NAV

Introduction

The Brevio API is organized around REST.

Currently our APIs offer insight into data from the following services:

After registering you have instant access to our staging environment.

Once you have tested and verified your integration, you are ready to go through the process of accessing our production environment and your data. To begin this process, please contact us.

Parameters

$ curl "https://api.brevio.com/v1/some-endpoint"
  -H "Content-Type: application/json"
  -d '{ "param": "value", "param2": "value2" }'

For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:

GET https://api.brevio.com/v1/some-endpoint?param=value&param2=value2

For POST requests, parameters not included in the URL should be encoded as JSON with a Content-Type of application/json unless otherwise noted. All noted parameters are required unless specified otherwise.

Dates and DateTimes

All responses from our APIs are native values (e.g. integers, strings, and arrays of native values). Response attributes defined as Date or DateTime are ISO8601 compliant string representations for these values. e.g. 2022-01-01 and 2022-01-01T00:00:00Z respectively.

Environments

The Brevio APIs are available in two separate environments:

To test your integration you should first authenticate against the staging environment - the production environment won't be available to your registered user until you have signed an API license deal. To begin this process, please contact us.

Versioning

When backwards-incompatible changes are made to the API, a new, dated version is released. The current version is 2023-02-14. To see all API updates, view the changelog.

All requests use your account API settings, unless you override the API version. To set the API version for a specific request, send a Brevio-Version header.

Unless otherwise noted, all documentation examples use the latest API version. If your payload differs from the documentation, you have a different API version in your account API settings.

After using the Brevio-Version header to test your integration against the latest API version, please contact us to upgrade your account API settings.

Authentication

To ensure the Brevio APIs adhere to the latest security standards we utilise Oauth 2.0 to authenticate and authorize API clients.

We use the "client_credentials" grant flow from the Oauth 2.0 specification to authorize access to API endpoints.

If you want to authenticate against our staging environment all you have to do is register a new API user to begin the process described below.

Credentials

Once you've registered a new user you will be given a client_id and a client_secret. These will be used to retrieve access tokens, based upon which scope you have access to.

Currently audit_company, bank, signature_right, signee_pid, and vendor are valid scopes. All scopes will be validated by Brevio upon the creation of an API client.

The signature_right and signee_pid scopes requires specific access, please contact us for more information.

The vendor scope allows an API client to perform API calls on behalf of a consumer, which is identified by a unique consumerKey passed with each API call. Please contact us for more information.

Access tokens

We use bearer tokens to verify access to all Brevio API endpoints. Access tokens are generated by passing a base64 encoded valid client_id and client_secret combination to the access token creation endpoint.

Create access token

POST /auth/token

$ curl "https://api.brevio.com/auth/token"
  -H "Authorization: Basic ${base64_encoded_client_id_and_secret}"
  -d '{ "grant_type": "client_credentials", "scope": "bank" }'

API Response

{
  "access_token": "tLUowHOUa2dmanlU_pr9WazuI_ubjRNoXMBeg_jzCo0",
  "api_version": "1.0",
  "token_type": "Bearer",
  "expires_in": 1209600,
  "created_at": 1665131755
}

To retrieve an access token you need to base64 encode your client_id and client_secret and pass them to the Basic authentication scheme.

You also need to specify the grant_type to be client_credentials, as well as specify the scope your client has access to.

Parameters

Name Type Description
grant_type String Must be 'client_credentials'
scope String Valid values: 'audit_company' 'bank' 'signature_right' 'signee_pid' 'vendor'

Returns

Returns a valid access token for the given scope(s). The access token will indicate which API version the token is valid for.

Brevio Confirm API

The Confirm API grants your authorized API client access to data associated with its entity in the Brevio Confirm service, whether you represent a bank or an audit company.

Through the API you can accomplish the following:

Confirm API core resources

Below are listed all the core resources for the Brevio Confirm API.

Audit request

Audit requests define a single request for a confirmation from a third party for a particular audit client. A third party can be either a bank, lawyer, supplier, or client. Each audit request pertains to exactly one audit client (named company in the response payload), and any number of subsidiaries.

For instance, you might send an audit request to DNB for "Acme Doors AS", and include "Acme Doorknobs AS" and "Acme Keyholes AS" as subsidiaries in the audit request.

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "vatNo": "999888999",
        "country": "no"
      }
    }
  ],
  "attachments": [],
  "auditCompany": "Brevio AS",
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999",
    "country": "no"
  },
  "confirmation": {
    "attachments": [
      "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "a4c60323af9e76bb9877a75631dd6a51d62db93929a223ac4d91eacabf2bda1a"
    ],
    "sent": "2023-01-01"
  },
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "signees": [
    {
      "email": "[email protected]",
      "name": "Arthur Dent",
      "pid": null,
      "signed": true
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "step": "received",
  "subsidiaries": [
    {
      "name": "ACME Doorknobs Oy",
      "vatNo": "99999988",
      "country": "fi"
    }
  ],
  "thirdParty": "DNB",
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  },
  "bankReviewedCompanySignatures": [
    {
      "reviewedBy": "Bob",
      "verified": true,
      "reviewedAt": "2022-10-03T11:00:23Z",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      }
    }
  ]
}
Attribute Type Description
token String Unique identifier
acccountNumbers List<AccountNumber> List of account numbers associated with the audit request.
attachments List<String> List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany String Name of the audit company to which the associated auditor of the audit request belongs
company Company The main audit client
confirmation Confirmation/null Confirmation for the audit request. This field is null if the audit request has not been confirmed
cutOffDate Date The end of the fiscal year for the associated audit client
language String The language used for the audit request.
lastUpdate DateTime Last time step was updated
manualReview Boolean Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template.
requestType String The type of the audit request.
sentToClient Date Date the audit request was first sent its signees
signees Signee[] List of signees associated with the audit request
step String The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post'
subsidiaries List<Company> List of subsidiaries associated with the audit request
thirdParty String Name of the audit request's associated third party
user User The user associated with the audit request
bankReviewedCompanySignatures BankReviewedCompanySignature Only available if review is enabled for the bank
BankReviewedCompanySignature
Name Type Description
reviewedBy string Field for banks to keep tabs on who internally reviewed the audit request signature
reviewedAt datetime When the employee reviewed the audit request signature
verified boolean The signature is either rejected or verified
company Company Which company was reviewed

Account number

Account number

{
  "accountNumber": "1232.20.12313",
  "company": {
    "vatNo": "999888999",
    "country": "no"
  }
}
Attribute Type Description
accountNumber String A single, verified bank account number for a particular company in a particular bank
company Company Company object with vatNo and country of the associated company, validated against the national registry for its associated country

Bank

Bank

{
  "token": "4d88918a739dc0407dba87260e0cacf36a534079f26ad590e5c7a5fc3281b1ac",
  "country": "no",
  "disabled": false,
  "name": "DNB"
}
Attribute Type Description
token String Unique identifier
country String Two character country code, as defined by ISO 3166-1 alpha-2. E.g. `'no'
disabled Boolean Disabled banks cannot receive new audit requests, but they can have existing requests sent before the disabling occurred
name String The name of the bank. Not guaranteed to be unique.

Company

Company

{
  "name": "ACME AS",
  "vatNo": "999999999",
  "country": "no"
}
Attribute Type Description
name String The company name as registered in the national registry for the company's country of operation
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation
country String Two letter ISO country code for which the VAT number belongs to

Confirmation

Confirmation

{
  "attachments": [
    "9e9f430c1d8e8716ae71d6311fb76e4534fd4959e8b2299d505afcfafd32c60d",
    "b82c013b8e3f9ae73352500d322a39538b269938bc9737e5f2a4d9df240d3e38"
  ],
  "sent": "2023-01-01T08:03:01Z"
}
Attribute Type Description
attachments List<String> List of tokens used to uniquely identify an attachment associated with the confirmation
sent DateTime Time the third party sent the audit request confirmation

Signee

Signee

{
  "email": "[email protected]",
  "name": "Guybrush Threepwood",
  "pid": null,
  "signed": true
}
Attribute Type Description
email String Email address
name String/null Name verified against the personal register of the signee's country of origin (verified during digital signature)
pid String/null Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope 'signee_pid'
signed Boolean Boolean flag indicating whether the signee has digitally signed the audit request

User

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}
Attribute Type Description
address String Address for the user's physical office
email String Email address
name  String  User name verified by the national registry/SSO integration

Common

Lists all API endpoints for both audit companies and banks.

Download attachment

POST /v1/confirm/attachments/:token/signed-url

$ curl "https://api.brevio.com/v1/confirm/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
  -H "Authorization: Bearer ${token}

API Response

{
  "filename": "signed-power-of-attorney.pdf",
  "url": "https://cdn.brevio.com/signed-power-of-attorney.pdf"
}

Generates a short-lived (24 hours) signed URL in accordance with information security best pratices to download the attachment with the given token.

The attachments can be PDFs, images, Microsoft Office files (.xlsx etc.) and XML files.

Scopes

audit_company, bank

Parameters

None.

Returns

Returns a dictionary with a name field indicating the filename of the attachment, and an url field containing the signed URL.

Audit companies

Lists all API endpoints only available to audit companies.

Create audit requests

POST /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '
    {
      "language": "nb",
      "vatNo": "999999999",
      "country": "no"
      "signees": [
        "[email protected]",
        "[email protected]",
        "[email protected]"
      ],
      "user": "[email protected]",
      "auditRequests": [
        {
          "bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
          "cutOffDate": "2022-12-31",
          "subsidiaries": [
            { vatNo: "999999998", country: "no" },
            { vatNo: "99999988", country: "fi" }
          ]
        },
        // ...
      ]
    }
  '

API Response

{
  "tokens": [
    "616f6a6e7c4c5a3067afff6e6cd4ab0b4b889dfc922ef0f767d8a4d7cb7eddb0",
    "11abefac8cc529470fc8f1b73db29598cc49e51e049e158b68e4fe8ce5fb8628",
    "1f8c6c2b24ea3b7d51ec802a6c1396ef1c35edc7d3cd184693dbf0a617824cfa"
  ],
  "sent": true // if false, the user has received an e-mail prompting her to register a Brevio account and authenticate through BankID
}

Creates one or more audit requests for an audit client identified by the vatNo parameter. We only allow emails with an associated Brevio account (the user parameter), authenticated either through SSO or BankID, to send audit requests on behalf of an audit company.

To see all banks that are supported please consult the list all banks endpoint.

Returns a list of tokens used to uniquely identify the created audit requests, ordered by creation date alongside a flag which indicates whether the audit requests were sent or not.

Scopes

audit_company

Parameters

Name Type Required Description
auditRequests List<AuditRequestParams> true Audit requests that will be sent to the audit client
language String true The language used for the e-mail sent to the audit client (also controls the language for the signing process)
user String true E-mail address used to uniquely identify a user in the audit company making the API request. If the user is already registered in Brevio the audit request will instantly show up in her dashboard. If she is not registered she will receive an e-mail notifying her that she has been assigned to an audit request
vatNo String true The VAT number for the audit requests' associated audit client
country String true Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'
signees List<String> false List of email addresses for all signees that need to digitally sign the audit request. This field is required if lasting powers of attorney is not included for all audit requests.
Audit request parameter
Name Type Required Description
cutOffDate String true ISO8601 date string representing the end of the fiscal year for the associated audit client
bank String false Token of the bank the audit request pertains to (see endpoint for listing banks GET /v1/confirm/banks)
language String false Language for the audit request, also sets the language for the confirmation process. Valid values: 'nb', 'en', 'sv', 'da'. Defaults to 'nb'
subsidiaries List<Company> false List of Companies with vatNo and country for any associated subsidiaries for the audit request, only available for bank and lawyer request type
reminder Boolean false Boolean flag determining whether the audit requests should generate reminder emails to audit clients and third parties if they are not responded to in a timely fashion. Defaults to true
requestType String false Specifies which kind of third party the audit request pertains to. Valid values: lawyer, bank, supplier, client. Defaults to bank
balance BalanceParam false When sending request type client and supplier. Leave this field blank if you are testing completeness. Add the the balance as of cutOffDate if testing existence.
thirdPartyRecipient String false Name of third party, required if the request type is not bank
thirdPartyEmail String false Email of the third party that should confirm the audit request, this field is not needed in case the request type is a bank.
lastingPowerOfAttorney String false Unique token for a lasting power of attorney (LPA) to be used for the audit request, this is only available for request type bank. If the LPA is not signed and does not have any signees we will populate it based on the signees param. If it is populated and not signed, but does not contain all signees provided in the signees field we will raise an error. NB: If the LPA is signed, the audit request will be sent directly to the bank, otherwise it will first be sent to the signees.
auditAccountNumbers List<AuditAccountNumberParam> false List of audit account numbers for the given company and subsidiaries, this field is only valid for request type bank where the bank requires one or more account numbers to be specified.
Balance parameter
Name Type Description
amount String The amount you wish the client or supplier to verify.
currency String Currency codes adhere to the ISO 4217 standard
Audit Account number Parameter
Attribute Type Description
accountNumber String A single, verified bank account number for a particular company in a particular bank
company Company A Company object with vatNo and country for the associated company, validated against the national registry for its associated country
Company in Subsidiaries and Audit Account number parameter
Name Type Description
vatNo String The VAT number of the subsidiary.
country String Two letter ISO country code for which the VAT number belongs to

Returns

A list of the created audit requests' tokens and a boolean flag indicating whether the requests were sent or not.

List all audit requests

GET /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -d '{ "vatNo": "999999999", "country": "no" }'

API Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Brevio AS",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "client",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "email": "[email protected]",
        "officeAddress": "Gatevei 1313, 0561 Oslo"
      }
    }
    // ...
  ]
}

Returns a paginated list for all audit requests sent to an audit client identified by their VAT number.

The response contains at most 50 audit requests. To access all audit requests (in cases where there are more than 50) you have to paginate through the results.

Scopes

audit_company

Parameters

Name Type Required Description
vatNo String true The VAT number for the audit requests' associated audit client
country String true Two letter ISO country code for where the VAT number belongs to.
offset Integer false The offset used for pagination
requestType RequestType false The desired request type you wish to filter the results by (see Audit Request attribute description below for a list of valid values)

Returns

A paginated list of all audit requests filtered by VAT number.

Finalize an audit request

POST /v1/confirm/audit-requests/finalize

$ curl "https://api.brevio.com/v1/confirm/audit-requests/finalize"
  -H "Authorization: Bearer ${token}"
  -d
    '{
      "auditRequestTokens": [
        "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
        "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a",
        "fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"
      ]
    }'

API response

{
  "successful": [
    "64626932a178531926b23cf09eb10f8dea2283108950e7ce106b689128ce9f2e",
    "d78021f0a0ff15d5690e767f46bbad407f8d9cd5ef99710258e2e95342f7d84a"
  ],
  "failed": ["fde3589c53d55a04dd2b0c5bcabb66dc110649f9449e8b9441542439182f0e39"]
}

Marks a set of audit requests, identified by their unique tokens, as received by the auditor outside of Brevio.

A total of 10 audit request tokens are allowed with each request.

Scopes

audit_company

Parameters

Name Type Description
auditRequestTokens List<String> The list of audit request tokens indicating which audit requests to finalize. NB A maximum of 10 tokens is allowed

Returns

A dictionary with two keys: successful containing a list of audit request tokens which were finalized, and failed, which is a list of audit request tokens which failed during finalization.

List all banks

GET /v1/confirm/banks

$ curl "https://api.brevio.com/v1/confirm/banks"
  -H "Authorization: Bearer ${token}"

API Response

[
  {
    "token": "4d88918a739dc0407dba87260e0cacf36a534079f26ad590e5c7a5fc3281b1ac",
    "country": "no",
    "disabled": false,
    "name": "DNB",
    "hasLPA": true
  }
  // ...
]

Returns a list of all supported banks.

Scopes

audit_company

Parameters

None.

Returns

Lists all supported banks.

Create lasting power of attorney

POST /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -d '
   {
      "endDate": "2025-11-24",
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "vatNo": "999999998",
      "country": "no",
      "subsidiaries": [
        { "vatNo": "999888777", "country": "no" },
        { "vatNo": "999888666", "country": "no" }
      ],
      "signees": ["[email protected]", "[email protected]"]
}
'

API Response

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "endDate": "2025-11-24",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "test company 1",
      "vatNo": "999999996",
      "country": "no"
    },
    {
      "name": "test company 2",
      "vatNo": "999999997",
      "country": "no"
    }
  ],
  "bank": {
    "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
    "name": "test",
    "hasLPA": true,
    "country": "no"
  },
  "company": {
    "name": "Test company",
    "vatNo": "999999998",
    "country": "no"
  }
}

Creates a new lasting power of attorney (LPA). LPAs are powers of attorney which last for up to 5 years, and can be re-used when sending audit requests of behalf of audit clients. When an active LPA is used, the audit client doesn’t need to sign the audit request, and the request itself will go directly to the bank (with the LPA attached). The LPA needs to be signed before it becomes active, so the first time the LPA is used with an audit request, the LPA is sent to the associated signees for signature. This endpoint does not send anything, and instead creates an unsigned LPA which can be attached to a new audit request (through the create-audit-requests endpoint).

Scopes

audit_company

Parameters
Name Type Required Description
vatNo String true The VAT number of the client
country String true Two letter ISO country code for where the VAT number belongs to.
bank String true Token of the bank the audit request pertains to (see endpoint for listing banks GET /v1/confirm/banks). NB! The bank has to support Lasting powers of attorney
endDate String false ISO8601 date string representing the end of the duration of the lasting powers of attorney, default value is current date + 5 years (max value).
subsidiaries List<Company> false List of Companies with vatNo and country for any associated subsidiaries
forceCreate Boolean false Boolean flag, used to brute force create. Be very careful when using this flag as all existing Lasting powers of attorneys that are associated with the given VAT number (including subsidiaries) will be disabled when all signees has signed! You have to contact support to re-enable LPAs, we advice caution and that you double check on the get endpoint before using this!
signees List<String> false List of email addresses for all signees that need to digitally sign the audit request. If signees is not provided we will populate it based on the first time it is used when creating audit requests.
language String false The language code used for generating the PDF, based on the templates of your audit requests. Valid values are nb, se, de or en and default value is en
Company param
Name Type Description
vatNo String The VAT number of the associated client
country String The two letter ISO country code of the associated client

List lasting powers of attorney

GET /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -d'
    {
      "companies": [{"vatNo": "999999999", "country": "no"}],
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
    }'
Name Type Required Description
bank String true (if tokens is nil) Token of the bank the audit request pertains to (see endpoint for listing banks GET /v1/confirm/banks). Required if tokens is nil
companies List<Company> true (if tokens is nil) Companies with vatNo and country to filter the LPAs by. If this field is present, the bank field is required.
tokens List<String> true (if bank and companies are nil) Unique identifying tokens of existing LPAs to filter the results by

API Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "endDate": "2025-11-24",
    "signed": false,
    "language": "en",
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    }
  },
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b3",
    "endDate": "2025-11-24",
    "signed": false,
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no"
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no"
    }
  }
]

Banks

Lists all API endpoints only available to banks.

List all pending audit requests

GET /v1/confirm/audit-requests/third-party

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party"
  -H "Authorization: Bearer ${token}"

API Response

{
  "count": 33,
  "offset": 0,
  "next": 0,
  "total": 33,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Brevio AS",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": "Art Vandelay",
          "pid": null,
          "signed": true
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "third-party",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "email": "[email protected]",
        "officeAddress": "Gatevei 1313, 0561 Oslo"
      },
      "bankReviewedCompanySignatures": [
        {
          "reviewedBy": "Bob",
          "verified": true,
          "reviewedAt": "2022-10-03T11:00:23Z",
          "company": {
            "name": "ACME AS",
            "vatNo": "999999999",
            "country": "no"
          }
        }
      ]
    }
    // ...
  ]
}

Returns a paginated list for all audit requests that have been digitally signed and are awaiting confirmation from their respective third parties. The list is filtered based on the bank associated with the API client.

Scopes

bank

Parameters

Name Type Required Description
offset Integer false The offset used for pagination
reviewedSignatures boolean false Optional field to return reviewed audit requests

Returns

A paginated list of pending audit requests for the bank associated with the API client.

Upload attachments to a confirmation

POST /v1/confirm/audit-requests/:token/confirmations/upload

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/upload"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[]=@confirmation.pdf
  -F attachments[]=@confirmation-2.pdf
  -F attachments[]=@confirmation-3.pdf

API Response

{ "message": "Uploaded 3 attachments" }

Uploads one or more files for the confirmation of an audit request, identified by the given token. NOTE: This does not finalize the audit request, that is only done through the confirmation endpoint.

Scopes

bank

Parameters

Name Type Description
attachments List<File> List of files (at most five)

Returns

Returns a message to indicate the number of attachments uploaded.

Finalize erroneous audit request with comment

POST /v1/confirm/audit-requests/:token/confirmations/comment

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations/comment"
  -H "Authorization: Bearer ${token}"
  -d '{ "comment": "The client (999999998) is not a customer of our bank" }'

API Response

{ "message": "Audit request completed and notification sent to auditor" }

Marks an audit request, identified by the given token, as finalized and sent in error.

This is the case if an auditor has sent an audit request to a bank for a client (or subsidiary) which isn't a customer of the bank. The bank must provide an explanatory comment (maximum 200 characters)

Once the comment has been sent, the auditor will receive a notification that the audit request has been finalized.

Scopes

bank

Parameters

Name Type Required Description
comment String true Comment clarifying why the audit request was sent in error (maximum 200 characters).

Returns

Returns a textual message indicating that the operation was successful.

Send a confirmation

POST /v1/confirm/audit-requests/:token/confirmations

$ curl "https://api.brevio.com/v1/confirm/audit-requests/:token/confirmations"
  -H "Content-Type: multipart/form-data"
  -H "Authorization: Bearer ${token}"
  -F attachments[]=@confirmation.pdf
  -F attachments[]=@confirmation-2.pdf
  -F attachments[]=@confirmation-3.pdf

API Response

{
  "token": "aaaa32cf6c3453bfc7923e00d33002ea7b5277767524639f0e09da561c380ade",
  "step": "received"
}

Sends a confirmation for an audit request identified by the given token, finalizing it.

A confirmation needs an uploaded attachment to be valid. This can either be accomplished through the upload endpoint, or by attaching files to this request (5 maximum).

Scopes

bank

Parameters

Name Type Required Description
attachments List<File> false List of files (at most five)

Returns

Returns a dictionary with two keys. token is the unique identifier for the audit request, and should match the token in the URL, and step contains the current step of the audit request process for the audit request. This latter value should be received if nothing went wrong.

Brevio Sign API

The Sign API grants an authorized API client access to data associated with its entity in the Brevio Sign service.

Through the API you can accomplish the following:

Sign API core resources

Sign request

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "99999999"
  },
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "sentAt": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "signed": false,
      "signedAt": null,
      "pid": null
    },
    {
      "email": "[email protected]",
      "name": "Ford Prefect",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "pid": null
    }
  ],
  "step": "sign",
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  }
}

A sign request represents a request to sign a list of documents by one or more signees. Each sign request is associated with exactly one company (identified by the company's VAT number, verified by the national registry in the company's country of business).

Attribute Type  Description
token String Unique identifier
attachments List<Attachment> List of attachments
company Company The company associated with the sign request
dueDate Date Date the current sign request is due (e.g. can no longer be signed)
lastUpdate DateTime Last time step was updated
sentAt DateTime Date and time sign request was sent to all signees
signees List<Signee> List of all associated signees
step String The step in the signature process the request is currently at. Valid values: 'started' 'sign' 'completed' 'archived' 'cancelled'
user User The user associated with the sign request

Attachment

Attachment

{
  "token": "21d2b46ae46b16845caad19c2d6aac34",
  "filename": "engagement-letter-2021.pdf",
  "signedPDF": false,
  "template": null,
  "title": "Engagement letter"
}
Attribute Type Description
token String Unique identifier for the attachment
filename String Filename for the attachment
signedPDF Boolean Boolean flag indicating whether this is a digitally signed PDF
template String? Unique identifor for an optional associated document template
title String The title for the uploaded attachment

Company

Company

{
  "name": "ACME AS",
  "vatNo": "999999999",
  "country": "no"
}
Attribute Type Description
name String The company name as registered in the national registry for the company's country of operation
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation
country String Two letter ISO country code for where the company resides in.

Document Template

Docment template

{
  "token": "a0eaf8107e16f6af3a6d3659afc997d5",
  "i18ns": [
    {
      "language": "nb",
      "title": "Revisjonsberetning"
    },
    {
      "language": "en",
      "title": "Auditor's report"
    }
  ]
}
Attribute Type Description
token String Unique identifier for the document template.
i18ns List<Internationalization> List of all associated internationalizations.

Internationalization

Internationalization

{
  "language": "nb",
  "title": "Årsregnskap"
}
Attribute Type Description
language String Language code adhereing to the ISO 639-1 standard.
title String Title for the internationalization visible to auditors in the graphical user interface.

Signee

Signee

{
  "email": "[email protected]",
  "name": "Guybrush Threepwood III",
  "pid": null,
  "signed": true,
  "signedAt": "2022-01-01T08:33:12Z"
}
Attribute Type Description
email String The signee's email address (where all sign requests will be sent)
name String/null Name retrieved from the national registry upon completing the signature process
pid String/null Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope 'signee_pid'
signed Boolean Has the signee signed the sign request?
signedAt DateTime/null When was the sign request signed by this signee? (if at all)

User

User

{
  "address": "Gatevei 1313, 0561 Oslo",
  "email": "[email protected]",
  "name": "Arthur Dent"
}
Attribute Type Description
address String Address for the user's physical office
email String Email address
name  String  User name verified by the national registry/SSO integration

List all document templates

GET /v1/sign/document-templates

$ curl "https://api.brevio.com/v1/sign/document-templates"
  -H "Authorization: Bearer ${token}"

API Response

{
  "templates": [
    {
      "token": "a0eaf8107e16f6af3a6d3659afc997d5",
      "i18ns": [
        {
          "language": "nb",
          "title": "Revisjonsberetning"
        },
        {
          "language": "en",
          "title": "Auditor's report"
        }
      ]
    },
    {
      "token": "9a75bf516d7d26b55e96b97a648c566e",
      "i18ns": [
        {
          "language": "nb",
          "title": "Årsregnskap"
        },
        {
          "language": "en",
          "title": "Annual report"
        }
      ]
    }
  ]
}

Returns a list of all document templates.

A document template has a list of internationalizations (returned as i18ns). These internationalizations are managed by admins for the audit company and provide a legible title for auditors to choose from in the graphical user interface.

The returned tokens can be used to filter sign requests by the templateToken attribute in the list all sign requests endpoint.

Scopes

audit_company

Parameters

None.

Returns

Returns a list of document templates.

Create attachments

POST /v1/sign/attachments

curl "https://api.brevio.com/v1/sign/attachments"
  --H 'Content-Type: multipart/form-data'
  --H "Authorization: Bearer ${token}"
  -F "[email protected]"
  -F "attachments[][email protected]_letter.pdf"
  -F "attachments[][email protected]_report.pdf"

API Response

{
  "tokens": [
    "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
    "f0cc7f7e9ade1644913a32b3ba440a8ee019bd9a2c7f69bb3a3c97a484155a63"
  ]
}

Creates one or more attachments for uploaded PDFs. Currently a maximum of five attachments are allowed per API request.

A vendor can use this endpoint to upload attachments on behalf of its consumers by passing a valid consumerKey.

Returns a list of tokens uniquely identifying each attachment.

Scopes

audit_company, vendor

Parameters

Name Type Required Description
attachments List<File> true List of files (only PDF files allowed) to be uploaded to the Brevio platform. Currently a maximum of five attachments per API request is allowed.
user String true Email address for the user which should be associated with the uploaded attachments.
consumerKey String false The consumer key for the consumer you wish to create the attachment on behalf of. Required for vendor scopes.

Returns

Returns a dictionary containing a list of tokens uniquely identifying each attachment.

Create a sign request

POST /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -d'{
    "vatNo": "999999999",
    "country": "no",
    "signees": [
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 2
      }
    ],
    "language": "nb",
    "dueDays": 14,
    "message": "Sign request message",
    "user": "[email protected]",
    "attachments": [
      {
        "token": "0126a84017de0e70b6440820decbb565",
        "title": "Auditor report"
      },
      {
        "token": "95df519c2f4d5bf3040bab3e7a730f60",
        "title": "Engagement Letter",
        "template": "f7c2e7b859862ac29650bd098dfedfb6"
      }
    ]
    }'

API Response

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9"
}

Creates a new sign request for a list of attachments to be signed by one or more signees for a particular company (identified by their VAT number).

A vendor can use this endpoint to create a sign request on behalf of its consumers by passing a valid consumerKey.

Once the sign request is created, it is not sent right away, but placed in the 'Started' column for the associated auditor to be edited/verified before sending.

Returns the token of the created sign request.

Scopes

audit_company, vendor

Parameters

Name Type Required Description
attachments List<AttachmentParam> true List of Attachments for the sign request (currently a maximum of five attachments per sign request is allowed).
vatNo String true The VAT number for the sign request's associated company
country String true Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'
language String true The language of the sign request. Valid values: 'nb' 'en' 'sv' 'da'. Defaults to 'nb'.
user String true Email address used to uniquely identify a user in the audit company making the API request.
signees List<SigneeParam> false List of Signees who are required to sign the sign request.
dueDays Integer false The number of days hence until the sign request expires. Valid values: 7 14 30. Defaults to 30.
message String false Message to be displayed in the sign request (will replace the default message).
consumerKey String false The consumer key for the consumer you wish to create the sign request on behalf of. Required for vendor scopes.

Attachment parameter

Attribute Type Required Description
token String true Unique token identifying the attachment (received when creating the attachment)
title String true Title for the uploaded attachment, shown in a comma-separated list in the sign request
template String false Token identifying an optional DocumentTemplate for this attachment

Signee parameter

Attribute Type Required Description
email String true Email address
order Integer false Signature order for the signee. Add this only if you want the particular signee to sign before or after other signees (signees with the same order will receive the sign request at the same time.)

Returns

Returns a dictionary containing the unqiue token for the created sign request.

List all sign requests

GET /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -d '{"vatNo": "999999999", "country": "no" }'

API Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no"
      },
      "dueDate": "2022-11-13",
      "dueDays": 30,
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sent": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign"
    }
    // ...
  ]
}

Returns a paginated list for all sign requests sent to a company identified by their VAT number. The results can also optionally be filtered by a document template.

The payload contains at most 50 requests. To access all associated sign requests (in cases where there are more than 50) you have to paginate through the results.

Scopes

audit_company, signee_pid (optional)

Parameters

Name Type Required Description
vatNo String true The VAT number to filter the list by
country String true Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'
templateToken String false The token of a desired document template you wish to filter the results by. If a sign request contains any attachments with the provided document template then it is included in the result.
offset Integer false The offset used for pagination

Returns

Returns a paginated list of all sign requests filtered by VAT number and (optionally) a document template.

List updated sign requests

GET /v1/sign/sign-requests/updates

$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
  -H "Authorization: Bearer ${token}"
  -d '{"fromDate": "2022-01-01"}'

API Response

{
  "count": 13,
  "offset": 0,
  "next": 0,
  "total": 13,
  "requests": [
    {
      "token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
      "attachments": [
        {
          "token": "b26859539b1e671d6fd96e71eb2cabc2",
          "filename": "auditor-report-2022.pdf",
          "signedPDF": false,
          "title": "Auditor report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no"
      },
      "dueDate": "2022-01-31",
      "dueDays": 30,
      "lastUpdate": "2022-01-01T13:06:15Z",
      "sent": "2022-01-01T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        }
      ],
      "step": "sign"
    }
    // ...
  ]
}

Returns a paginated list of all sign requests updated after a specific date (fromDate parameter). The results are inclusive, meaning all passing 2022-01-01 will return all sign requests updated after 2022-01-01 00:001.

The payload contains at most 50 requests. To access all associated sign requests (in cases where there are more than 50) you have to paginate through the results.

Parameters

Name Type Required Description
fromDate String true ISO8601 date string representing the inclusive start of the date filter
offset Integer false The offset used for pagination

Returns

Returns a paginated list of all sign requests updated after the specified date.

Download attachment

POST /v1/sign/attachments/:token/signed-url

$ curl "https://api.brevio.com/v1/sign/attachments/92489134d60d213f68e7bba0a8d9cccf6f6f6816bac7d5b62c417f96dcc886ea/signed-url"
  -H "Authorization: Bearer ${token}

API Response

{
  "filename": "signed-auditor-report.pdf",
  "url": "https://cdn.brevio.com/signed-auditor-report.pdf"
}

Generates a short-lived (24 hours) signed URL in accordance with information security best pratices to download the attachment with the given token.

Scopes

audit_company

Parameters

None.

Returns

Returns a dictionary with a filename field indicating the filename of the attachment, and an url field containing the signed URL.

Brevio Signature Right API

The signature right API grants an authorized API client access to data used to verify whether a given national ID is allowed to digitally sign documents for a given company, either in combination with others or individually.

Through the API you can accomplish the following:

Signature Right API core resources

Signature Right

Attribute Type Description
changeDate Date The date when signing rule was last changed (valid from)
vatNo String The VAT number for the company, validated against the national registry for the company's country of operation
country String Two letter ISO country code
nationalId String National Id / SSN
signatureRight String Signature right. Valid values are 'ALONE' or 'GROUP'

Get signature right

GET /v1/signature-right

$ curl "https://api.brevio.com/v1/signature-right?vatNo=${vat_no}" \
      "&nationalId=${national_id}&country=${country}"
  -H "Authorization: Bearer ${token}"

API Response

{
  "changeDate": "2019-12-11",
  "vatNo": "5564779444",
  "nationalId": "196805029268",
  "signatureRight": "ALONE"
}

This endpoint returns signature rights information for a given combination of VAT number, national ID (SSN), and country code.

Currently Swedish, Norwegian, and Danish companies are supported using country code se for Sweden, no for Norway, and dk for Denmark.

Scopes

signature_right

Parameters

Name Type Description
vatNo String The VAT number for the company (8 digits for danish, 9 digits for Norwegian, and 10 digits for Swedish).
nationalId String National ID/ SSN
country String Countries for which the check is performed. Valid countries: se no dk

Returns

Returns the signature right for the given vatNo, nationalId, and country.

Changelog

All requests to the Brevio APIs check whether the Brevio-Version header is present, and applies the API version present (if valid). If the header isn't present the API uses your account API settings.

Example: Sending 2023-02-14 as Brevio-Version will force the request to use the API version released on February 14th, 2023.

March 1, 2023

February 14, 2023

November 3, 2022

October 26, 2022

October 24, 2022

October 13, 2022

October 1, 2022

1.0

Initial release of the Brevio API.

Audit request

2023-03-01

List all pending audit requests for third party (banks)

New request parameter

This option is exclusively for banks, please contact Brevio to enable the feature if needed.

Name Type Required Description
reviewedSignatures boolean false Optional field to return reviewed audit requests

New response attributes

Name Type Description
bankReviewedCompanySignatures BankReviewedCompanySignature Only available if review is enabled for the bank

BankReviewedCompanySignature

Name Type Description
reviewedBy string Field for banks to keep tabs on who internally reviewed the audit request signature
reviewedAt datetime When the employee reviewed the audit request signature
verified boolean The signature is either rejected or verified
company Company Which company was reviewed

GET /v1/confirm/audit-requests/third-party

$ curl "https://api.brevio.com/v1/confirm/audit-requests/third-party?reviewedSignatures=true"
  -H "Authorization: Bearer ${token}"

API Response

{
  "count": 33,
  "offset": 0,
  "next": 0,
  "total": 33,
  "requests": [
    {
      "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
      "accountNumbers": [
        {
          "accountNumber": "1232.20.12313",
          "company": {
            "vatNo": "999888999",
            "country": "no"
          }
        }
      ],
      "attachments": [],
      "auditCompany": "Brevio AS",
      "company": {
        "name": "ACME AS",
        "vatNo": "999999999",
        "country": "no"
      },
      "confirmation": null,
      "cutOffDate": "2022-12-31",
      "language": "nb",
      "lastUpdate": "2022-10-02T11:53:23Z",
      "manualReview": false,
      "requestType": "bank",
      "sentToClient": "2022-10-01",
      "signees": [
        {
          "email": "[email protected]",
          "name": "Art Vandelay",
          "pid": null,
          "signed": true
        },
        {
          "email": "[email protected]",
          "name": "Guybrush Threepwood",
          "pid": null,
          "signed": true
        }
      ],
      "step": "third-party",
      "subsidiaries": [],
      "thirdParty": "DNB",
      "user": {
        "email": "[email protected]",
        "officeAddress": "Gatevei 1313, 0561 Oslo"
      },
      "bankReviewedCompanySignatures": [
        {
          "reviewedBy": "Bob",
          "verified": true,
          "reviewedAt": "2022-10-03T11:00:23Z",
          "company": {
            "name": "ACME AS",
            "vatNo": "999999999",
            "country": "no"
          }
        }
      ]
    }
    // ...
  ]
}

2023-02-14

POST /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '
    {
      "language": "nb",
      "vatNo": "999999999",
      "country": "no"
      "signees": [
        "[email protected]",
        "[email protected]",
        "[email protected]"
      ],
      "user": "[email protected]",
      "auditRequests": [
        {
          "bank": "d4cc89490d78a3080922b9694def9cba4bb1c7a92d627b7b99425204dd229b4f",
          "cutOffDate": "2022-12-31",
          "subsidiaries": [
            { vatNo: "999999998", country: "no" },
            { vatNo: "99999988", country: "fi" }
          ],
          "auditAccountNumbers": [
            {
              "accountNumber": "12341212345",
              "company": {
                "country": "no",
                "vatNo": "999888999"
              }
            }
          ]
        },
        // ...
      ]
    }
  '

New attributes

Create audit request
Name Type Description
country string Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to
subsidiaries List<Company> Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary.
auditAccountNumbers List<AuditAccountNumber> Changed company property in AuditAccountNumber from a string containing the VAT number to a Company object with vatNo and country

GET /v1/confirm/audit-requests

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "clientEmail": "[email protected]",
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "step": "client",
  "thirdParty": "DNB",
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": {
        "vatNo": "999888999",
        "country": "no"
      }
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999",
    "country": "no" // New property
  },
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "pid": null,
      "signed": false
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doorknobs Oy",
      "vatNo": "99999988",
      "country": "fi" // New property
    }
  ],
  "user": {
    "name": "Arthur Auditor",
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]"
  }
}
List audit requests
Name Type Description
country string Adds country to Company for company and subsidiaries
accountNumber Company Changes company property in accountNumber from a string with VAT number to a Company object consisting of vatNo and country
Create lasting power of attorney

POST /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/audit-lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '
   {
      "endDate": "2025-11-24",
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "vatNo": "999999998",
      "country": "no",
      "subsidiaries": [
        { "vatNo": "999888777", "country": "no" },
        { "vatNo": "999888666", "country": "no" }
      ],
      "signees": ["[email protected]", "[email protected]"]
}
'

API Response

{
  "token": "b06178d5-8240-4150-ac57-cc2bc762c7b0",
  "endDate": "2025-11-24",
  "signed": false,
  "signees": [
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    },
    {
      "name": null,
      "signed": false,
      "email": "[email protected]"
    }
  ],
  "subsidiaries": [
    {
      "name": "test company 1",
      "vatNo": "999999996",
      "country": "no" // New property
    }
  ],
  "bank": {
    "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
    "name": "test",
    "hasLPA": true,
    "country": "no"
  },
  "company": {
    "name": "Test company",
    "vatNo": "999999998",
    "country": "no" // New property
  }
}
Name Type Description
country string Adds required parameter country to top level param. A two letter ISO country code for where the VAT no belongs to
subsidiaries List<Company> Changed from list of VAT numbers to list of Company objects where vatNo and country are required per subsidiary.
List lasting powers of attorneys

GET /v1/confirm/lasting-powers-of-attorney

$ curl "https://api.brevio.com/v1/confirm/lasting-powers-of-attorney"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d'
    {
      "companies": [{"vatNo": "999999999", "country": "no"}], # New property, replaces `vatNumbers`
      "bank": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d"
    }'
Name Type Description
companies List<Company> Replaces vatNumbers - Changed from list of VAT numbers to list of Company objects where vatNo and country are required per company.

API Response

[
  {
    "token": "b06178d5-8240-4150-ac57-cc2bc762c7b4",
    "endDate": "2025-11-24",
    "signed": false,
    "language": "en",
    "signees": [
      {
        "name": null,
        "signed": false,
        "email": "[email protected]"
      }
    ],
    "subsidiaries": [
      {
        "name": "Brev Invest AS",
        "vatNo": "927146878",
        "country": "no" // New property
      }
    ],
    "bank": {
      "token": "2d0f3de86579dbdcb9abeea693a97d485442bc01e2a7ae3f6c92e43f0091a06d",
      "name": "test",
      "hasLPA": true,
      "country": "no"
    },
    "company": {
      "name": "BRE Boligutleie AS",
      "vatNo": "925178845",
      "country": "no" // New property
    }
  }
]

2022-10-01

$ curl "https://api.brevio.com/v1/confirm/audit-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2022-10-01"

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "clientEmail": "[email protected]",
  "confirmation": null,
  "cutOffDate": "2022-12-31",
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "step": "client",
  "thirdParty": "DNB",

  // New attributes
  "accountNumbers": [
    {
      "accountNumber": "1232.20.12313",
      "company": "999999999"
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "999999999"
  },
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "pid": null,
      "signed": false
    },
    {
      "email": "[email protected]",
      "name": "Guybrush Threepwood",
      "pid": null,
      "signed": true
    }
  ],
  "subsidiaries": [
    {
      "name": "ACME Doorknobs AS",
      "vatNo": "999999998"
    }
  ],
  "user": {
    "name": "Arthur Auditor",
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]"
  }
}

New attributes

Name Type Description
acccountNumbers List<AccountNumber> List of account numbers associated with the audit request.
company Company The main audit client
confirmation Confirmation/null Confirmation for the audit request. This field is null if the audit request has not been confirmed
signees Signee[] List of signees associated with the audit request
subsidiaries List<Company> List of subsidiaries associated with the audit request
user User The user associated with the sign request

Removed attributes

Name Reason
acccountNumber Audit requests can have multiple account numbers
auditor The user keyword is more explicit
company Replaces the string value with the Company object
companyName Replaces the string value with the Company object
clientEmail Audit requests can have multiple signees
daughterCompanies Deprecated. Use subsidiaries instead
signee Audit requests can have multiple signees
signeePID Audit requests can have multiple signees

1.0

Audit request

{
  "token": "3ffad0ece7ba919e08a7a39b38666bb7fa4c121fae27551eb2877c7c0b96a127",
  "accountNumber": "1232.20.12313",
  "attachments": [],
  "auditCompany": "Brevio AS",
  "auditor": {
    "address": "Gatevei 1313, 0561 Oslo",
    "email": "[email protected]",
    "name": "Arthur Auditor"
  },
  "clientEmail": "[email protected]",
  "company": "999999999",
  "companyName": "ACME AS",
  "confirmation": [
    "3c2d6bb220754baecb477d894483b341a7affaf4d22b3df85e2afac3cea9789c",
    "139f8ad345b828c669b96d8b27a594cf6f0c9d43aae2ec244d73cda3bb155a31"
  ],
  "cutOffDate": "2022-12-31",
  "daughterCompanies": [],
  "language": "nb",
  "lastUpdate": "2022-10-02T11:53:23Z",
  "manualReview": false,
  "requestType": "bank",
  "sentToClient": "2022-10-01",
  "signee": "Guybrush Threepwood",
  "step": "third-party",
  "subsidiaries": [],
  "thirdParty": "DNB"
}
Attribute Type Description
token String Unique identifier
accountNumber String A single, verified bank account number for a particular company in a particular bank
attachments List<String> List of tokens used to uniquely identify an attachment associated with the audit request (includes the digitally signed pdf after the audit request has been signed by all signees).
auditCompany String Name of the audit company to which the associated auditor of the audit request belongs
auditor Auditor The auditor associated with the request
clientEmail String Email address for the signee for the audit request
company String The VAT number of the main audit client
companyName String Audit client name, validated against the Norwegian company register
confirmation List<String> List of tokens used to uniquely identify an attachment uploaded as part of the confirmation
cutOffDate Date The end of the fiscal year for the associated audit client
language String The language used for the audit request.
lastUpdate DateTime Last time step was updated
manualReview Boolean Boolean flag indicating whether this request needs third party manual review. This occurs when for instance the auditor has made changes to the standard template.
requestType String The type of the audit request.
sentToClient Date Date the audit request was first sent its signees
signee String/null The name of the person that has digitally signed the audit request, received from BankID. Null if the request has not been signed
signeePID String/null Personal ID (PID) is the signee's personal number - NO: 11 digits, SE: 10 or 12 digits, DK: 10 digits. Only available with scope signee_pid
step String The step in the audit request process the request is currently at. Valid values: 'started' 'client' 'needs-validation' 'third-party' 'received' 'cancelled' 'archived' 'post'
subsidiaries List<String> List of VAT numbers for subsidiaries associated with the audit request
thirdParty String Name of the audit request's associated third party

Auditor

Attribute Type Description
address String Address for the user's physical office
email String Email address
name  String  User name verified by the national registry/SSO integration

Sign request

2023-02-14

POST /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d'{
    "vatNo": "999999999",
    "country": "no", # New paramater
    "signees": [
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 1
      },
      {
        "email": "[email protected]",
        "order": 2
      }
    ],
    "language": "nb",
    "dueDays": 14,
    "message": "Sign request message",
    "user": "[email protected]",
    "attachments": [
      {
        "token": "0126a84017de0e70b6440820decbb565",
        "title": "Auditor report"
      },
      {
        "token": "95df519c2f4d5bf3040bab3e7a730f60",
        "title": "Engagement Letter",
        "template": "f7c2e7b859862ac29650bd098dfedfb6"
      }
    ]
    }'

New attributes - Create sign request

Added country as required parameter.

Name Type  Description
country String Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'

GET /v1/sign/sign-requests

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '{
        "vatNo": "999999999",
        "country": "no" # New required parameter
      }'

API Response

{
  "count": 50,
  "offset": 0,
  "next": 50,
  "total": 131,
  "requests": [
    {
      "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
      "attachments": [
        {
          "token": "21d2b46ae46b16845caad19c2d6aac34",
          "filename": "engagement-letter-2021.pdf",
          "signedPDF": false,
          "template": null,
          "title": "Engagement letter"
        },
        {
          "token": "181fddae6a0edbc880ffe4c189e02aa0",
          "filename": "auditor-report-2021.pdf",
          "signedPDF": false,
          "template": "5f7ea5f1501d289e04fb6f14a118bf80",
          "title": "Auditor's report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no" // New property
      },
      "dueDate": "2022-11-13",
      "dueDays": 30,
      "lastUpdate": "2022-10-14T13:06:15Z",
      "sent": "2022-10-13T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        },
        {
          "email": "[email protected]",
          "name": "Ford Prefect",
          "pid": null,
          "signed": true,
          "signedAt": "2019-10-14T13:06:15Z"
        }
      ],
      "step": "sign"
    }
  ]
}

New attributes - List all sign request

Added country as required parameter and added country to Company return object.

Name Type  Description
country String Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'

GET /v1/sign/sign-requests/updates

$ curl "https://api.brevio.com/v1/sign/sign-requests/updates"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2023-02-14"
  -d '{"fromDate": "2022-01-01"}'

API Response

{
  "count": 13,
  "offset": 0,
  "next": 0,
  "total": 13,
  "requests": [
    {
      "token": "3fbbbdd6a46340d3c284cdde827a321ba9f4a203abffd7ee945e183924a89df2",
      "attachments": [
        {
          "token": "b26859539b1e671d6fd96e71eb2cabc2",
          "filename": "auditor-report-2022.pdf",
          "signedPDF": false,
          "title": "Auditor report"
        }
      ],
      "company": {
        "name": "ACME AS",
        "vatNo": "999888999",
        "country": "no" // New property
      },
      "dueDate": "2022-01-31",
      "dueDays": 30,
      "lastUpdate": "2022-01-01T13:06:15Z",
      "sent": "2022-01-01T16:29:32Z",
      "signees": [
        {
          "email": "[email protected]",
          "name": null,
          "pid": null,
          "signed": false,
          "signedAt": null
        }
      ],
      "step": "sign"
    }
  ]
}

New attributes - List all updated sign request

Added country to Company object

Name Type  Description
country String Two letter ISO country code for where the VAT number belongs to. Valid values: 'no', 'se', 'dk', 'fi'

2022-10-01

$ curl "https://api.brevio.com/v1/sign/sign-requests"
  -H "Authorization: Bearer ${token}"
  -H "Brevio-Version: 2022-10-01"

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "step": "sign",

  // New attributes
  "sentAt": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "name": null,
      "signed": false,
      "signedAt": null,
      "pid": null
    },
    {
      "email": "[email protected]",
      "name": "Ford Prefect",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "pid": null
    }
  ],
  "company": {
    "name": "ACME AS",
    "vatNo": "99999999"
  },
  "user": {
    "email": "[email protected]",
    "officeAddress": "Gatevei 1313, 0561 Oslo"
  }
}

New attributes

Renamed signee fields signeePID and signedName to pid and name respectively.

Name Type  Description
company Company The company associated with the sign request
sentAt DateTime Date and time sign request was sent to all signees
user User The user associated with the sign request

Removed attributes

Name Reason
company Replaces the string value with the Company object
sent Use sentAt instead

1.0

Sign request

{
  "token": "9ff3501c5709b5211bca67013e7f051202fd3fe5099b63391c134eedecb5d3e9",
  "attachments": [
    {
      "token": "21d2b46ae46b16845caad19c2d6aac34",
      "filename": "engagement-letter-2021.pdf",
      "signedPDF": false,
      "template": null,
      "title": "Engagement letter"
    },
    {
      "token": "181fddae6a0edbc880ffe4c189e02aa0",
      "filename": "auditor-report-2021.pdf",
      "signedPDF": false,
      "template": "5f7ea5f1501d289e04fb6f14a118bf80",
      "title": "Auditor's report"
    }
  ],
  "company": "999999999",
  "dueDate": "2022-11-13",
  "lastUpdate": "2022-10-14T13:06:15",
  "sent": "2022-10-13T16:29:32",
  "signees": [
    {
      "email": "[email protected]",
      "signed": false,
      "signedAt": null,
      "signedName": null,
      "signeePID": null
    },
    {
      "email": "[email protected]",
      "signed": true,
      "signedAt": "2022-10-14 13:06:15",
      "signedName": "Ford Prefect",
      "signeePID": null
    }
  ],
  "step": "sign"
}
Attribute Type  Description
token String Unique identifier
attachments List<Attachment> List of attachments
company String The VAT number for the company, validated against the national registry for the company's country of operation
dueDate Date Date the current sign request is due (e.g. can no longer be signed)
lastUpdate DateTime Last time step was updated
sent DateTime Date and time sign request was sent to all signees
signees List<Signee> List of all associated signees
step String The step in the signature process the request is currently at. Valid values: 'started' 'sign' 'completed' 'archived' 'cancelled'

Errors

Error response

{
  "status": 400,
  "error_description": "Bad request: vatNo is missing"
}

The Brevio APIs use the following error codes:

Code Description
400 Bad Request -- Your request is invalid.
401 Unauthorized -- Your API credentials or authentication token is wrong.
404 Not Found -- The specified resource could not be found.
500 Internal Server Error -- We had a problem with our server. Send us an e-mail, or try again later.