These pages contain detailed technical information about the Altinn API.
All operations and parameters are described and example responses are given. Further information
regarding authentication, usage and license requirements is available at Altinn docs.
Information and source code for the Altinn Reference App can also be found here.
Access and use
An API-key is required in order to use the Altinn API. (For information on obtaining an API-key see Altinn docs).
The API-key needs to be included as a header value in every request. Sample request headers are shown below.
GET https://www.altinn.no/api/my/messages HTTP/1.1
Host: www.altinn.no
Accept: application/hal+json
ApiKey: myKey
For any additional questions regarding the API-key see
Altinn docs.
Supported content types
The recommended content types for the Altinn API are application/hal+xml or application/hal+json.
The hal content types describes how a client can interact with the available services.
When retrieving for instance a Message, this will contain links to available actions
for the given object. See the HAL specification
for more information about how this is implemented in the Altinn API.
Note:
The Altinn API currently also support the content types application/json and application/xml.
The support for these content types will be removed in a future release, so it is recommended to
use application/hal+json or application/hal+xml.
Models
Name |
Type |
Description |
MessageId |
String |
Id of the Message. The id prefix indicates wether this is an active (a), archived (b) or Altinn1 element (c). |
OriginalId |
String |
Id of the orignal message. Used if the message refers to a archived message, in which case this field refers to the original MessageId before archiving. |
MessageLink |
Uri |
Link to the Message. |
Subject |
String |
Subject of the Message. |
Status |
String |
Status of the Message, for example "Sent and archived" or "Active". |
CreatedDate |
DateTime |
Timestamp indicating when this Message was created |
LastChangedDateTime |
DateTime |
Timestamp indicating when this Message was last modified |
LastChangedBy |
String |
Value indicating who last changed this Message. |
ServiceOwner |
String |
The Message service owner. |
Type |
String |
Type of the Message. The types currently supported are FormTask and Correspondence. |
MessageSender(5) |
String |
The name of the creator of the message. |
Summary(1) |
String |
Message summary. |
Body(1) |
String |
Message body. |
ServiceCode |
String |
ServiceCode of the Message. |
ServiceEdition |
Int |
ServiceEdition of the Message. |
DueDate |
DateTime |
The date when a Message of type FormTask must be submitted, or when
a message of type Correspondence must be confirmed. Only used for GET.
|
Forms(2)(3) |
List<Form> |
List of forms associated with the Message. |
Attachments(2) |
List<Attachment> |
List of attachments associated with the Message. |
SignatureSpec(4) |
SignatureSpecification |
Container object for the list of Forms and Attachments that should be signed. |
AvailableAction(2)(3) |
AvailableAction |
The action which the currently logged in user can perform on this message.
Possible values: 0 = NoAction, 1 = Sign, 2 = FormFilling, 3 = SendIn, 4 = SignAndSendIn, 5 = DoSignDelegation, 6 = Pay,
7 = PayAndSendIn
|
ArchiveReference |
String |
A reference provided by the service owner to a previous connected message.
|
ReplyOptions(6) |
Array |
Collection of reply options. One record for each reply option specified by the Service Owner. Every Reply Option includes
a Type (One of "Service", "ArchiveReference" or "URL"), a URL and a URL Text. Reply options of type "Service" also includes
the ServiceCode and ServiceEditionCode of the referenced service.
|
(1) Only added for Messages with of Type Correspondence.
(2) Only added when an individual Message is opened with a request to /api/{who}/messages/{messageId}.
(3) Only added for Messages with of Type FormTask.
(4) This is currently used only for input during POST or PUT of Message. The parameter is optional
and if it is omitted the logic will sign all forms and attachments associated with the Message.
(5) Only added for Messages with of Type Correspondence or for Reporting elements that was not created by the reportee.
Name |
Type |
Description |
FormIds |
int[] |
Array list with formids that should be signed. |
AttachmentIds |
int[] |
Array list with attachmentids that should be signed. |
Name |
Type |
Description |
FileName |
String |
Filename of the Attachment. |
Data |
Byte[] |
The Attachment data (base64 encoded). |
AttachmentLink |
Uri |
Download link for the Attachment. |
AttachmentType |
String |
Attachment type name. |
AttachmentTypeLocalized |
String |
Attachment type name localized to the current language. |
Encrypted |
Boolean |
Flag indicating if this is an encrypted Attachment. |
SigningLocked |
Boolean |
Value indicating whether the user should be allowed to change signing selection of the attachment.
If both SigningLocked and SingedByDefault are true, then signing is required.
|
SignedByDefault |
Boolean |
Value indicating whether the service owner wants the attachment to be signed.
If both SigningLocked and SingedByDefault are true, then signing is required.
|
FileSize |
Int |
The file size of the attachment in bytes, or -1 if the file size is unknown to the API.
|
Name |
Type |
Description |
FormId |
Int |
The id of the form. |
Type |
String |
Form type, e.g. subform or mainform. |
FormData |
String |
The Form data. This is currently only used when the client wants to POST or PUT a form. A client that wants to
retrieve the form data must use a separate operation. See actions for Forms below.
|
DataFormatId |
String |
DataFormatId of the Form. |
DataFormatVersion |
Int |
DataFormatVersion of the Form. |
ValidationStatus |
String |
Value indicating the current validation status of the Form. |
Name |
String |
Name of the Form. |
SigningLocked |
Boolean |
Value indicating whether the user should be allowed to change signing selection of the form.
If both SigningLocked and SingedByDefault are true, then signing is required.
|
SignedByDefault |
Boolean |
Value indicating whether the service owner wants the form to be signed.
If both SigningLocked and SingedByDefault are true, then signing is required.
|
Name |
Type |
Description |
ReporteeId |
String |
A unique id representing the reportee in Altinn. |
Name |
String |
The name of the reportee. |
Type |
String |
The type of reportee. Value depends on the language choice of the user.
English: Enterprise | Business | Person
Bokmål: Foretak | Bedrift | Person
Nynorsk: Føretak | Bedrift | Person
|
Status |
String |
Indicates whether the organization is active or inactive. An organization can be inactive if it for some reason
(e.g. bankruptcy) has ceased. This is populated only if the reportee is an organization.
|
OrganizationNumber |
String |
The organization number of the reportee. This is populated only if the reportee is an organization. |
ParentOrganizationNumber |
String |
The parent organization number of the reportee. This is populated only if the reportee is an organization, and the organization is a suborganization. |
TypeOfOrganization |
String |
The type of organization for the reportee. This is populated only if the reportee is an organization. E.g ENK, AS, ORGL. |
SocialSecurityNumber |
String |
The social security number of the reportee. This is populated only if the reportee is a person. |
Name |
Type |
Description |
OrganizationNumber |
String |
Organization number. |
Name |
String |
Name of the Organization. |
Type |
String |
The type of reportee. Value depends on the language choice of the user.
English: Enterprise | Business | Person
Bokmål: Foretak | Bedrift | Person
Nynorsk: Føretak | Bedrift | Person
|
Status |
String |
Indicates whether the organization is active or inactive. An organization can be inactive if it for some reason
(e.g. bankruptcy) has ceased. This is populated only if the reportee is an organization.
|
Name |
Type |
Description |
Name |
String |
Name of the user. |
AddressLine1 |
String |
Address line number 1. |
AddressLine2 |
String |
Address line number 2. |
AddressLine3 |
String |
Address line number 3. |
UserName |
String |
User name of the user. |
MobileNumber |
String |
Mobile number registered to be used for pin code on SMS. |
PreferredLanguage |
String |
User preferred language. |
ShowClientUnits |
Boolean |
Flag indicating whether to show client units. |
PrivateConsent |
Boolean |
Flag indicating whether this user has given private consent in Altinn. |
ProfessionalConsent |
Boolean |
Flag indicating whether this user has given professional consent in Altinn. |
ContactInformation |
ContactInformation |
Contact information from the private consent profile of the user. |
Name |
Type |
Description |
Email |
String |
The email address registered as private consent contact address. |
Mobile |
String |
The mobile number registered as private consent contact number. |
RequestsEmailReceipts |
Boolean |
A flag indicating if this user wants to receive receipts when new elements are added to the message box. |
Name |
Type |
Description |
Id |
Integer |
The Id of the address. This field should be empty (+) when submitting new contact information via a POST request. |
Name |
String |
The name of the address. This is usually the same as the email/mobile number. This field should be empty (null) when submitting new contact information via a POST request. |
Email |
String |
The email address registered as an official contact address for the organization. |
MobileNumber |
String |
The mobile number registered as an official contact address for the organization. |
IsSelectedForNotification |
Boolean |
(Deprecated)A flag indicating if this address should receive notifications. Will always be true. This field should be empty/default (false) |
Name |
Type |
Description |
Entity |
String |
Name of the organization. |
Email |
String |
Email address. |
OrganizationNumber |
String |
The representing organization number. |
MobileNumber |
String |
Mobile number registered. |
Type |
String |
Type of Unit |
LastModifiedBy |
String |
The name of the person who did the last change to the unit profile. |
Address |
String |
Organization postal address |
PostCode |
String |
Organization postal code |
City |
String |
Organization city name |
BusinessAddress |
String |
Organization business address |
BusinessPostCode |
String |
Organization business postal code |
BusinessCity |
String |
Organization business city name |
LastModifiedDate |
DateTime |
The date and time for the last change to the unit profile. |
IsSelectedForNotification |
Boolean |
Flag indicating whether is Selected For Notification. |
Name |
Type |
Description |
ServiceOwnerCode |
String |
The id of the owner of the service. |
ServiceOwnerName |
String |
The name of the owner of the service. |
ServiceName |
String |
The name of the service. |
ServiceCode |
String |
Part 1 of the unique id of the service. |
ServiceEditionName |
String |
The name of the service edition |
ServiceEditionCode |
Int |
Part 2 of the unique id of the service. |
ValidFrom |
DateTime |
The date from when the service is valid to be used. |
ValidTo |
DateTime |
The date till when the service is valid to be used. |
ServiceType |
String |
The type of service. |
RestEnabled |
Boolean |
Flag indicating if the service can be used through the REST Api. |
AttachmentRules |
List<AttachmentRule> |
List of attachment rules associated to the service. |
FormsMetaData |
List<FormMetaData> |
List of form meta data elements associated with the service. |
EUSEnabled |
Boolean |
Flag indicating if the service is enabled for end user system. |
EnterpriseUserEnabled |
Boolean |
Flag indicating if the service is enabled for enterprise users. |
ProcessSteps |
List<ProcessStep> |
List of process step elements associated with the service. |
Name |
Type |
Description |
FormID |
Int |
Logical Form ID in the Form Set Collection. |
FormName |
String |
Logical Form Name in the Form Set Collection. |
DataFormatProviderType |
String |
Logical form Data Format Provider. |
DataFormatID |
String |
Part 1 of the unique id of the form definition. |
DataFormatVersion |
Int |
Part 2 of the unique id of the form definition. |
IsOnlyXsdValidation |
Boolean |
Flag indicating if a submission is validated with more than the XSD. |
FormType |
String |
Logical form type. |
Name |
Type |
Description |
SequenceNumber |
Int |
The numerical order of each step in the work flow. |
Name |
String |
Name of the process step. |
SecurityLevel |
Int |
Required security level of the process step. |
Name |
Type |
Description |
AttachmentRuleId |
Int |
Id of the Attachment Rule. |
AllowedFileTypes |
String |
A list of file extensions that are accepted. |
AttachmentTypeName |
String |
The name of the attachment rule/type. |
AttachmentTypeNameLanguage |
String |
Attachment Type Name Language. |
IsCheckSumAllowed |
Boolean |
Flag indicating whether check sum can be used. |
IsXSDValidationRequired |
Boolean |
Flag indicating whether xml attachments will be validated with an XSD. |
MaxAttachmentCount |
Int |
The maximum number of allowed attachments. |
MaxFileSize |
Int |
The maximum allowed file size. |
MinAttachmentCount |
Int |
The minimum number of attachments required. |
A Codelist is a list of tuples where each tuple can hold one code and three values. Each list have a name,
version number and a language in addition to the actual codes.
Name |
Type |
Description |
Name |
String |
The name of the codelist. |
Version |
Int |
The version number of the codelist. Services can use a spesific version of a codelist. |
Language |
Int |
The language used in the codelist. |
Codes |
List<CodelistItem> |
The actual list of codes. See CodelistItem. |
A CodelistItem is a tuple that can hold one code and three values. The CodelistItem model is used by the Codelist
model to describe each item in the list.
Name |
Type |
Description |
Code |
String |
The code value of the item. |
Value1 |
String |
Item value number one. |
Value2 |
String |
Item value number two. |
Value3 |
String |
Item value number three. |
Name |
Type |
Description |
RoleId |
Int |
Unique id of the role. |
RoleType |
String |
Specifies the type of role this is. Possible values are Altinn, External and Local. |
RoleDefinitionId |
int |
Unique id of the role definition. |
RoleName |
String |
Name of the role. |
RoleDescription |
String |
Description of the role. |
Delegator |
String |
Specifies who has delegated this role. |
DelegatedTime |
DateTime |
The date and time when the role was delegated. |
Name |
Type |
Description |
RightID |
Int |
A unique id for the specific right. |
RightType |
String |
Specifies the type of right. Possible values are Message, Service and SystemResource. |
SystemResourceID |
String |
Id of the system resource. Visible only for a right of type SystemResource. |
ServiceCode |
String |
Part 1/2 of the id of a specific service. Visible only for a right of type Service. |
ServiceEditionCode |
int |
Part 2/2 of the id of a specific service. Visible only for a right of type Service. |
MessageID |
int |
Value used to identify a specific message. |
Action |
String |
Action supported by the right. Possible values are Read, Write, Sign, ArchiveRead and ArchiveDelete. |
RightSourceType |
String |
Specifies the way the right is given. Possible values are PartyRights, RoleTypeRights, ReporteeElementRights and DirectlyDelegatedRights. |
Name |
Type |
Description |
RuleGuid |
string |
A unique id for the specific right. |
AltinnAppId |
String |
Specifies the appid on format org/app and reflects to the app definition where org is the owner of the app and app is the name of the app. |
ResourceId |
String |
Id of the system resource. This will be Task or Event and possible more values in the future |
ResourceValue |
String |
The name of the resource |
Action |
String |
Action supported by the right. Possible values are anything defined as Action on the app but Read, Write is common values. |
RightSourceType |
String |
Specifies the way the right is given. Possible values are DirectlyDelegated, InheritedViaKeyRole, InheritedAsSubunit, InheritedAsSubunitViaKeyrole, RoleTypeRight. |
IsDelegatable |
bool |
Specifies if this right is delegatable or not. |
Name |
Type |
Description |
RoleType |
String |
Specifies the type of role this is. Possible values are Altinn, External and Local. Can be left out when creating a new role. Value will be set to Local. |
RoleDefinitionId |
Int |
Unique id of the role definition. Leave out when creating a new role. |
RoleName |
String |
A descriptive name for the role. Limited to 50 characters. |
RoleDescription |
String |
A complementary description of the role. Limited to 255 characters. |
Rights |
List<Right> |
A list of the rights associated with the role. |
Name |
Type |
Description |
RoleDefinitionId |
Int |
Unique id of the role definition. |
RoleDefinitionCode |
String |
The role definition code. E.g. "DAGL" |
LocalizedRoleName |
String |
A descriptive name for the role, localized based on the requested langage. |
ParentRoleDefinitionIds |
List<Int> |
A list of all parent role definition ids, for role which have this role definition as a child role. Meaning this role requirement is also valid for the parents. |
IsDelegable |
Boolean |
Value indicating whether the right provided by this role requirement is available for delegation to others |
Operations |
List<RoleOperation> |
A list of operations the role of this role requirement gives access to |
Name |
Type |
Description |
Name |
String |
The name of this operation/action. |
LocalizedFriendlyName |
String |
The name of this operation/action, localized based on the requested langage. |
AppliesTo |
List<ProcessStep> |
A list of process steps this operation applies to. |
Name |
Type |
Description |
RightHolderId |
String |
The ID of the user holding the rights. The value is globally unique in Altinn and represents a person, organization or enterprise user. |
Name |
String |
The name of the right holder. Person name, name of organization or username of an enterprise user. |
LastName |
String |
The surname of the reportee. Visible only for persons. Required input when performing delegation. |
UserName |
String |
The username of an enterprise user or person with a username. Not visible in output, but required input when delegating a right to an enterprise user. |
Email |
String |
Required input when performing delegation. The value is used to notify the entity receiving the new rights. |
SocialSecurityNumber |
String |
The social security number of the reportee if a person. This is in most cases hidden. Can be used in place of username when delegating rights to a person. |
OrganizationNumber |
String |
The organization number of the reportee. This is required input when delegating rights to an organization. |
Roles |
List<Role> |
A list of existing roles given to the rights holder. |
Rights |
List<Right> |
A list of existing rights given to the rights holder. (Most rights in this list has been given through a role.) |
Name |
Type |
Description |
ServiceCode |
String |
The external service code of the related service. |
ServiceEditionCode |
Integer |
The external service edition code of the related service. |
UsageDateTime |
Datetime |
The date and time for when the consent was used. Optional. |
Name |
Type |
Description |
AuthorizationCode |
Guid |
The AuthorizationCode of a valid ConsentRequest. Only in return. |
RequestStatus |
String |
The status of an ConsentRequest. Only in return. |
Created |
DateTime |
DateTime when the request was created. Only in return. |
LastChanged |
DateTime |
DateTime when the request was last changed. Only in return. |
CoveredBy |
String |
Norwegian organization number or SSN of CoveredBy. |
OfferedBy |
String |
Norwegian organization number or SSN of OfferedBy. |
OfferedByName |
String |
Last name of person or name of organization. |
HandledBy |
String |
Norwegian organization number or SSN of HandledBy. Optional if not required by SRR. |
RequiredDelegator |
String |
Norwegian organization number or SSN of RequiredDelegator. Optional. |
RequiredDelegatorName |
String |
Last name of person. Optional, but required if RequiredDelegator is present. |
ValidTo |
DateTime |
The DateTime to which the consent will last, if granted. |
RedirectUrl |
String |
The redirectUrl where the user should be redirected after the consent is given. |
RequestResources |
List<ConsentRequestResource> |
Array containing Requested Services |
RequestMessage |
Dictionary<Language, string> |
Dictionary containing the request message specified in different languages. |
Errors |
List<ConsentRequestError> |
An array with errorMessages if validation of request failed. Only on return. |
PortalViewMode |
string |
An value defining if the Request should be shown in the portal to be completed later or not. Possible values: Hide is default value if not provided. |
Name |
Type |
Description |
ServiceCode |
String |
The external service code of the related service. |
ServiceEditionCode |
Integer |
The external service edition code of the related service. |
Operations |
List<OperationType> |
Array of operations. Only in return. |
Metadata |
Dictionary<string, string> |
Metadata properties for the specified service. Optional. |
Name |
Type |
Description |
ErrorCode |
String |
An id of the error that occured in the request. |
ErrorMessage |
String |
A detailed description of what is wrong with the request. |
Name |
Type |
Description |
Success |
bool |
Value indicating whether there were any hard errors found during validation |
ValidationErrors |
List<ValidationError> |
List of validation errors |
ValidationWarnings |
List<ValidationError> |
List of validation warnings |
Name |
Type |
Description |
FieldName |
String |
Name of the field that failed validation. |
FieldXPath |
String |
XPath of the field that failed validation. |
ErrorMessage |
String |
Validation error message. |
Name |
Type |
Description |
RequestStatus |
String |
The status of the delegation request. (Only in response) |
CoveredBy |
Reportee |
The person or organization that requests the rights. |
OfferedBy |
Reportee |
The person or organization that can approve or decline the requested rights. |
Created |
DateTime |
The date and time for when the request was initially created. (Only in response) |
LastChanged |
DateTime |
The date and time for when the request was last changed. (Only in response) |
RequestMessage |
String |
A message explaining why CoveredBy should get the rights specified in the request. This is to help the RoleAdministrator in OfferedBy to understand why this request is made. This is a draft of the message, and CoveredBy will be able to change the message before sending it to the RoleAdministrator. (Optional) |
RequestResources |
List<DelegationRequestResource> |
Array containing the Requested Services |
Name |
Type |
Description |
ServiceCode |
String |
The external service code of the related service. |
ServiceEditionCode |
Integer |
The external service edition code of the related service. |
Operations |
List<OperationType> |
Array of operations (Read, Write, Sign, Access). If none is given, access to all available operations on the specified service will be requested. (Optional) |
Name |
Type |
Description |
ServiceCode |
String |
The external service code of the related service. |
ServiceEditionCode |
Integer |
The external service edition code of the related service. |
Recipients |
List<String> |
Array of operations recipients. Organization or social security numbers. |
SendersReference |
String |
A senders reference for the BrokerServiceDescription. |
FileList |
List<BrokerServiceDescriptionFileEntry> |
Array of files in request. Optional |
Properties |
Dictionary<string, string> |
Property dictionary for the BrokerServiceDescription. Optional. |
Name |
Type |
Description |
FileName |
String |
The filename of a file in the BrokerServiceFile submission. |
Checksum |
String |
The checksum of a file in the BrokerServiceFile submission. |
Name |
Type |
Description |
ServiceCode |
String |
The external service code of the related service. |
ServiceEditionCode |
Integer |
The external service edition code of the related service. |
FileName |
String |
Name of the file when it was uploaded. |
FileReference |
Guid |
Altinn reference to the file. |
FileSize |
long |
Size of the file in bytes. |
FileStatus |
Enum |
Status of the file. Values: (Uploaded, Downloaded) |
ReceiptId |
Integer |
ReceiptId of the file. |
Sender |
String |
SSN or Organizationnumber for the sender of the file. |
SentDate |
DateTime |
When the file was uploaded. |
SendersReference |
String |
Senders reference for the file. |
Name |
Type |
Description |
ReceiptId |
Integer |
The internal identity of the Receipt. |
ParentReceiptID |
Integer |
The internal identity of the Parent receipt. |
LastChanged |
DateTime |
When the receipt was last changed. |
Status |
Enum |
Status of the receipt. Values: (Ok, UnexpectedError, ValidationFailed, Rejected) |
Text |
string |
Receipt text. |
SendersReference |
string |
SendersReference of the receipt. |
ServiceOwnerPartyReference |
string |
SSN or Organizationnumber for the owner of the file. |
PartyReference |
String |
SSN or Organizationnumber for the recipient of the file. |
ReceiptHistory |
string |
Historical Receipt texts. |
SubReceipts |
List<BrokerServiceReceipt> |
Subreceipts of the parent receipt. |
Actions
Actions related to access tokens and consent. The documentation here assumes some basic knowledge about the Altinn consent solution.
API | Description |
POST authorization/token/{authCode}/loguse |
Use this to register that you have used the right given to you with the consent.
|
GET authorization/token/{authCode} |
Use this to obtain a JSON web token with claims associated with your authorization code.
|
DELETE authorization/token/{authCode} |
Use this to discard the rights you obtained with a consent, based on an authorization code.
|
Contains all actions related to the role type
Contains all actions related to authorization rights
Contains all actions related to the authorization roles
Collection of actions that provides data about legal entities the user can represent.
Reportee is a term used to describe a legal entity that the user can represent and act on behalf of.
The actions provide data about the persons and organizations the user can represent.
API | Description |
POST reportees/ReporteeConversion |
Gets a reportee entity that the subject can represent.
|
GET reportees?showConsentReportees={showConsentReportees}&includeInactiveReportees={includeInactiveReportees} |
Gets a list of entities that the current user can represent.
|
GET reportees/{reporteeId} |
Gets a reportee entity by its id.
|
GET reportees?serviceCode={serviceCode}&serviceEdition={serviceEdition}&showConsentReportees={showConsentReportees} |
Gets all entities with access to the given service (identified by
ServiceCode and
ServiceEdition
|
GET reportees?app={app} |
Gets all reportees where the user have access to the given Altinn App, identified by
|
Collection of actions that provides data about legal entities the user can represent.
Reportee is a term used to describe a legal entity that the user can represent and act on behalf of.
The actions provide data about the persons and organizations the user can represent.
API | Description |
GET {who}/authorization/Delegations/{receiverId}/apprights |
[Removed] Gets all apprights for a given right holder
|
GET {who}/authorization/Delegations/{receiverId}/rights |
Gets all rights for a given right holder
|
GET {who}/authorization/Delegations/{receiverId}/roles?language={language} |
Gets all roles for a given receiver
|
GET {who}/authorization/Delegations/{receiverId}?language={language} |
Gets a right holder by its id. Will include all rights and roles delegated to the right holder
|
GET {who}/authorization/Delegations?serviceCode={serviceCode}&serviceEdition={serviceEdition}&app={app} |
Gets a list of entities that has been delegated rights and/or roles from the given who
|
POST {who}/authorization/Delegations |
Delegate roles and/or rights to a given party identified by username, organization number and/or ssn.
When delegating to a user, last name must also be given - and when delegating to an organization the organization
name must be given.
|
DELETE {who}/authorization/Delegations?receiverId={receiverId}&roleId={roleId} |
This method deletes a role (Single) delegated by the given reportee ID (who)
|
DELETE {who}/authorization/Delegations?receiverId={receiverId}&authzRuleId={authzRuleId} |
This method deletes a right delegated by the given reportee ID (who)
|
DELETE {who}/authorization/Delegations?receiverId={receiverId}&org={org}&app={app}&ruleGuid={ruleGuid} |
[Removed] This method deletes a specific rule delegated by the given reportee ID (who), identified by ruleGuid
|
DELETE {who}/authorization/Delegations/{receiverId}/roles/{roleId} |
This method deletes a role (Single) delegated by the given reportee ID (who)
|
DELETE {who}/authorization/Delegations/{receiverId}/rights/{authzRuleId} |
This method deletes a right delegated by the given reportee ID (who)
|
DELETE {who}/authorization/Delegations/{receiverId}/apprights/{org}/{app}/{ruleGuid} |
[Removed] This method deletes a specific rule delegated by the given reportee ID (who), identified by ruleGuid
|
Contains all actions related to authentication
API | Description |
POST authentication/authenticatewithpassword |
Attempts to authenticate the user with the provided social security number or username, and password.
The password and username can be configured on the portal profile page.
This method also supports authentication using client certificates. To enable client certificate authentication,
include the URL-parameter ?ForceEIAuthentication.
|
Contains all actions related to the profile
API | Description |
GET my/profile |
Gets the user profile of the currently authenticated user.
|
GET {orgno}/profile |
Gets profile of the given organization number.
|
GET {orgno}/profile/contactinformation |
Get a list of contacts for an organization. The contacts are the people Altinn will send notifications to
when the organization receives messages.
|
POST {orgno}/profile/contactinformation |
Create a new contact address for an organization. The contacts are the people Altinn will send notifications to when the organization receives messages. The only field that can contain any values are either Email or MobileNumber. You can not supply both at the same time. All other fields should be default/null.
|
GET {orgno}/profile/contactinformation/{id} |
Get the details for a specified contact from the list of contacts.
|
DELETE {orgno}/profile/contactinformation/{id} |
Delete the details for a specified contact from the list of contacts.
|
Controller for all actions related to LookUp calls through the generic ExecuteLookUp operation in SBL.
API | Description |
GET {who}/lookup/{serviceCode}/{serviceEdition}?authorizationCode={authorizationCode} |
This operation performs a call to a LookUp service defined by the input parameters ServiceCode and ServiceEditionCode.
|
Contains all actions related to the service
API | Description |
GET metadata?language={language} |
Gets the list of available services in Altinn.
|
GET metadata/correspondence/{serviceCode}/{serviceEditionCode}?language={language} |
Get more details for a specific correspondence service by its service code and service edition version.
|
GET metadata/formtask/{serviceCode}/{serviceEditionCode}?language={language} |
Get more details for a specific form task (Reporting) service by its service code and service edition version.
|
GET metadata/lookup/{serviceCode}/{serviceEditionCode}?language={language} |
Get more details for a specific lookup service by its service code and service edition version.
|
GET metadata/roledefinitions/{roleDefinitionId}?language={language} |
Gets a specific role definition.
|
GET metadata/roledefinitions?language={language} |
Get all general role definitions.
|
GET metadata/rolerequirements?serviceCode={serviceCode}&serviceEditionCode={serviceEditionCode}&language={language} |
Retrieves the role requirements for an AltinnII service or App resource (either a DelegationScheme from Maskinporten or Altinn 3.0 App),
which gives access to one or more operations for the Service or App
|
GET metadata/rolerequirements?app={app}&language={language} |
Retrieves the role requirements for an Altinn 3.0 App resource which gives access to one or more operations for the App
|
GET metadata/formtask/{serviceCode}/{serviceEditionCode}/forms/{dataFormatId}/{dataFormatVersion}/xsd |
Get the XSD for a form specified by service identifiers, and the DataFormatId and DataFormatVersion for the logical form.
|
GET metadata/lookup/{serviceCode}/{serviceEditionCode}/schemas/{schema} |
Get schema data for a lookup service, either the response schema or the request schema.
These schemas are used to validate input or output for the service.
|
GET metadata/formtask/{serviceCode}/{serviceEditionCode}/attachmentrules/{ruleId}/xsd |
Get the attachment rule validation file for attachments with xml content. Very few services require xml attachments and perform xsd validation.
|
GET metadata/codelists?language={language} |
Retrieve a complete overview of all code lists available in the given language.
|
GET metadata/codelists/{name}/{version}?language={language} |
Retrieve a specific code list in the given language if available.
|
GET metadata/well-known |
Gets oauth authorization server metadata, describing where the JSON Web Key endpoint can be found. Also exposed under the "well known" url format under the Altinn domain: https://altinn.no/.well-known/oauth-authorization-server
|
GET metadata/jwk |
Gets a set of JSON Web Keys. The JSON Web Keys exposed are the publicly available certificates to be used to verify the signed JSON Web Tokens Altinn provides for consents given in Altinn.
|
Contains all actions related to the Organization model
Contains all actions related to the Attachment model
API | Description |
POST {who}/messages/{messageId}/attachments/streamedattachment?fileName={fileName}&attachmentType={attachmentType}&language={language} |
Add an attachment to an existing message defined by the message id by uploading the data as a stream
|
DELETE {who}/messages/{messageId}/attachments/{attachmentId} |
Delete a specific attachment and remove it from its parent message. Only works for FormTask messages.
|
POST {who}/messages/{messageId}/attachments/{attachmentId}?language={language} |
Add an attachment to an existing message defined by the message id.
|
POST {who}/messages/{messageId}/attachments/{attachmentId}?fileName={fileName}&attachmentType={attachmentType}&language={language} |
Add an attachment to an existing message defined by the message id by uploading the data as a stream
|
GET {who}/messages/{messageId}/attachments |
Get all attachments related to the given message.
|
POST {who}/messages/{messageId}/attachments?language={language} |
Add an attachment to an existing message defined by the message id.
|
GET {who}/authorization/Attachments/{receiverId}?messageId={messageId}&attachmentId={attachmentId} |
Gets an attachment based on attachmentId.
Note that the messageId and
attachmentId
must be related.
|
Contains all actions related to the Message model
API | Description |
GET {who}/Messages/{messageId}?language={language}&markAsRead={markAsRead} |
Gets a specific message by its messageId.
|
PUT {who}/Messages/{messageId}?language={language}&complete={complete}&sign={sign} |
Attempts to update existing message instance already registered in Altinn.
|
DELETE {who}/Messages/{messageId} |
Performs a delete of the identified message if possible.
If the user has access to the system resource 'rolleadministrator', this action will permanently delete any correspondences or achived elements for organizations.
In all other use cases, this action will perform a soft delete of any correspondences or archived elements for organizations.
Additionally selected elements might be protected in a way that prevents deletion.
|
GET {who}/Messages?language={language} |
Gets all messages for the given 'who'. These can optionally be retrieved in the language specified.
|
POST {who}/Messages?language={language}&complete={complete}&sign={sign} |
Attempts to instantiate, sign and archive the message
for the given who.
|
GET {who}/Messages/{messageId}/Print?language={language}&dataFormatId={dataFormatId}&dataFormatVersion={dataFormatVersion} |
Gets the PDF representation of the
message with the given messageId
|
PUT {who}/Messages/{messageId}/Archive?language={language} |
Attempts to archive an existing Correspondence in Altinn.
|
PUT {who}/Messages/{messageId}/Confirm?language={language} |
Attempts to confirm an existing Correspondence in Altinn.
|
GET {who}/Messages/{messageId}/Validate?language={language} |
Attempts to validate an existing reporting service in Altinn.
|
GET {who}/Messages/{messageId}/signingtext?language={language} |
Get the signing text that will be used when a person signs the message. The message need to be based on a service with a process
step for signing and be at the correct step. Otherwise there will be no signing text to be found and 404 is returned.
|
GET {who}/messages/{messageId}/custommessagedata |
Gets the custom message data content of a specific message by its messageId.
|
GET {who}/Messages/trashbin?language={language} |
Gets all soft deleted messages for the given 'who'. These can optionally be retrieved in the language specified.
|
Contains all actions related to the Form model
API | Description |
GET {who}/messages/{messageId}/forms?language={language} |
Gets all forms related to the given message.
|
POST {who}/messages/{messageId}/forms |
Add a new form to an existing message.
|
GET {who}/messages/{messageId}/forms/{formId}?language={language} |
Gets the specific form based on the given combination of message and form id.
|
PUT {who}/messages/{messageId}/forms/{formId} |
Put operation for a existing form on a message. Performs only XSD Validation of the form. Use this to change
the content of an existing form.
|
DELETE {who}/messages/{messageId}/forms/{formId} |
Delete operation for a existing form on a message. Use this to remove a form from a message.
|
GET {who}/messages/{messageId}/forms/{formId}/formdata?language={language} |
Gets the xml for a form based on
and
|
GET {who}/messages/{messageId}/forms/{formId}/print?language={language} |
Gets the PDF representation of the
message with the given messageId
|
Contains all actions related to the broker service
Contains all actions related to the Consent request Register
API | Description |
GET consentRequests/{authCode} |
Get a specific Consent request from the AuthorizationRequest table
|
DELETE consentRequests/{authCode} |
Delete a specific consent request from the AuthorizationRequest table
|
GET consentRequests?serviceCode={serviceCode}&serviceEditionCode={serviceEditionCode}&direction={direction}&status[0]={status[0]}&status[1]={status[1]}&continuation={continuation} |
Gets all consent requests for authenticated part, optionally filtered by service or pagination
|
POST consentRequests |
Adds a new Consent request into the ConsentRequest table
|
GET consentRequest/{authCode} |
DEPRECATED, Get a specific Consent request from the AuthorizationRequest table
|
DELETE consentRequest/{authCode} |
DEPRECATED, Delete a specific consent request from the AuthorizationRequest table
|
POST consentRequest |
DEPRECATED, redirects to consentRequests
|
Contains all actions related to the DelegationRequests
API | Description |
GET delegationRequests/{id} |
[Removed] Get a specific DelegationRequest by its id
|
DELETE delegationRequests/{id} |
[Removed] Delete a specific DelegationRequest by its id
|
POST delegationRequests |
[Removed] Adds a new DelegationRequest with status UNOPENED. The authenticated org can only create requests where they are CoveredBy.
|
GET delegationRequests?serviceCode={serviceCode}&serviceEditionCode={serviceEditionCode}&direction={direction}&status[0]={status[0]}&status[1]={status[1]}&continuation={continuation} |
[Removed] Gets a list of all the DelegationRequests where the authenticated organization is either coveredBy or offeredBy. Optional parameters can be used in order to filter the result.
|
Contains all actions for managing enterprise users
API | Description |
POST enterpriseusers |
Creates a new enterprise user
|
GET enterpriseusers |
Gets all existing enterprise user
|
GET enterpriseusers/{userName} |
Gets a specific enterprise user
|
DELETE enterpriseusers/{userName} |
Deletes a specific enterprise user
|
PUT enterpriseusers/{userName} |
Renames a specific enterprise user
|
POST enterpriseusers/{userName}/rotatesecret |
Rotates a specific enterprise user's secret
|
Portal integrations
There are still a few tasks and technical aspects that requires the use of the Altinn portal. In these cases
the API will attempt to make the transition between the API and the portal as smooth as possible.
Integration |
Description |
Payment |
The goal of this integration is to get the user directly to the correct payment page in the portal and back to the
API with minimal impact on user experience.
Flow:
- Perform GET of the element that are ready for payment.
- Find the link with the name "payment".
-
(optional) Append a "returnUrl" parameter to the url. The user will be redirected to the web address
given in the parameter when the payment is complete. The domain of the address must have been approved for the
use of the API (API key of type "Web").
- Open the URL in a browser or web view. The user completes the payment process.
- There are two ways to return to the API:
-
With returnUrl - The last step in the process will be a redirect to the return address. The URL will
have a new parameter named "resource". This will be the URI to the element. (Elements that are
archived will get a new messageId.)
-
Without returnUrl - The last response in the process will have status 204 and the Location field in
the header will contain the URI to the element.(Elements that are archived will get a new messageId.)
|
External authentication |
The goal with this integration is to have the user authenticated with Altinn without too many steps. This can be
used for users that have browsers with settings that prevent the IDPorten SSO solution from working correctly as well
as for those web applications that do not have any integration with IDPorten.
Flow:
-
Send a request to "https://{env}/Pages/ExternalAuthentication/Redirect.aspx?returnUrl={address}". The
value of requestUrl must be the address of the resource the user should go to when authentication is complete.
The domain of the address must have been approved for the use of the API (API key of type "Web").
-
Possible situations:
- The user is already authenticated with IDPorten or directly in Altinn. No actions from the user will be needed.
- The user is not authenticated and Altinn displays the authentication options. The user authenticates themselves.
-
Possible outcomes:
- The user is successfully authenticated. Altinn proceeds and prepare to return the user to the provided address.
- The user is not authenticated. The user must remain on the authentication page.
-
Authenticated users are given an authentication cookie called .ASPXAUTH with session data. This cookie must be included
in all REST API requests that requires authentication.
-
Altinn creates a response with a redirect to the address given in the requestUrl parameter in step one.
|
OData filtering
OData can be used to enable filtering, paging and ordering of lists of elements returned by all methods returning a list.
The filter option of Odata makes it possible to filter the resultlist based on the properties of the model returned.
For example by applying the following parameter when requesting all messages for a given user:
$filter=ServiceOwner eq 'Skatteetaten'.
Operations with support for OData queries will be set to a maximum page size of 50 elements, and to display all elements the external
application using the api must enable paging. Paging in OData is done by passing the parameter $skip={number of elements to skip}.
The OData options supported so far are:
- $filter
- $skip
- $top
- $orderby
For more information about OData see OData.
Note: All requests to the REST API are currently subject to set limitations in the underlying platform with regards to how many messages can be fetched
and authorized from the database. These limitations are applied before any OData filtering takes place, so in cases where there is a large
number of active and/or archived messages, the returned list may be incomplete. When this occurs, an additional HTTP header X-Warning-LimitReached
will be added to the response.
To work around this, you may supply additional query parameters to the request: dateFrom and dateTo, which both takes a datetime
value in the form YYYY-MM-DDTHH:MM:SS. This dates will be applied to the underlying database query before any OData filtering occurs, enabling
access to messages that would otherwise be unavailable due to the aforementioned limitations. (See example below; both parameters are optional, and may include an optional time specification)
https://www.altinn.no/api/my/messages?dateFrom=2018-01-20&dateTo=2018-01-20T23:59:59&$filter=...