"
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| accountNumber | String | A single, verified bank account number for a particular company in a particular bank |
| attachments | List<String> | List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees). |
| auditCompany | String | Name of the audit company to which the associated auditor of the audit request belongs |
| auditor | Auditor | The auditor associated with the request |
| clientEmail | String | Email address for the signee for the audit request |
| company | String | The VAT number of the main audit client |
| companyName | String | Audit client name, validated against the Norwegian company register |
| confirmation | List<String> | List of tokens used to uniquely identify an attachment uploaded as part of the confirmation |
| cutOffDate | Date | The end of the fiscal year for the associated audit client |
| language | String | The language used for the audit request. |
| lastUpdate | DateTime | Last time step was updated |
| manualReview | Boolean | Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template. |
| requestType | String | The type of the audit request. |
| sentToClient | Date | Date the audit request was first sent its signees |
| signee | String/null | The name of the person that has digitally signed the audit request, received from BankID. Null if the request has not been signed |
| signeePID | String/null | Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope signee_pid |
| step | String | The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post' |
| subsidiaries | List<String> | List of VAT numbers for subsidiaries associated with the audit request |
| thirdParty | String | Name of the audit request's associated third party |
Auditor
| Attribute | Type | Description |
|---|---|---|
| address | String | Address for the user's physical office |
| String | Email address | |
| name | String | User name verified by the national registry/SSO integration |
Sign request
2023-02-14
POST
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d'{
"vatNo": "999999999",
"country": "no", # New paramater
"signees": [
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 1
},
{
"email": "[email protected]",
"order": 2
}
],
"language": "nb",
"dueDays": 14,
"message": "Sign request message",
"user": "[email protected]",
"attachments": [
{
"token": "0126a84017de0e70b6440820decbb565",
"title": "Auditor report"
},
{
"token": "95df519c2f4d5bf3040bab3e7a730f60",
"title": "Engagement Letter",
"template": "f7c2e7b859862ac29650bd098dfedfb6"
}
]
}'
New attributes - Create sign request
Added country as required parameter.
| Name | Type | Description |
|---|---|---|
| country | String | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
GET
/v1/sign/sign-requests
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '{
"vatNo": "999999999",
"country": "no" # New required parameter
}'
API Response
{
"count": 50,
"offset": 0,
"next": 50,
"total": 131,
"requests": [
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no" // New property
},
"dueDate": "2022-11-13",
"dueDays": 30,
"lastUpdate": "2022-10-14T13:06:15Z",
"sent": "2022-10-13T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"pid": null,
"signed": true,
"signedAt": "2019-10-14T13:06:15Z"
}
],
"step": "sign"
}
]
}
New attributes - List all sign request
Added country as required parameter and added country to Company return object.
| Name | Type | Description |
|---|---|---|
| country | String | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
GET
/v1/sign/sign-requests/updates
$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2023-02-14"
-d '{"fromDate": "2022-01-01"}'
API Response
{
"count": 13,
"offset": 0,
"next": 0,
"total": 13,
"requests": [
{
"token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
"attachments": [
{
"token": "b26859539b1e671d6fd96e71eb2cabc2",
"filename": "auditor-report-2022.pdf",
"signedPDF": false,
"title": "Auditor report"
}
],
"company": {
"name": "ACME AS",
"vatNo": "999888999",
"country": "no" // New property
},
"dueDate": "2022-01-31",
"dueDays": 30,
"lastUpdate": "2022-01-01T13:06:15Z",
"sent": "2022-01-01T16:29:32Z",
"signees": [
{
"email": "[email protected]",
"name": null,
"pid": null,
"signed": false,
"signedAt": null
}
],
"step": "sign"
}
]
}
New attributes - List all updated sign request
Added country to Company object
| Name | Type | Description |
|---|---|---|
| country | String | Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi' |
2022-10-01
$ curl "https://api.brevio.com/v1/sign/sign-requests"
-H "Authorization: Bearer ${token}"
-H "Brevio-Version: 2022-10-01"
Sign request
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15",
"step": "sign",
// New attributes
"sentAt": "2022-10-13T16:29:32",
"signees": [
{
"email": "[email protected]",
"name": null,
"signed": false,
"signedAt": null,
"pid": null
},
{
"email": "[email protected]",
"name": "Ford Prefect",
"signed": true,
"signedAt": "2022-10-14 13:06:15",
"pid": null
}
],
"company": {
"name": "ACME AS",
"vatNo": "99999999"
},
"user": {
"email": "[email protected]",
"officeAddress": "Gatevei 1313, 0561 Oslo"
}
}
New attributes
Renamed signee fields signeePID and signedName to pid and name respectively.
| Name | Type | Description |
|---|---|---|
| company | Company | The company associated with the sign request |
| sentAt | DateTime | Date and time sign request was sent to all signees |
| user | User | The user associated with the sign request |
Removed attributes
| Name | Reason |
|---|---|
| company | Replaces the string value with the Company object |
| sent | Use sentAt instead |
1.0
Sign request
{
"token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
"attachments": [
{
"token": "21d2b46ae46b16845caad19c2d6aac34",
"filename": "engagement-letter-2021.pdf",
"signedPDF": false,
"template": null,
"title": "Engagement letter"
},
{
"token": "181fddae6a0edbc880ffe4c189e02aa0",
"filename": "auditor-report-2021.pdf",
"signedPDF": false,
"template": "5f7ea5f1501d289e04fb6f14a118bf80",
"title": "Auditor's report"
}
],
"company": "999999999",
"dueDate": "2022-11-13",
"lastUpdate": "2022-10-14T13:06:15",
"sent": "2022-10-13T16:29:32",
"signees": [
{
"email": "[email protected]",
"signed": false,
"signedAt": null,
"signedName": null,
"signeePID": null
},
{
"email": "[email protected]",
"signed": true,
"signedAt": "2022-10-14 13:06:15",
"signedName": "Ford Prefect",
"signeePID": null
}
],
"step": "sign"
}
| Attribute | Type | Description |
|---|---|---|
| token | String | Unique identifier |
| attachments | List<Attachment> | List of attachments |
| company | String | The VAT number for the company, validated against the national registry for the company's country of operation |
| dueDate | Date | Date the current sign request is due (e.g. can no longer be signed) |
| lastUpdate | DateTime | Last time step was updated |
| sent | DateTime | Date and time sign request was sent to all signees |
| signees | List<Signee> | List of all associated signees |
| step | String | The step in the signature process the request is currently at. Valid values: 'started' 'sign' 'completed' 'archived' 'cancelled' |
Errors
Error response
{
"status": 400,
"error_description": "Bad request: vatNo is missing"
}
The Brevio APIs use the following error codes:
| Code | Description |
|---|---|
| 400 | Bad Request -- Your request is invalid. |
| 401 | Unauthorized -- Your API credentials or authentication token is wrong. |
| 404 | Not Found -- The specified resource could not be found. |
| 500 | Internal Server Error -- We had a problem with our server. Send us an e-mail, or try again later. |