Fullmakt Rails
Brokered, scoped, revocable authority (fullmakt) that lets a Norwegian company delegate a specific mandate to an AI agent through an Altinn systembruker — designed for machine-to-machine acting, with every call PDP-verified. Endpoints are planned, not yet live.
[Cite this as: Apier.no Docs v0.1.0 — last updated 2026-07-16]
Planned product — not yet live. Fullmakt Rails are in active development (AGT-02). This page describes the intended design; none of the endpoints below are callable today. Nothing here is a live capability or a legal guarantee.
Fullmakt Rails are Apier's planned authority layer: the plumbing designed to let a Norwegian company hand an AI agent a specific, bounded mandate to act on its behalf — and take it back at any time. "Fullmakt" is the Norwegian term for a granted authority or mandate. Instead of an agent holding a company's raw credentials, the company would delegate a scoped authority through an Altinn systembruker (system user), and every action an agent takes is designed to be checked against that delegation before it reaches a government endpoint.
The design goal is a delegation that is scoped (limited to named actions, not blanket access), revocable (the company can withdraw it and the agent's authority stops), and auditable (every use is recorded). Apier would broker this through Altinn's authorization model — it does not invent a parallel one — so the authority an agent holds would be the same authority a Norwegian company can grant, inspect, and revoke in Altinn itself.
Who Fullmakt Rails are for
- Enterprises that want an AI agent to handle a narrow, well-defined regulatory task (for example, preparing a filing) without giving the agent standing access to everything the organisation can do in Altinn.
- Agent developers building on Apier who need a first-class, machine-to- machine way to ask for an authority, check whether they currently hold it, and hand it back — without a human clicking through a portal on every run.
How it is meant to work
- Delegation lives in Altinn. The company grants a systembruker delegation; Apier reads and acts within it, never outside it.
- Rich Authorization Requests (RAR). The agent's access is expressed as a
scoped RAR token (
urn:altinn:systemuser), so the authority is carried in the token rather than assumed from possession of a key. - PDP-verified on every call. Before any action is forwarded to a government API, the delegation is checked against Altinn's Policy Decision Point (PDP). If the mandate does not cover the action, the call is refused with a structured error — the agent never silently over-reaches.
Planned endpoints
Not yet live. The endpoints below are the planned Fullmakt Rails surface. None of them are callable today — this page is a scaffold that ships ahead of the implementation. When a route goes live it will be documented here with a real request/response example and added to the OpenAPI spec. Until then, treat every path below as a design placeholder.
| Endpoint | Method | Purpose (planned) | Status |
|---|---|---|---|
/api/v1/fullmakt/request | POST | Request a scoped authority for a named action on behalf of a company. | NOT YET LIVE |
/api/v1/fullmakt/{org} | GET | Read the authority an agent currently holds for a given organisation number. | NOT YET LIVE |
/api/v1/fullmakt/revoke | POST | Withdraw a previously granted authority. | NOT YET LIVE |
The Fullmakt tag is reserved in the OpenAPI spec
as metadata now, ahead of any operations, so the surface is discoverable while
it is being built.
Status
Fullmakt Rails are in active development (AGT-02). This page will grow as the endpoints land; the concept, scopes, and the Altinn systembruker integration are documented here first so the machine interface and the human interface do not drift.
MCP server
Connect any MCP-compatible agent to Apier's hosted Norwegian compliance tools — per-client config, a five-minute quickstart, and the full 20-tool reference.
Endpoint reference
Apier.no API contract — authoritative machine-readable spec at /openapi.json, with browsable per-endpoint docs grouped by capability.