Use case

Compliance intelligence for Norwegian accounting software

Obligations, deadlines, and Altinn-as-a-service for Norwegian accounting software — one API, delegation-aware, MCP-ready.

What is hard about this today

• Maskinporten + Altinn 3 setup is multi-leg. Standing up an integration means a Buypass / Commfides enterprise certificate, Samarbeidsportalen onboarding, a Maskinporten client with RSA keys, an Altinn System Register entry, and per-customer System User delegation. Every step is its own portal with its own approval cycle.
• Obligation logic is hand-rolled per customer. MVA terminer, A-melding cadence, skattemelding due dates, årsregnskap, revisor thresholds, yrkesskadeforsikring — each rule lives in code somewhere, with bespoke triggers per entity_type (AS, ENK, NUF) and each year's MVA-forskriften / Skatteforvaltningsloven update. Maintenance debt accumulates silently.
• Nothing speaks to AI agents. The legacy integrations expose XML / SOAP / forms-based surfaces, not the deterministic JSON + MCP shapes an LLM copilot can plan against. Building an agent flow on top of Altinn directly means rebuilding the agent contract from scratch.

What Apier provides

• One endpoint for company context + obligations. GET /api/v1/company/{org}/context returns the Tier 1 Brønnøysund record (and Tier 2 Skatteetaten + NAV aggregates when the customer has delegated); the paired /obligations and /deadlines endpoints run the Rulebook against that company and return a structured verdict with legal_reference + bokmål description on every row.
• Maskinporten + Altinn as a service. Apier's Auth Gateway handles the JWT client assertion dance, token caching, and Altinn System User delegation flow. Bearer tokens never leave the gateway; your product authenticates against Apier with one Bearer API key and forwards the customer's delegation context through standard headers.
• MCP server for AI workflows. An MCP server lives at /api/mcp exposing tools like get_company_obligations, get_company_deadlines, and validate_action. Any MCP-compatible client (Claude, Cursor, custom harness) can plan filing flows over the same surface your REST integration uses, no separate adapter layer required.

What a call looks like

Look up the live obligation set for a Norwegian company by 9-digit organisasjonsnummer:

curl

curl -H "Authorization: Bearer apier_live_<your_key>" \
  "https://www.apier.no/api/v1/company/999999999/obligations"

Response (abbreviated)

{
  "success": true,
  "data": {
    "org_number": "999999999",
    "obligations": [
      {
        "obligation_id": "mva_filing_bimonthly",
        "state": "due",
        "next_due": "2026-08-31T21:59:59Z",
        "legal_reference": "Merverdiavgiftsloven § 15-1",
        "description_nb": "MVA-melding skal leveres terminvis…"
      },
      {
        "obligation_id": "a_melding_monthly",
        "state": "filed",
        "next_due": "2026-06-05T21:59:59Z",
        "legal_reference": "A-opplysningsloven § 3",
        "description_nb": "A-melding leveres månedlig …"
      }
    ]
  },
  "_meta": {
    "rulebook_version": "2026.2.1",
    "data_freshness": "2026-05-13T08:00:00Z"
  }
}

Try the same shape without a key against the public sandbox: GET /api/v1/sandbox/public/company/999999999/obligations (no auth, IP-rate-limited, deterministic).

FAQ

Does this replace our existing Altinn integration?

No — Apier sits in front of Altinn 3 as a delegation-aware compliance layer. If you already have a direct Maskinporten + Altinn integration that works for your scale, keep it. Apier is the option for vendors who want to skip building (and maintaining) that integration in-house, or who need the cross-agency obligation logic Altinn alone does not provide.

Can we white-label this for our customers?

Apier is a developer-facing API surface — it is not a customer-facing UI. You consume our endpoints from your product and render the results inside your own UX, branded as you choose. There is no Apier logo or boilerplate that surfaces to your end-customers as long as you do not republish the underlying responses verbatim.

What about data residency?

Apier processes data in the EU. The production data plane runs on EU-only infrastructure (current build phase on Vercel Stockholm and Supabase EU/Stockholm, with EU hosting migration tracked as a pre-DNS-cutover gate). The machine-readable residency attestation lives at /.well-known/data-sovereignty for procurement automation.

How is this priced for accounting software companies?

Free / Starter / Professional / Enterprise tiers. The Free tier ships with one API key and enough quota for prototyping. Volume pricing kicks in at the Professional tier and is sized per active end-customer organisation rather than per API call. See /pricing for the current tier matrix.

Get started

Read the quickstart for the canonical integration path, or try the API against synthetic Norwegian companies in the sandbox first — no key required.