Does Apier work with the Model Context Protocol (MCP)?

Yes. The @apier-no/mcp npm package drops into any MCP-compatible client (Claude Desktop, Cursor, custom harnesses) via npx, and your agent gets the Apier tool surface — get_company_summary, get_company_obligations, get_company_deadlines, list_acting_capacity, check_authorization, validate_action, explain_compliance_error — over the standard JSON-RPC protocol. Same tools the REST surface exposes, no separate integration.

What is the difference between calling Brønnøysund directly and going through Apier?

Brønnøysund returns raw company-registry rows — NACE codes, signaturrett, prokura, dissolved status. Apier returns the same data plus the cross-agency obligation verdict: who must file MVA bimonthly, who needs an auditor by year-end, whose delegation expires soon. Apier sits at the layer where regulatory state from Brønnøysund, Skatteetaten, NAV, and Altinn 3 is reconciled into a single context an agent can plan against. If you only need Tier 1 registry data, calling Brønnøysund directly is reasonable; if your agent needs to act on that data, the integration cost flips toward Apier.

Can my agent file taxes or submit MVA on behalf of a Norwegian company?

Dry-run validation runs today via POST /api/v1/actions/execute?dry_run=true (mva_melding and a_melding). Live submission: mva_melding is live-wired against the Altinn 3 submitter with Maskinporten production approval gating the actual upstream call. Every action requires a single-use approval token plus an active Altinn System User delegation for the org, and live submission emits an HMAC-signed receipt envelope you can persist for audit. Execution is gated and deterministic — an agent cannot bypass the approval step.

Why an MCP server rather than teaching my agent the rules?

Norwegian regulatory rules change on the Stortinget cycle — thresholds, filing cadence, and entity-type nuances shift every quarter. An agent that hard-codes them goes stale silently. Apier ships the rules as the versioned Universal Rulebook and exposes the verdicts as tools, so the agent reasons over current rules it never had to learn. The same input plus rulebook version produces byte-identical output, which is what makes an agent's decisions reproducible and auditable.

Do I need separate Maskinporten credentials for each company my agent serves?

No. Apier brokers Maskinporten centrally. Your agent authenticates with one Bearer API key; per-company authority comes from the Altinn System User delegation that company grants your account. Each delegation scopes which APIs your agent can call on that company's behalf, and Apier resolves the right token at request time without returning the raw OAuth token to your code. One enterprise certificate, one Maskinporten client, N company delegations.

Developer API

Altinn for AI Agents

Don't teach your agent Norwegian law. Hand it Apier's MCP server.

Read the docs Try the sandbox

Apier is a developer-facing API and Model Context Protocol server for AI agents touching Norwegian regulatory infrastructure — Altinn 3, Maskinporten, and Brønnøysund as infrastructure rather than something your agent rebuilds.

Sovereign Friction is the moat your agent does not want to rebuild

Norwegian regulatory infrastructure is a long integration that changes every quarter. The pieces an agent must either solve or skip:

Authority chains. Signaturrett, prokura, daglig leder, board members, and Altinn System User delegation scopes decide who may legally act for an organisation — and the mapping is non-obvious (prokura covers commercial signing but not tax submission; signaturrett may be joint-only).
Credential lifecycle. Virksomhetssertifikat, Maskinporten client and keypair, Altinn System Register entry, per-organisation delegation — across several portals and agencies, each with its own expiry and rotation cycle.
Quarterly rule drift. MVA cadence, audit thresholds, and entity-type nuances (AS vs ENK vs NUF) shift on the Stortinget cycle. An agent that hard-codes the rules goes stale silently.

One MCP server over the whole stack

Apier exposes its full tool surface over the Model Context Protocol. Your agent discovers and calls deterministic tools — obligation verdicts, deadline math, acting-capacity resolution, dry-run validation, and the Compliance Explainer — and every answer is the same shape it would get over REST. Underneath, the same eight components do the work:

Auth Gateway. Maskinporten client-assertion, token caching, and the Altinn 3 System User delegation flow — one Bearer key, raw tokens never exposed.
Registry Engine. Canonical company state reconciled across Brønnøysund, Skatteetaten, NAV, and Altinn.
Universal Rulebook. Versioned regulatory rules with legal_reference citations; deterministic evaluation, so the same input plus rulebook version produces byte-identical output.
Deadline Engine. MVA terminer, A-melding cadence, skattemelding, årsregnskap — calendar math in Europe/Oslo, DST- and holiday-aware.
MCP Server. Every tool above over the Model Context Protocol at /api/mcp, packaged as @apier-no/mcp on npm.
Intent-to-Action Parser. Action requests resolved into dry-run plus live submission pipelines; validation gates run before any upstream call, and live submission requires a one-time approval token.
AI-Agent Discovery. llms.txt, llms-full.txt, workflows.json, /api/v1/capabilities, and the well-known manifests — every machine discovery surface populated and stable.
Compliance Explainer. Every Apier error_code resolves to a Norwegian-bokmål Explanation envelope (summary, why, fix_steps, legal_basis, handover) via POST /api/v1/explain.

Deterministic execution, with an audit trail

When an agent acts, the forensic chain is preserved: every API response is SHA-256 hashed into an append-only provenance log, every compliance evaluation is kept by correlation_id with the rulebook version that applied, and every submission receipt includes the government's raw response, HMAC-signed end to end. Who authorised the action, what rule was in force, what Apier returned, and what the government confirmed can be reconstructed from a single correlation_id — from the first call onward, not gated by tier.

Wire it up

Drop @apier-no/mcp into any MCP-compatible client config and the Apier tool surface lights up. The same verdict is available over JSON-RPC and over plain REST.

{
  "mcpServers": {
    "apier": {
      "command": "npx",
      "args": ["-y", "@apier-no/mcp"],
      "env": { "APIER_API_KEY": "apier_live_<your_key>" }
    }
  }
}

// An MCP-compatible harness (Claude Desktop, Cursor, custom) calls the
// get_company_obligations tool over MCP JSON-RPC. Apier resolves it
// against the live Rulebook and returns the structured obligation set.
{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "get_company_obligations",
    "arguments": { "org_number": "991825827" }
  },
  "id": 1
}

# The same verdict over REST, for any HTTP client.
curl -H "Authorization: Bearer apier_live_<your_key>" \
  "https://www.apier.no/api/v1/company/991825827/obligations"

Source + issues: github.com/PowerLaunch/apier-mcp. Package: npmjs.com/package/@apier-no/mcp.

What agents do with it

Answer “what must this company file, and when?” without the agent learning Norwegian tax law.
Resolve whether a given actor may take a given action before attempting it — acting-capacity over the Altinn delegation model plus the registry roles.
Run a filing through dry-run validation, then a gated live submission, and persist the signed receipt for audit.

FAQ

Does Apier work with the Model Context Protocol (MCP)?: Yes. The @apier-no/mcp npm package drops into any MCP-compatible client (Claude Desktop, Cursor, custom harnesses) via npx and your agent gets the Apier tool surface — get_company_summary, get_company_obligations, get_company_deadlines, list_acting_capacity, check_authorization, validate_action, explain_compliance_error — over the standard JSON-RPC protocol.
What is the difference between calling Brønnøysund directly and going through Apier?: Brønnøysund returns raw company-registry rows. Apier returns the same data plus the cross-agency obligation verdict: who must file MVA bimonthly, who needs an auditor by year-end, whose delegation expires soon. If you only need Tier 1 registry data, calling Brønnøysund directly is reasonable; if your agent needs to act on that data, the integration cost flips toward Apier. See the Brønnøysund (BRREG) API page.
Can my agent file taxes or submit MVA on behalf of a Norwegian company?: Dry-run validation runs today via POST /api/v1/actions/execute?dry_run=true (mva_melding and a_melding). Live submission: mva_melding is live-wired against the Altinn 3 submitter with Maskinporten production approval gating the actual upstream call. Every action requires a single-use approval token plus an active Altinn System User delegation, and live submission emits an HMAC-signed receipt. An agent cannot bypass the approval step.
Why an MCP server rather than teaching my agent the rules?: Norwegian regulatory rules change on the Stortinget cycle, and an agent that hard-codes them goes stale silently. Apier ships the rules as the versioned Universal Rulebook and exposes the verdicts as tools, so the agent reasons over current rules it never had to learn. The same input plus rulebook version produces byte-identical output — which is what makes the agent's decisions reproducible and auditable.
Do I need separate Maskinporten credentials for each company my agent serves?: No. Apier brokers Maskinporten centrally — your agent authenticates with one Bearer API key, and per-company authority comes from the Altinn System User delegation that company grants your account. See the Maskinporten API page for the brokered-auth detail.

The APIs your agent consumes

Altinn API — delegations and filing through Altinn 3.
Maskinporten API — the brokered machine-to-machine auth.
Brønnøysund (BRREG) API — company lookup and verification.
Documentation and the Apier home page.

Get started

The MCP server is a single npx away and the sandbox is curlable with no signup; the docs cover the tool surface, scopes, and the gated execution path.

Read the docs Try the sandbox