# Company Check # Company Check Request The **Company Check API** enables merchants and partners to verify a company’s identity and assess its creditworthiness in a secure and automated way. This process combines **BankID authentication** for identity verification with an integrated **credit score check**, ensuring that businesses can make informed decisions before extending credit or services. This guide explains how to initiate a company check request, handle user redirection to the BankID flow, receive real-time credit score results via callbacks, and securely validate the data with checksum verification. ### Use Cases - **B2B Onboarding:** Verify new business customers before granting access or services. - **Credit Risk Assessment:** Check a company’s financial standing before extending credit or invoicing. - **Regulatory Compliance:** Meet KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements. - **Fraud Prevention:** Confirm the identity of companies to reduce risk of fraudulent accounts. ## Step 1: Initiate Company Check Use this endpoint to start a company verification process through **BankID**, followed by an automatic credit score check. ### Endpoint ``` POST https://demo-api.frontpayment.no/api/v1/connect/company/check ``` ### Authentication Include a **Bearer Token** in the `Authorization` header. You can obtain this token from **Front Payment**. **Example:** ``` Authorization: Bearer YOUR_FRONTPAYMENT_BEARER_TOKEN ``` ### Request Payload Send the following JSON object in the request body: ```json { "companyId": 123879056, "callback": { "success": "https://your-success-url.com/", "failure": "https://your-failure-url.com/", "callbackUrl": "https://example.com/callback" } } ``` ### Validation Rules Make sure your request meets the following requirements:
Field Type Description
companyId number Required The organization number of the company to be verified.
callback array Required This field accepts an array of urls.
callback.success url Required The URL we will redirect the user to after a successful BankID verification.
callback.failure url Required The URL we will redirect the user to after a failed or cancelled BankID verification.
callback.callbackUrl url Required To receive real-time notifications after bank id verification state changes, you must provide a callback url. This is an server-to-server HTTP GET request.
### Response A successful request returns **201 Created**: ```json { "status_code": 201, "status_message": "OK", "message": "Company Check Request Created Successfully", "is_data": false, "data": { "url": "https://auth.current.bankid.no/", "companyCheckUuid": "COMCHK1755071611" } } ``` If the API returns a **510 error**, it indicates a server-side failure: ```json { "status_code": 510, "status_message": "Execution Exception Occurred", "message": "somethingWentWrong", "is_error": true, "errors": "Array" } ``` --- ## Step 2: User Flow 1. Redirect the user's browser to the `url` received in the response. 2. The user completes the **BankID verification** on a secure page. --- ## Step 3: Credit Check & Redirection - Once verification succeeds, **Front Payment** performs an automatic credit check. - Browser is redirected to: - **Success URL:** If verification and credit check pass. - **Failure URL:** If verification fails or credit is denied. > **Note:** These redirects do not contain credit result data. --- ## Step 4: Notifications via Callback URL After the BankID verification and credit check, **Front Payment** sends a server-to-server GET request to your `callbackUrl`. ### Callback URL Parameters When we call your callback URL, the following query parameters will be included: | Parameter | Type | Description | | :------------------------ | :------------------- | :--------------------------------------- | | `companyCheckUuid` | `string` | The UUID you received when initiating the call. | | `companyId` | `string` | The verified company’s ID. | | `companyType` | `string` | The type/category of the company. | | `companyName` | `string` | The legal name of the company. | | `score` | `number` | The company’s credit score. | | `riskLevel` | `string` | The risk level based on the credit score. | | `scoreMessage` | `string` | Message providing context about the credit score. | | `defaultProbability` | `number` | Probability of default based on credit assessment. | | `personalNumber` | `number` | Personal number retrieved from BankID. | | `contactPersonName` | `string` | Full name of the contact person from BankID. | | `contactPersonEmail` | `string` | Email address of the contact person from BankID. | | `createdAt` | `number` | Unix timestamp of when the company check was created. | | `checksum` | `string` | Security hashing string for validation. | **Example:** ``` https://your-callback-url.com/callback?companyCheckUuid=COM1234&companyId=23451&companyType=Lorem&companyName=Lorem&score=650&createdAt=1755764131&checksum=abcdef123456... ``` --- ## Checksum Verification To ensure the callback data is secure and untampered, verify the checksum provided. **Front Payment** generates it using: ``` hash('sha256', concatenatedParameters + secretKey) ``` **Example Verification (PHP Conceptual):** ```php $getParameters = $_GET; $receivedChecksum = $getParameters['checksum']; $secretKey = ''; // Provided by Front Payment $concatenatedValues = ''; foreach($getParameters as $key => $value) { if ($key == 'checksum') break; $concatenatedValues .= $value; } $hashedKey = hash('sha256', $concatenatedValues . $secretKey); if (!hash_equals($hashedKey, $receivedChecksum)) { return "Checksum verification failed."; } return "Callback successfully processed."; ``` By verifying the checksum, you can confirm the integrity and authenticity of the callback data. # Company Information Check The **Company Information Check API** allows merchants and partners to retrieve the verification history and details of a specific company. By querying a company’s ID, you can access data such as past verification attempts, credit scores, risk levels, and contact information verified via BankID. This enables better decision-making for credit risk assessment, compliance, and onboarding. ### Use Cases - **Audit Trails:** Review past verification events and maintain a log for compliance. - **Credit Assessment:** Understand previous credit ratings and risk levels before extending services. - **Compliance Reporting:** Meet KYC and AML requirements with verifiable data records. - **Troubleshooting:** Investigate previously initiated checks for support and debugging. ## Endpoint ```http GET https://demo-api.frontpayment.no/api/v1/connect/company/details/{company_id} ``` Replace `{company_id}` with the numeric identifier of the company. ## Authentication Include a **Bearer Token** in the `Authorization` header. You can obtain this token from **Front Payment**. **Example:** ``` Authorization: Bearer YOUR_FRONTPAYMENT_BEARER_TOKEN ``` ## Response A successful response returns **200 OK** with the company’s verification history. ### Example Response ```json { "status_code": 200, "status_message": "OK", "message": "companyRecordRetriveSuccessfully", "is_data": true, "data": [ { "companyCheckUuid": "COMCHK1754819969", "companyId": "920058272", "companyType": "BRL", "companyName": "FLØTNINGEN PARK II BORETTSLAG", "score": "856", "riskLevel": "Low", "scoreMessage": "Good Credit Rating", "defaultProbability": "0.44", "personalNumber": "28038712383", "contactPersonName": "Georg Bøe", "contactPersonEmail": "[email protected]", "createdAt": 1754819969 } ] } ``` ### Field Descriptions | Parameter | Type | Description | | :------------------------ | :------------------- | :--------------------------------------- | | `companyCheckUuid` | `string` | The UUID you received when initiating the call. | | `companyId` | `string` | The verified company’s ID. | | `companyType` | `string` | The type/category of the company. | | `companyName` | `string` | The legal name of the company. | | `score` | `number` | The company’s credit score. | | `riskLevel` | `string` | The risk level based on the credit score. | | `scoreMessage` | `string` | Message providing context about the credit score. | | `defaultProbability` | `number` | Probability of default based on credit assessment. | | `personalNumber` | `number` | Personal number retrieved from BankID. | | `contactPersonName` | `string` | Full name of the contact person from BankID. | | `contactPersonEmail` | `string` | Email address of the contact person from BankID. | | `createdAt` | `number` | Unix timestamp of when the company check was created. | --- ## Notes - The response array may contain multiple records if the company has undergone multiple checks. - Ensure secure handling of all personal and company data to maintain compliance with privacy laws. - For questions or demo access, contact **[nafees.faraz@frontpayment.no](mailto:nafees.faraz@frontpayment.no)**. # Check Invoice Fee The **Check Invoice Fee** endpoint lets you query the invoice-fee settings for a specific company. By supplying the company’s ID, you can retrieve the applicable **B2B** and **B2C** invoice fees along with their corresponding VAT rates. This endpoint is typically used when calculating invoice fees for orders tied to a specific company or when applying different billing rules depending on whether the customer is a business (B2B) or a consumer (B2C). You will find the endpoint URL, authentication requirements, a sample response, and definitions of each field below. ## Endpoint ```http GET https://demo-api.frontpayment.no/api/v1/connect/company/invoice-fee/{company_id} ``` Replace `{company_id}` with the numeric identifier of the company. ## Authentication Include a **Bearer Token** in the `Authorization` header. You can obtain this token from **Front Payment**. **Example:** ``` Authorization: Bearer YOUR_FRONTPAYMENT_BEARER_TOKEN ``` ## Response A successful response returns **200 OK** with the company’s verification history. ### Example Response ```json { "status_code": 200, "status_message": "OK", "message": "companyInvoiceFeeRetriveSuccessfully", "is_data": true, "data": [ "companyUuid": "ORG1754819969", "companyId": "920058272", "companyType": "BRL", "companyName": "FLØTNINGEN PARK II BORETTSLAG", "B2BInvoiceFee": 5, "B2BVatRate": "2", "B2CInvoiceFee": 3, "B2CVatRate": "2" ] } ``` ### Field Descriptions | Parameter | Type | Description | | :------------------------ | :------------------- | :--------------------------------------- | | `companyUuid` | `string` | Our Database unique UUID. | | `companyId` | `string` | The verified company’s ID. | | `companyType` | `string` | The type/category of the company. | | `companyName` | `string` | The legal name of the company. | | `B2BInvoiceFee` | `number` | The company’s B2B invoice fee. | | `B2BVatRate` | `string` | The company's B2B vat rate. | | `B2CInvoiceFee` | `number` | The company’s B2C invoice fee. | | `B2CVatRate` | `string` | The company's B2C vat rate. | ---