Company Check Request
Introduction
The Company Check API enables merchants and partners to verify a company’s identity and assess its creditworthiness in a secure and automated way. This process combines BankID authentication for identity verification with an integrated credit score check, ensuring that businesses can make informed decisions before extending credit or services.
This guide explains how to initiate a company check request, handle user redirection to the BankID flow, receive real-time credit score results via callbacks, and securely validate the data with checksum verification.
Use Cases
- B2B Onboarding: Verify new business customers before granting access or services.
- Credit Risk Assessment: Check a company’s financial standing before extending credit or invoicing.
- Regulatory Compliance: Meet KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements.
- Fraud Prevention: Confirm the identity of companies to reduce risk of fraudulent accounts.
Step 1: Initiate Company Check
Use this endpoint to start a company verification process through BankID, followed by an automatic credit score check.
Endpoint
POST https://stg-api.frontpayment.no/api/v1/connect/company/check
Authentication
Include a Bearer Token in the Authorization header. You can obtain this token from Front Payment.
Example:
Authorization: Bearer YOUR_FRONTPAYMENT_BEARER_TOKEN
Request Payload
Send the following JSON object in the request body:
{
"companyId": 123879056,
"callback": {
"success": "https://your-success-url.com/",
"failure": "https://your-failure-url.com/",
"callbackUrl": "https://example.com/callback"
}
}
Validation Rules
Make sure your request meets the following requirements:
| Field | Type | Description |
|---|---|---|
companyId |
number |
Required The organization number of the company to be verified. |
callback |
array |
Required This field accepts an array of urls. |
callback.success |
url |
Required The URL we will redirect the user to after a successful BankID verification. |
callback.failure |
url |
Required The URL we will redirect the user to after a failed or cancelled BankID verification. |
callback.callbackUrl |
url |
Required To receive real-time notifications after bank id verification state changes, you must provide a callback url. This is an server-to-server HTTP GET request. |
Response
A successful request returns 201 Created:
{
"status_code": 201,
"status_message": "OK",
"message": "Company Check Request Created Successfully",
"is_data": false,
"data": {
"url": "https://auth.current.bankid.no/",
"companyCheckUuid": "COMCHK1755071611"
}
}
If the API returns a 510 error, it indicates a server-side failure:
{
"status_code": 510,
"status_message": "Execution Exception Occurred",
"message": "somethingWentWrong",
"is_error": true,
"errors": "Array"
}
Step 2: User Flow
- Redirect the user's browser to the
urlreceived in the response. - The user completes the BankID verification on a secure page.
Step 3: Credit Check & Redirection
- Once verification succeeds, Front Payment performs an automatic credit check.
- Browser is redirected to:
- Success URL: If verification and credit check pass.
- Failure URL: If verification fails or credit is denied.
Note: These redirects do not contain credit result data.
Step 4: Notifications via Callback URL
After the BankID verification and credit check, Front Payment sends a server-to-server GET request to your callbackUrl.
Callback URL Parameters
When we call your callback URL, the following query parameters will be included:
| Parameter | Type | Description |
|---|---|---|
companyCheckUuid |
string |
The UUID you received when initiating the call. |
companyId |
string |
The verified company’s ID. |
companyType |
string |
The type/category of the company. |
companyName |
string |
The legal name of the company. |
score |
number |
The company’s credit score. |
riskLevel |
string |
The risk level based on the credit score. |
scoreMessage |
string |
Message providing context about the credit score. |
defaultProbability |
number |
Probability of default based on credit assessment. |
personalNumber |
number |
Personal number retrieved from BankID. |
contactPersonName |
string |
Full name of the contact person from BankID. |
contactPersonEmail |
string |
Email address of the contact person from BankID. |
createdAt |
number |
Unix timestamp of when the company check was created. |
checksum |
string |
Security hashing string for validation. |
Example:
https://your-callback-url.com/callback?companyCheckUuid=COM1234&companyId=23451&companyType=Lorem&companyName=Lorem&score=650&createdAt=1755764131&checksum=abcdef123456...
Checksum Verification
To ensure the callback data is secure and untampered, verify the checksum provided. Front Payment generates it using:
hash('sha256', concatenatedParameters + secretKey)
Example Verification (PHP Conceptual):
$getParameters = $_GET;
$receivedChecksum = $getParameters['checksum'];
$secretKey = ''; // Provided by Front Payment
$concatenatedValues = '';
foreach($getParameters as $key => $value) {
if ($key == 'checksum') break;
$concatenatedValues .= $value;
}
$hashedKey = hash('sha256', $concatenatedValues . $secretKey);
if (!hash_equals($hashedKey, $receivedChecksum)) {
return "Checksum verification failed.";
}
return "Callback successfully processed.";
By verifying the checksum, you can confirm the integrity and authenticity of the callback data.