{"success":true,"data":{"service":"apier.no","version":"1","rulebook_version":"1.0.0","locale":"nb-NO","capabilities":[{"id":"public.deadlines","name_en":"Norwegian business deadline calendar","name_nb":"Norsk forretningsfristkalender","description_en":"Use this to get the canonical list of universal Norwegian business deadlines for a calendar year (MVA terminer, A-melding, skattemelding, årsregnskap). Deterministic and already adjusted forward through weekends and Norwegian public holidays.","description_nb":"Hent den kanoniske listen over universelle norske forretningsfrister for et gitt kalenderår (MVA-terminer, A-melding, skattemelding, årsregnskap). Deterministisk og allerede justert fremover for helger og norske helligdager.","endpoint":{"method":"GET","path":"/api/v1/public/deadlines"},"auth":"none","tier_minimum":null,"category":"public-tool","openapi_operation_id":"getPublicDeadlines","example_request":"GET /api/v1/public/deadlines?year=2026","data_sources":["internal-static"],"freshness":"static","status":"live"},{"id":"public.obligations","name_en":"Generic obligations by Norwegian entity type","name_nb":"Generelle forpliktelser per norsk selskapsform","description_en":"Use this to discover the universal obligations that apply to a given Norwegian entity type (AS, ENK, ANS, DA, NUF). Template layer only — call `getCompanyContext` plus `getPermissionState` when you need a per-company evaluation. Obligations with `tier_2_required: true` need a delegation before evaluation.","description_nb":"Oppdag de universelle forpliktelsene som gjelder for en gitt norsk selskapsform (AS, ENK, ANS, DA, NUF). Kun mal-nivå — bruk `getCompanyContext` og `getPermissionState` for per-selskap-evaluering. Forpliktelser med `tier_2_required: true` krever delegering før evaluering.","endpoint":{"method":"GET","path":"/api/v1/public/obligations"},"auth":"none","tier_minimum":null,"category":"public-tool","openapi_operation_id":"getPublicObligations","example_request":"GET /api/v1/public/obligations?entity_type=AS","data_sources":["internal-static"],"freshness":"static","status":"live"},{"id":"tools.exchange_rate","name_en":"Norges Bank NOK exchange rate","name_nb":"Valutakurs fra Norges Bank","description_en":"Use this to fetch the official NOK exchange rate for a currency and optional date. Weekends / holidays / pre-publication today fall back to the most recent prior business day; `data.date` is the actual publication date, `data.requested_date` is what you asked for.","description_nb":"Hent offisiell NOK-kurs fra Norges Bank for en valuta og en valgfri dato. Helger, helligdager og før publisering i dag faller tilbake til siste foregående virkedag; `data.date` er den faktiske publiseringsdatoen, `data.requested_date` er det du spurte om.","endpoint":{"method":"GET","path":"/api/v1/tools/exchange-rate"},"auth":"none","tier_minimum":null,"category":"public-tool","openapi_operation_id":"getExchangeRate","example_request":"GET /api/v1/tools/exchange-rate?currency=EUR&date=2026-04-10","data_sources":["norges-bank"],"freshness":"cached","status":"live"},{"id":"tools.altinn_migration","name_en":"Altinn 2 → Altinn 3 migration lookup","name_nb":"Altinn 2 → Altinn 3 migrasjonsoppslag","description_en":"Use this to discover the Altinn 3 equivalent of an Altinn 2 service or role code before the 19 June 2026 deprecation deadline. Gate production migration actions on `verified === true`; unverified entries are convenience references only.","description_nb":"Finn Altinn 3-tilsvarende for en Altinn 2-tjeneste- eller rollekode før utfasingsfristen 19. juni 2026. Baser produksjonsmigreringer på `verified === true`; uverifiserte oppføringer er kun referanseinformasjon.","endpoint":{"method":"GET","path":"/api/v1/tools/altinn-migration"},"auth":"none","tier_minimum":null,"category":"public-tool","openapi_operation_id":"getAltinnMigration","example_request":"GET /api/v1/tools/altinn-migration?altinn2_code=A0208","data_sources":["digdir","internal-static"],"freshness":"static","status":"live"},{"id":"company.context","name_en":"Company context (Tier 1 + Tier 2)","name_nb":"Selskapskontekst (Tier 1 + Tier 2)","description_en":"Use this as the canonical read on a Norwegian company: Tier 1 Brønnøysund fields plus the gated Tier 2 commercial metrics (employee count, turnover, balance-sheet total) when the consumer has an active delegation. Response `data.data_tier` tells you which tier was served; `_meta.served_from` distinguishes cache vs live. Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Kanonisk oppslag på et norsk selskap: Tier 1 Brønnøysund-felter og de lukkede Tier 2 kommersielle metrikkene (antall ansatte, omsetning, balansesum) når konsumenten har en aktiv delegering. `data.data_tier` viser hvilket nivå som ble levert; `_meta.served_from` skiller buffer fra live. Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/context"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyContext","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/context","data_sources":["brreg","internal-supabase"],"freshness":"cached","status":"live"},{"id":"company.verify","name_en":"Company verification verdict","name_nb":"Selskapsverifisering","description_en":"Use this for a fast pass / warn / fail trust check on a Norwegian company before acting on its behalf. Deterministic verdict reduced from the same Tier 1 Brønnøysund data as `getCompanyContext` — no separate fetch. Computes seven live signals: `is_active` (registered status), `has_signing_authority_defined` (signaturrett or prokura present), `not_bankrupt` / `not_under_dissolution` / `not_forcibly_dissolved` (each derived by inverting a raw BRREG distress flag — `not_bankrupt: true` means `konkurs` is false; tri-state with independent per-flag parsing so co-occurring conditions are preserved), `mva_registered` (Tier-1 VAT status), and `has_filed_annual_accounts` (open Regnskapsregisteret filing status — `true` = annual accounts on file, `false` = the register authoritatively reports none, `null` = unknown / open tier does not cover the entity, never fabricated). `pass` = active with signing authority; `warn` = active but no signing authority defined; `fail` = not active; `unknown` = status indeterminate. All transparency signals (distress, MVA, filing) never change the verdict; any signal stays `null` when its open-registry datum is genuinely unknown. Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Bruk denne for en rask bestått / advarsel / feilet tillitssjekk på et norsk selskap før du handler på dets vegne. Deterministisk verdikt utledet fra de samme Tier 1 Brønnøysund-dataene som `getCompanyContext` — ingen separat henting. Beregner sju live-signaler: `is_active` (registreringsstatus), `has_signing_authority_defined` (signaturrett eller prokura finnes), `not_bankrupt` / `not_under_dissolution` / `not_forcibly_dissolved` (hver utledet ved inversjon av et rått BRREG-statusflagg — `not_bankrupt: true` betyr at `konkurs` er usann; tri-state med uavhengig parsing per flagg slik at samtidige betingelser bevares), `mva_registered` (Tier-1 MVA-status) og `has_filed_annual_accounts` (innleveringsstatus fra åpent Regnskapsregister — `true` = årsregnskap innlevert, `false` = registeret melder autoritativt at ingen er innlevert, `null` = ukjent / den åpne tjenesten dekker ikke enheten, aldri fabrikkert). `pass` = aktiv med signaturrett eller prokura; `warn` = aktiv, men ingen definert signaturrett eller prokura; `fail` = ikke aktiv; `unknown` = ubestemmelig status. Alle åpenhetssignalene (konkurs, MVA, innlevering) endrer aldri verdiktet; et signal forblir `null` når kildedataene er reelt ukjente. Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/verify"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyVerification","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/verify","data_sources":["brreg","internal-supabase"],"freshness":"cached","status":"live"},{"id":"company.accounts","name_en":"Company annual accounts snapshot","name_nb":"Selskapets årsregnskap (øyeblikksbilde)","description_en":"Use this for a current-snapshot read of a Norwegian company's annual accounts from the OPEN Regnskapsregisteret tier: `has_filed_annual_accounts` (tri-state — `true` = at least one annual-accounts record on file, `false` = the register authoritatively reports none for a covered entity, `null` = unknown / the open tier does not cover the entity, e.g. banks & insurers filing via a separate oppstillingsplan), `last_accounts_year` (most-recent accounting year, Europe/Oslo), and that year's minimal `key_figures` (currency, presentation basis, total assets, annual result, operating result, total equity + liabilities). `currency` is always surfaced so the monetary figures are never silently read as NOK (large issuers report in USD/EUR). v1 is current-snapshot only — no multi-year history, no closed/authenticated tier. Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Bruk denne for et øyeblikksbilde av et norsk selskaps årsregnskap fra det ÅPNE Regnskapsregisteret: `has_filed_annual_accounts` (tri-state — `true` = minst ett årsregnskap er innlevert, `false` = registeret melder autoritativt at ingen er innlevert for en dekket enhet, `null` = ukjent / den åpne tjenesten dekker ikke enheten, f.eks. banker og forsikringsselskap som leverer etter en egen oppstillingsplan), `last_accounts_year` (siste regnskapsår, Europe/Oslo) og det årets minimale `key_figures` (valuta, oppstillingsplan, sum eiendeler, årsresultat, driftsresultat, sum egenkapital og gjeld). `currency` vises alltid slik at beløpene aldri leses som NOK ved en feil (store utstedere rapporterer i USD/EUR). v1 gir kun et øyeblikksbilde — ingen flerårig historikk, ingen lukket/autentisert tjeneste. Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/accounts"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyAccounts","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/accounts","data_sources":["brreg"],"freshness":"live","status":"live"},{"id":"company.authority","name_en":"Company signing-authority resolver","name_nb":"Selskapets signaturmyndighet","description_en":"Use this to answer \"who can legally sign for this Norwegian company, and how?\" before acting on its behalf. Returns a deterministic classification — `sole` (one role signs alone), `joint` (several roles must sign together), `by_role` (multiple alternative combinations; the path depends on role), `prokura_only` (no signaturrett, but prokura is defined), `no_authority` (neither registered), or `unknown` (the signing rule could not be determined). Normalised from the open Brønnøysund Fullmakttjenesten signing combinations (Brønnøysund applies the statutory signing rules server-side and returns `signeringsKombinasjon`; Apier buckets that output — it does NOT re-encode statute) combined with the already-loaded /roller holders. `data.combinations[]` carries each combination's Brønnøysund `kombinasjons_id` + human `description` + role codes; the role holders are listed once on `data.signaturrett_holders` / `data.prokura_holders` (not per-combination — the Fullmakt code vocabulary and the /roller label vocabulary do not align). `data.kombinasjon_available` is `false` when the signatur lookup was unreachable, in which case the classification degrades to the /roller holders plus any prokura combinations that could still be fetched. No legal citation is asserted. Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Bruk denne for å svare på «hvem kan signere lovlig for dette norske selskapet, og hvordan?» før du handler på dets vegne. Returnerer en deterministisk klassifisering — `sole` (én rolle signerer alene), `joint` (flere roller må signere i fellesskap), `by_role` (flere alternative kombinasjoner; avhenger av rolle), `prokura_only` (ingen signaturrett, men prokura er definert), `no_authority` (ingen av delene registrert) eller `unknown` (signeringsregelen kunne ikke fastslås). Normalisert fra de åpne signeringskombinasjonene i Brønnøysunds Fullmakttjeneste (Brønnøysund anvender de lovbestemte signeringsreglene på serversiden og returnerer `signeringsKombinasjon`; Apier kategoriserer resultatet — uten å gjenskape lovteksten) kombinert med de allerede innlastede rolleinnehaverne fra /roller. `data.combinations[]` bærer hver kombinasjons `kombinasjons_id` + menneskelig `description` + rollekoder; rolleinnehaverne er oppført én gang på `data.signaturrett_holders` / `data.prokura_holders` (ikke per kombinasjon — Fullmakt-kodevokabularet og /roller-etikettvokabularet samsvarer ikke). `data.kombinasjon_available` er `false` når signatur-oppslaget var utilgjengelig, og da degraderes klassifiseringen til rolleinnehaverne pluss eventuelle prokura-kombinasjoner som fortsatt kunne hentes. Ingen lovhjemmel påstås. Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/authority"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyAuthority","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/authority","data_sources":["brreg","fullmakttjenesten"],"freshness":"live","status":"live"},{"id":"company.filing_history","name_en":"Company filing history (Altinn) paired with the Apier audit trail","name_nb":"Selskapets innsendingshistorikk (Altinn) sammenstilt med Apier-sporingsloggen","description_en":"Use this to reconcile a Norwegian company's Altinn 3 filing history against the filings YOUR consumer submitted through Apier — the accountant/auditor reconciliation wedge. Returns the org's Altinn filing instances (Mva-melding, A-melding, Skattemelding, …) — form code, title, receiving agency, submitted_at (Europe/Oslo), status, and instance id — each PAIRED with its Apier audit-log entry where one exists: `filed_via_apier` is true with an `apier_record` (audit_log id + correlation_id) for filings Apier submitted, false for filings made directly in Altinn. Pairing is best-effort (a transient audit-read failure degrades every filing to `filed_via_apier: false`, never failing the call). Offset-paginated (`limit` 1–100, `offset` ≥ 0); an org with no filings returns 200 with an empty list. MOCK-GATED build: deterministic synthetic fixtures today; the live Altinn path is pending the `altinn:instances.read` Maskinporten scope. Requires an API key (Bearer) with the read:altinn scope.","description_nb":"Bruk denne for å avstemme et norsk selskaps innsendingshistorikk i Altinn 3 mot innsendingene DIN konsument har levert via Apier — avstemmingskilen for regnskapsførere og revisorer. Returnerer selskapets Altinn-innsendinger (Mva-melding, A-melding, Skattemelding, …) — skjemakode, tittel, mottakende etat, submitted_at (Europe/Oslo), status og instans-id — hver sammenstilt med sin Apier-sporingsloggoppføring der den finnes: `filed_via_apier` er true med en `apier_record` (audit_log-id + correlation_id) for innsendinger Apier leverte, false for innsendinger gjort direkte i Altinn. Sammenstillingen er beste forsøk (en forbigående lesefeil mot sporingsloggen degraderer hver innsending til `filed_via_apier: false`, uten å feile kallet). Offset-paginert (`limit` 1–100, `offset` ≥ 0); et selskap uten innsendinger gir 200 med en tom liste. MOCK-PORTET bygg: deterministiske syntetiske fikstur-data i dag; den ekte Altinn-stien venter på Maskinporten-scopet `altinn:instances.read`. Krever en API-nøkkel (Bearer) med read:altinn-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/filing-history"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyFilingHistory","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/filing-history","data_sources":["altinn","internal-supabase"],"freshness":"live","status":"dry-run"},{"id":"company.summary","name_en":"Combined company compliance summary","name_nb":"Samlet etterlevelsessammendrag for selskap","description_en":"Use this as your FIRST call when orienting against a Norwegian company: one round-trip returns the entity_type, the served data tier, the full obligation catalogue the Universal Rulebook evaluates, and the rolling deadline calendar — all computed from one rule version and one company snapshot so downstream reasoning never has to reconcile drifting views. Composition only (`getCompanyContext` + the obligations evaluation + the deadline pipeline, plus a Tier-2 compliance-state lookup that fills `deadlines[].filing_status` with verbatim `filed` / `overdue` signals). It deliberately does NOT return the full `/context` surface — no name, status, signaturrett, prokura, or role holders; call `getCompanyContext` for those. `data.data_tier` tells you which tier was served; `data.upgrade_path` is a Norwegian pointer at the Altinn delegation flow on tier_1 and null on tier_2. Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Bruk denne som ditt FØRSTE kall når du orienterer deg om et norsk selskap: ett rundtur-kall returnerer entity_type, det leverte datanivået, hele forpliktelseskatalogen som Universal Rulebook evaluerer, og den rullerende fristkalenderen — alt beregnet fra én regelversjon og ett selskaps-øyeblikksbilde, slik at videre resonnement aldri må forene data som spriker. Kun komposisjon (`getCompanyContext` + forpliktelsesevalueringen + fristpipeline, pluss et Tier-2 etterlevelsesoppslag som fyller `deadlines[].filing_status` med ordrette `filed` / `overdue`-signaler). Den returnerer bevisst IKKE hele `/context`-flaten — verken navn, status, signaturrett, prokura eller rolleinnehavere; kall `getCompanyContext` for de feltene. `data.data_tier` viser hvilket nivå som ble levert; `data.upgrade_path` peker på Altinn-delegeringsflyten på tier_1 og er null på tier_2. Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/summary"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanySummary","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/summary","data_sources":["brreg","internal-rulebook","internal-supabase"],"freshness":"cached","status":"live"},{"id":"company.obligations","name_en":"Company regulatory obligations","name_nb":"Selskapets regulatoriske forpliktelser","description_en":"Use this to retrieve every regulatory obligation the Universal Rulebook evaluates for a Norwegian company — one EvaluationResult per rule whose `entity_types[]` matches the company's entity_type, with all three verdicts side-by-side: `applicable` (every condition matched), `not_applicable` (at least one condition failed), and `insufficient_data` (a Tier-2 field the rule reads is null — surface a delegation path rather than guess yes/no). Deterministic and ordered `rule_id` ascending. Only rules whose citations are human-verified against Lovdata reach this endpoint. `data.data_tier` is tier_2 only when a Tier-2 delegation is active and the Registry has populated Tier-2 fields; tier_1 responses carry `insufficient_data` for every Tier-2-dependent rule plus a Norwegian `upgrade_path`. Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Bruk denne for å hente hver regulatoriske forpliktelse som Universal Rulebook evaluerer for et norsk selskap — én EvaluationResult per regel hvis `entity_types[]` matcher selskapets entity_type, med alle tre verdiktene side om side: `applicable` (alle betingelser oppfylt), `not_applicable` (minst én betingelse feilet) og `insufficient_data` (et Tier-2-felt regelen leser er null — vis en delegeringssti i stedet for å gjette ja/nei). Deterministisk og sortert `rule_id` stigende. Kun regler med kildehenvisninger som er menneskelig verifisert mot Lovdata når dette endepunktet. `data.data_tier` er tier_2 kun når en Tier-2-delegering er aktiv og Registeret har fylt Tier-2-feltene; tier_1-svar bærer `insufficient_data` for hver Tier-2-avhengig regel pluss en norsk `upgrade_path`. Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/obligations"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyObligations","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/obligations","data_sources":["brreg","internal-rulebook"],"freshness":"cached","status":"live"},{"id":"company.deadlines","name_en":"Company deadline calendar","name_nb":"Selskapets fristkalender","description_en":"Use this to get the concrete per-period deadline calendar for a Norwegian company: the Deadline Engine expands every applicable obligation into DeadlineEntry rows with Europe/Oslo offsets and weekend + Norwegian-holiday adjustment. The horizon is a rolling window anchored on `from_date` (defaults to today in Europe/Oslo) and extending `horizon_months` ahead (default 12, range 1-60). Each entry's `filing_status` is `upcoming` / `overdue` auto-derived from `due_at` vs `from_date` — this standalone endpoint does NOT inject a compliance-state lookup, so call `getCompanySummary` on a Tier-2 delegation when you need verbatim `filed` signals. Obligations gated on a Tier-2 field short-circuit to `insufficient_data` and emit no entries until you delegate. Sorted `due_at` ascending (nulls last) and deterministic for a given (org, from_date, horizon_months). Requires an API key (Bearer) with the read:brreg scope.","description_nb":"Bruk denne for å hente den konkrete fristkalenderen per periode for et norsk selskap: Fristmotoren utvider hver gjeldende forpliktelse til DeadlineEntry-rader med Europe/Oslo-forskyvninger og justering for helger og norske helligdager. Horisonten er et rullerende vindu forankret på `from_date` (faller tilbake til i dag i Europe/Oslo) som strekker seg `horizon_months` fremover (standard 12, gyldig 1-60). Hver rads `filing_status` er `upcoming` / `overdue` automatisk utledet fra `due_at` mot `from_date` — dette frittstående endepunktet injiserer IKKE et etterlevelsesoppslag, så kall `getCompanySummary` med en Tier-2-delegering når du trenger ordrette `filed`-signaler. Forpliktelser som er betinget av et Tier-2-felt kortslutter til `insufficient_data` og gir ingen rader før du delegerer. Sortert `due_at` stigende (null sist) og deterministisk for en gitt (org, from_date, horizon_months). Krever en API-nøkkel (Bearer) med read:brreg-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/deadlines"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"getCompanyDeadlines","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/company/999999999/deadlines","data_sources":["brreg","internal-rulebook"],"freshness":"cached","status":"live"},{"id":"auth.permissions","name_en":"Check delegation status for an organisation","name_nb":"Sjekk delegasjonsstatus for en organisasjon","description_en":"Use this to poll whether the consumer already has an Altinn delegation for a given org. `data.status` is `full`, `partial`, or `none` — branch on it to decide whether to call `createSystemUserDelegation`.","description_nb":"Undersøk om konsumenten allerede har en Altinn-delegering for et gitt organisasjonsnummer. `data.status` er `full`, `partial` eller `none` — bruk den til å avgjøre om `createSystemUserDelegation` må kalles.","endpoint":{"method":"GET","path":"/api/v1/auth/permissions/{org}"},"auth":"api_key","tier_minimum":"free","category":"auth","openapi_operation_id":"getPermissionState","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/auth/permissions/999999999","data_sources":["altinn","internal-supabase"],"freshness":"live","status":"live"},{"id":"auth.delegate","name_en":"Create an Altinn 3 System User delegation","name_nb":"Opprett en Altinn 3 System User-delegering","description_en":"Use this when `getPermissionState` returns `none` or `partial`. Altinn returns a `delegation_url` that the company's signing authority must visit before the delegation becomes `active`. Supports Idempotency-Key.","description_nb":"Kall når `getPermissionState` returnerer `none` eller `partial`. Altinn returnerer en `delegation_url` som selskapets signaturberettigede må besøke før delegeringen blir `active`. Støtter Idempotency-Key.","endpoint":{"method":"POST","path":"/api/v1/auth/system-user/delegate"},"auth":"api_key","tier_minimum":"free","category":"auth","openapi_operation_id":"createSystemUserDelegation","example_request":"curl -X POST -H 'Authorization: Bearer <API_KEY>' -H 'Content-Type: application/json' -d '{\"org_number\":\"999999999\",\"scopes\":[\"altinn:authentication/systemuser.request.write\"]}' https://apier.no/api/v1/auth/system-user/delegate","data_sources":["altinn"],"freshness":"live","status":"live"},{"id":"auth.approval_token","name_en":"Mint a single-use approval token for a high-risk action","name_nb":"Generer et engangs-godkjenningstoken for en høyrisikohandling","description_en":"Use this ONLY after a human operator in the consumer's UI has explicitly confirmed the action. The plaintext token is returned exactly once and must be presented in `X-Approval-Token` on the subsequent write call — downstream endpoints treat it as proof-of-consent.","description_nb":"Kall kun etter at en menneskelig operatør i konsumentens UI eksplisitt har bekreftet handlingen. Klartekstverdien returneres nøyaktig én gang og må sendes i `X-Approval-Token` på det påfølgende skrivekallet — nedstrøms-endepunkter behandler det som samtykkebevis.","endpoint":{"method":"POST","path":"/api/v1/auth/approval-token"},"auth":"api_key","tier_minimum":"free","category":"auth","openapi_operation_id":"mintApprovalToken","example_request":"curl -X POST -H 'Authorization: Bearer <API_KEY>' -H 'Content-Type: application/json' -d '{\"org_number\":\"999999999\",\"action_id\":\"filing.submit\"}' https://apier.no/api/v1/auth/approval-token","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"company.audit","name_en":"Read consumer's own audit trail for a company","name_nb":"Les egen sporingslogg for en virksomhet","description_en":"Use this to read the slice of the immutable Sporingslogg (audit_log) that THIS consumer wrote against a single org_number — keyset-paginated, time-ordered, with optional filters on action / initiated_by / since / until. Cross-consumer visibility is structurally impossible: the auth boundary is consumer_id (resolved from your API key), and the URL org_number is a within-namespace filter. Each row carries correlation_id (joins to provenance_log / evaluation_snapshots / compliance_state_events from the same request), initiated_by (human / agent / cron / system / unknown), and schema_version. Sensitive keys in `details` are auto-redacted at write AND read time. Empty result returns 200 with `data: []` (NEVER 404 — that would leak existence across consumers). Requires API key with read:audit scope.","description_nb":"Les den delen av den uforanderlige Sporingsloggen (audit_log) som DENNE konsumenten har skrevet mot et bestemt organisasjonsnummer — markørbasert paginering, sortert etter tid, med valgfrie filtre på action / initiated_by / since / until. Det er strukturelt umulig å se andre konsumenters rader: autentiseringsgrensen er consumer_id (utledet fra API-nøkkelen din), og URL-ens org_number er et filter innenfor ditt eget navnerom. Hver rad bærer correlation_id (forener med provenance_log / evaluation_snapshots / compliance_state_events fra samme forespørsel), initiated_by (human / agent / cron / system / unknown) og schema_version. Sensitive nøkler i `details` redigeres automatisk både ved skriving og lesing. Tomt resultat returnerer 200 med `data: []` (ALDRI 404 — det ville lekke eksistens på tvers av konsumenter). Krever API-nøkkel med read:audit-scope.","endpoint":{"method":"GET","path":"/api/v1/company/{org}/audit"},"auth":"api_key","tier_minimum":"free","category":"company-data","openapi_operation_id":"readCompanyAuditTrail","example_request":"curl -H 'Authorization: Bearer <API_KEY>' 'https://apier.no/api/v1/company/999999999/audit?limit=50&initiated_by=agent'","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"changes.query","name_en":"Query the cross-source change archive","name_nb":"Søk på endringsarkivet på tvers av kilder","description_en":"Paginated, filterable read over every detected created/updated/deleted event in Apier's change archive — Brreg ingestion (PR-023b) plus the multi-source pollers for Altinn schemas, DigDir policies, and Norges Bank rates (PR-023c). Filterable by source / entity_type / entity_id / change_type / from–to date range. Cursor-paginated with HMAC-signed cursors so consumers can't tamper with keyset offsets. Requires API key with read:changes scope.","description_nb":"Paginert, filtrerbart oppslag mot endringsarkivet — Brreg-ingestjon (PR-023b) og multi-kilde-pollerne for Altinn-skjemaer, DigDir-policyer og Norges Bank-kurser (PR-023c). Filtrerbart på source / entity_type / entity_id / change_type / fra–til-dato. Markørbasert paginering med HMAC-signerte markører. Krever API-nøkkel med read:changes-scope.","endpoint":{"method":"GET","path":"/api/v1/changes"},"auth":"api_key","tier_minimum":"starter","category":"company-data","openapi_operation_id":"queryChanges","example_request":"curl -H 'Authorization: Bearer <API_KEY>' 'https://apier.no/api/v1/changes?source=brreg&entity_id=998877665&from=2026-01-01T00:00:00Z'","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"subscriptions.create","name_en":"Subscribe to change-archive deltas via webhook","name_nb":"Abonner på endringsarkiv-deltaer via webhook","description_en":"Create a subscription that pushes filtered change-archive events to your webhook URL. Apier signs every delivery with HMAC-SHA256 over `<timestamp>.<body>` (Stripe-style). The plaintext webhook secret is returned ONCE on create — store it client-side. URLs are SSRF-validated at create AND at every delivery; private CIDRs / metadata-endpoint hosts / .local suffixes are rejected. Requires API key with subscribe:webhooks scope. The only v1 event type is accounts.updated (filter source=brreg, entity_type=annual_accounts).","description_nb":"Opprett et abonnement som sender filtrerte endringsarkiv-hendelser til din webhook-URL. Apier signerer hver leveranse med HMAC-SHA256 over `<tidsstempel>.<kropp>` (Stripe-stil). Klartekst-hemmeligheten returneres ÉN GANG ved opprettelse — lagre den klient-side. URLer SSRF-valideres ved opprettelse OG ved hver leveranse; private CIDR-er / metadata-endepunkter / .local-suffikser avvises. Krever API-nøkkel med subscribe:webhooks-scope. Den eneste v1-hendelsestypen er accounts.updated (filter source=brreg, entity_type=annual_accounts).","endpoint":{"method":"POST","path":"/api/v1/subscriptions"},"auth":"api_key","tier_minimum":"professional","category":"company-data","openapi_operation_id":"createSubscription","example_request":"curl -X POST -H 'Authorization: Bearer <API_KEY>' -H 'Content-Type: application/json' -d '{\"webhook_url\":\"https://yourapp.example/hooks\",\"filter\":{\"source\":\"brreg\"}}' https://apier.no/api/v1/subscriptions","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"subscriptions.list","name_en":"List your active webhook subscriptions","name_nb":"Vis dine aktive webhook-abonnementer","description_en":"Lists active subscriptions belonging to the calling consumer. Secret material is NEVER returned — only metadata. Inactive subscriptions are not included.","description_nb":"Lister aktive abonnementer som tilhører den kallende konsumenten. Hemmelighet returneres ALDRI — kun metadata. Inaktive abonnementer er ikke inkludert.","endpoint":{"method":"GET","path":"/api/v1/subscriptions"},"auth":"api_key","tier_minimum":"professional","category":"company-data","openapi_operation_id":"listSubscriptions","example_request":"curl -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/subscriptions","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"subscriptions.delete","name_en":"Delete a webhook subscription","name_nb":"Slett et webhook-abonnement","description_en":"Soft-deletes a subscription (active=false). Idempotent. Cross-consumer access returns 404 to prevent existence leaks.","description_nb":"Soft-sletter et abonnement (active=false). Idempotent. Tilgang på tvers av konsumenter returnerer 404 for å hindre eksistens-lekkasje.","endpoint":{"method":"DELETE","path":"/api/v1/subscriptions/{id}"},"auth":"api_key","tier_minimum":"professional","category":"company-data","openapi_operation_id":"deleteSubscription","example_request":"curl -X DELETE -H 'Authorization: Bearer <API_KEY>' https://apier.no/api/v1/subscriptions/550e8400-e29b-41d4-a716-446655440000","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"admin.keys.create","name_en":"Create an API key for a consumer (admin)","name_nb":"Opprett en API-nøkkel for en konsument (admin)","description_en":"Operator-only — requires the ADMIN_API_KEY bearer secret. Returns the plaintext key exactly once; only the SHA-256 hash is stored. Maximum three active keys per consumer.","description_nb":"Kun operatør — krever ADMIN_API_KEY som Bearer-hemmelighet. Returnerer klartekstnøkkelen nøyaktig én gang; kun SHA-256-hashen lagres. Maksimalt tre aktive nøkler per konsument.","endpoint":{"method":"POST","path":"/api/v1/admin/keys"},"auth":"admin_api_key","tier_minimum":null,"category":"admin","openapi_operation_id":"createApiKey","example_request":"curl -X POST -H 'Authorization: Bearer <ADMIN_API_KEY>' -H 'Content-Type: application/json' -d '{\"consumer_id\":\"uuid...\"}' https://apier.no/api/v1/admin/keys","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"admin.keys.list","name_en":"List active API keys for a consumer (admin)","name_nb":"List aktive API-nøkler for en konsument (admin)","description_en":"Operator-only. Lists active (non-revoked) keys for a consumer. Never returns plaintext — only key metadata (id, label, created_at).","description_nb":"Kun operatør. Lister aktive (ikke tilbakekalte) nøkler for en konsument. Returnerer aldri klartekst — kun nøkkelmetadata (id, label, created_at).","endpoint":{"method":"GET","path":"/api/v1/admin/keys"},"auth":"admin_api_key","tier_minimum":null,"category":"admin","openapi_operation_id":"listApiKeys","example_request":"curl -H 'Authorization: Bearer <ADMIN_API_KEY>' 'https://apier.no/api/v1/admin/keys?consumer_id=<UUID>'","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"admin.keys.revoke","name_en":"Revoke an API key (admin)","name_nb":"Tilbakekall en API-nøkkel (admin)","description_en":"Operator-only. Soft-revokes a key by setting `is_revoked=true` and `revoked_at=now()`. Irreversible.","description_nb":"Kun operatør. Myk tilbakekalling av en nøkkel ved å sette `is_revoked=true` og `revoked_at=now()`. Irreversibel.","endpoint":{"method":"DELETE","path":"/api/v1/admin/keys/{id}"},"auth":"admin_api_key","tier_minimum":null,"category":"admin","openapi_operation_id":"revokeApiKey","example_request":"curl -X DELETE -H 'Authorization: Bearer <ADMIN_API_KEY>' https://apier.no/api/v1/admin/keys/<KEY_UUID>","data_sources":["internal-supabase"],"freshness":"live","status":"live"},{"id":"discovery.recipes","name_en":"Human-readable workflow recipes page","name_nb":"Menneskelesbare oppskrifter for arbeidsflyter","description_en":"Use this as the human-readable counterpart to /workflows.json. SSR HTML page that renders one section per canonical workflow: intent, steps, failure modes, agent_instructions, and a copy-paste cURL example. Content is derived from the same manifest /workflows.json serves — update the manifest and this page updates with it. Not a JSON API; intended for developers and as a crawlable page for AI agents that prefer HTML.","description_nb":"Bruk denne som menneskelesbar motpart til /workflows.json. SSR HTML-side som viser én seksjon per kanoniske arbeidsflyt: intensjon, trinn, feilmoduser, agent_instructions og et klipp-og-lim cURL-eksempel. Innholdet er avledet fra samme manifest som /workflows.json — endringer i manifestet reflekteres her automatisk. Ikke et JSON-API; ment for utviklere og som en crawlbar side for AI-agenter som foretrekker HTML.","endpoint":{"method":"GET","path":"/recipes"},"auth":"none","tier_minimum":null,"category":"discovery","openapi_operation_id":"getRecipesPage","example_request":"curl https://apier.no/recipes","data_sources":["internal-static"],"freshness":"static","status":"live"},{"id":"discovery.comparison.direct-integration","name_en":"Apier vs direct integration comparison","name_nb":"Apier mot direkteintegrasjon — sammenligning","description_en":"Use this to fetch the qualitative Apier-vs-direct-integration comparison matrix. Each dimension (authentication, delegation/authority, audit trail, legal grounding, error handling, deadline intelligence, cross-agency orchestration, maintenance burden, time-to-first-call) carries one factual statement per column. Machine-readable, not marketing — quantitative performance claims are intentionally absent until measured live telemetry exists, and the `methodology` + `source` fields state the comparison basis on the wire.","description_nb":"Hent den kvalitative matrisen som sammenligner Apier med å bygge direkteintegrasjonen mot offentlige API-er selv. Hver dimensjon har ett faktabasert utsagn per kolonne. Maskinlesbar, ikke markedsføring — kvantitative ytelsestall er bevisst utelatt til målt telemetri fra produksjon finnes, og feltene `methodology` + `source` oppgir sammenligningsgrunnlaget i selve svaret.","endpoint":{"method":"GET","path":"/api/v1/comparison/direct-integration"},"auth":"none","tier_minimum":null,"category":"discovery","openapi_operation_id":"getComparisonDirectIntegration","example_request":"curl https://apier.no/api/v1/comparison/direct-integration","data_sources":["internal-static"],"freshness":"static","status":"live"},{"id":"actions.execute_dry_run","name_en":"Validate (dry-run) or submit (live) a filing action","name_nb":"Valider (dry-run) eller send inn (live) en innleveringshandling","description_en":"Two discriminated behaviours on the same endpoint, selected by the `?dry_run=true` query parameter.\n\nDRY-RUN MODE (`?dry_run=true`) — validates a filing-action payload (mva_melding OR a_melding — both are accepted on dry-run) against five preflight checks WITHOUT submitting anything to Altinn / Skatteetaten / NAV. Returns 200 with a structured DryRunOutcome listing each check's pass/fail. The disclaimer reminds agents that a passing dry-run is NOT a guarantee of submission success.\n\nLIVE-EXECUTE MODE (?dry_run omitted or any value other than 'true') — when Maskinporten production approval is enabled, submits the filing to Altinn 3 (which routes to the Skatteetaten / NAV service owner). UNTIL THAT GATE CLEARS, the endpoint contract is shipped but the submitter is mock-backed (ALTINN_MODE=mock — the default; the per-integration switch per CLAUDE.md Rule 12, distinct from MASKINPORTEN_MODE which gates the Maskinporten auth layer): the route runs end-to-end through receipt signing + persistence + audit chain, but the upstream `altinn_receipt_id` is the deterministic SHA-256-derived MOCK-ALT-* value from the mock submitter. Production rollout requires Maskinporten production credentials + Skatteetaten MVA-melding service-owner approval + a live submitter implementation in src/lib/altinn/live-submitter.ts + DECISIONS.md sign-off (see DECISIONS.md PR-077 §1 for the full activation checklist). v1 supports mva_melding only on the LIVE path; a_melding live submission is gated on the live NAV integration and returns 403 PLAN_INSUFFICIENT in live mode (a_melding dry-run validation IS supported — only live submission is blocked).\n\nThree additional contracts on top of dry-run: (1) Idempotency-Key REQUIRED — a missing key returns 400 IDEMPOTENCY_KEY_REQUIRED. (2) X-Approval-Token REQUIRED — a single-use token minted via auth.approval_token, atomically consumed via the migration 033 RPC; rejected tokens map to APPROVAL_TOKEN_INVALID/USED/EXPIRED/MISMATCH. (3) Preconditions MUST pass — the same five dry-run checks run as a precondition gate; failures return 422 with the failed check list and do NOT consume the approval token (the agent can fix inputs and retry). Success returns 200 with a HMAC-SHA256-signed receipt envelope (mock or live mode). Audit chain: successful submission → `submit_mva` row; authorisation failure → `execute_authorization_failed`; post-consume submission failure → `submit_mva_failed`.","description_nb":"To diskriminerte oppførsler på samme endepunkt, valgt med `?dry_run=true`-spørringsparameteren.\n\nTØRRKJØRING (`?dry_run=true`) — valider en innleveringshandling (mva_melding ELLER a_melding — begge støttes på dry-run) mot fem forhåndssjekker UTEN å sende noe til Altinn / Skatteetaten / NAV. Returnerer 200 med et strukturert DryRunOutcome som lister hver sjekks pass/fail. Disclaimer-feltet minner om at en bestått tørrkjøring IKKE garanterer at den faktiske innleveringen lykkes.\n\nLIVE-UTFØRELSE (?dry_run utelatt eller noe annet enn 'true') — når Maskinporten produksjonsgodkjenning er aktivert, send innleveringen til Altinn 3 (videre til Skatteetaten / NAV). INNTIL DEN PORTEN ER ÅPNET er endepunktets kontrakt levert, men innsenderen er mock-basert (ALTINN_MODE=mock — default; per-integrasjons-bryteren per CLAUDE.md Rule 12, atskilt fra MASKINPORTEN_MODE som styrer Maskinporten-auth-laget): ruten kjører ende-til-ende gjennom kvitteringssignering + persistens + sporingslogg, men oppstrøms `altinn_receipt_id` er den deterministiske SHA-256-utledede MOCK-ALT-*-verdien fra mock-innsenderen. Produksjons-utrulling krever Maskinporten produksjonscredentials + Skatteetaten MVA-melding service-owner-godkjenning + en live submitter-implementasjon i src/lib/altinn/live-submitter.ts + DECISIONS.md sign-off (se DECISIONS.md PR-077 §1 for full aktiveringssjekkliste). v1 støtter kun mva_melding på LIVE-stien; a_melding live-innsending er sperret bak live NAV-integrasjonen og returnerer 403 PLAN_INSUFFICIENT i live-modus (a_melding dry-run-validering støttes — kun live-innsending er blokkert).\n\nTre ekstra kontrakter utover dry-run: (1) Idempotency-Key PÅKREVD — manglende nøkkel returnerer 400 IDEMPOTENCY_KEY_REQUIRED. (2) X-Approval-Token PÅKREVD — engangstoken generert via auth.approval_token, atomisk forbrukt via migrasjon 033 RPC. (3) Forhåndssjekkene MÅ passere — samme fem dry-run-sjekker kjøres som gate; feil returnerer 422 og forbruker IKKE tokenet (agenten kan rette opp og prøve igjen). Suksess returnerer 200 med HMAC-SHA256-signert kvitteringspakke (mock eller live modus). Sporingskjede: vellykket → `submit_mva`-rad; autorisasjonsfeil → `execute_authorization_failed`; innsending-feil-etter-token-forbruk → `submit_mva_failed`.","endpoint":{"method":"POST","path":"/api/v1/actions/execute"},"auth":"api_key","tier_minimum":"free","category":"actions","openapi_operation_id":"dryRunExecuteAction","example_request":"Dry-run: POST /api/v1/actions/execute?dry_run=true with headers { Authorization: Bearer <KEY> } and body { org_number, action_type, period, payload }. Live-execute: POST /api/v1/actions/execute with headers { Authorization: Bearer <KEY>, Idempotency-Key: <UUID>, X-Approval-Token: <token> } and body { org_number, action_type: \"mva_melding\", period, payload }. Both modes require API-key auth via Authorization header (round 5 manifest fix — was previously omitted from the dry-run half).","data_sources":["brreg","internal-rulebook","delegations","altinn","internal-supabase"],"freshness":"live","status":"dry-run"},{"id":"health.agent-readiness","name_en":"Agent-readiness probe","name_nb":"Agent-beredskapssjekk","description_en":"Use this before submitting a batch of compliance workflows to verify Apier is healthy: returns the live task success rate and p95 latency per workflow class plus the live Maskinporten circuit-breaker state. Rates fail open to conservative static defaults until live telemetry accumulates; the `source` field tells you which you got.","description_nb":"Bruk denne før du sender en serie compliance-arbeidsflyter for å bekrefte at Apier er friskt: returnerer live suksessrate og p95-latens per arbeidsflytklasse pluss live Maskinporten-strømbrytertilstand. Ratene faller tilbake til konservative statiske standarder til live-telemetri har samlet seg; feltet `source` viser hvilken du fikk.","endpoint":{"method":"GET","path":"/api/v1/health/agent-readiness"},"auth":"none","tier_minimum":null,"category":"discovery","openapi_operation_id":"getAgentReadiness","example_request":"GET /api/v1/health/agent-readiness","data_sources":["internal-telemetry"],"freshness":"live","status":"live"}],"available_scopes":["read:brreg","read:altinn","read:digdir","read:norgesbank","read:changes","read:audit","read:actions","read:rulebook","subscribe:webhooks","admin:keys"],"actions":{"dry_run_supported":true,"execute_supported":false,"action_types":["mva_melding","a_melding"]},"sandbox":{"available":true,"base_url":"https://www.apier.no/api/v1/sandbox","fixtures_url":"https://www.apier.no/api/v1/sandbox/fixtures","reserved_test_org_numbers":["999000001","999000002","999000003","999000004","999000005"],"reserved_error_org_numbers":{"999000901":"AUTH_MISSING_DELEGATION","999000902":"AUTH_EXPIRED_TOKEN","999000903":"VALIDATION_FAILED","999000904":"SCOPE_MISSING"},"simulate_error_param":"?simulate_error=<missing_delegation|invalid_token|validation_error|scope_missing|altinn_timeout|invalid_certificate|malformed_payload|upstream_5xx>","supported_error_codes":["missing_delegation","invalid_token","validation_error","scope_missing","altinn_timeout","invalid_certificate","malformed_payload","upstream_5xx"],"query_knobs":{"simulate_latency":{"unit":"ms","min":0,"max":30000},"mock_date":{"format":"YYYY-MM-DD","timezone":"Europe/Oslo"}},"magic_vat_values":[{"field":"total_revenue_nok","value":0,"outcome":"VALIDATION_FAILED","http_status":400},{"field":"total_revenue_nok","value":99999999,"outcome":"GOVERNMENT_VALIDATION_REJECTED","http_status":422},{"field":"period","value":"<YYYY-MM before mock_date/now>","outcome":"accepted (filed_late: true)","http_status":200}],"cors":"open","determinism":"byte-equivalent except _meta.response_timestamp"},"mcp":{"available":true,"server_url":"https://www.apier.no/api/mcp","schema_version":"2026.6.0","protocol":"json-rpc-2.0","tools_count_initial":3,"tools_count_active":13,"tools_count_planned":13,"deferred_tool_prs":[]},"multi_agent_safety":{"write_conflict_detection":true,"conflict_lock_ttls":{"mva_filing":600,"amelding_filing":300,"skattemelding_filing":1200,"aarsregnskap_filing":1800,"maskinporten_delegate":60}},"discovery":{"openapi":"/openapi.json","llms_txt":"/llms.txt","llms_full_txt":"/llms-full.txt","mcp_manifest":"/.well-known/mcp.json","agent_card":"/.well-known/agent-card.json","ai_plugin_manifest":"/.well-known/ai-plugin.json","security_txt":"/.well-known/security.txt","data_sovereignty":"/.well-known/data-sovereignty","workflows":"/workflows.json","mcp_endpoint":"/api/mcp"}},"_meta":{"rulebook_version":"1.0.0","data_freshness":"2026-06-15T00:00:00.000Z","last_verified":"2026-07-05T19:51:07.470Z","source":"apier.no internal manifest","schema_version":"1.1.0","response_timestamp":"2026-07-05T19:51:07.470Z","served_from":"static","active_optimize_mode":"cost","response_hash":"sha256:3b608365759f7edc26263e64b946334f2806a7b55c61dfcf020cf6297f84091e"}}