# Company Check Request The **Company Check API** enables merchants and partners to verify a company’s identity and assess its creditworthiness in a secure and automated way. This process combines **BankID authentication** for identity verification with an integrated **credit score check**, ensuring that businesses can make informed decisions before extending credit or services. This guide explains how to initiate a company check request, handle user redirection to the BankID flow, receive real-time credit score results via callbacks, and securely validate the data with checksum verification. ### Use Cases - **B2B Onboarding:** Verify new business customers before granting access or services. - **Credit Risk Assessment:** Check a company’s financial standing before extending credit or invoicing. - **Regulatory Compliance:** Meet KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements. - **Fraud Prevention:** Confirm the identity of companies to reduce risk of fraudulent accounts. ## Step 1: Initiate Company Check Use this endpoint to start a company verification process through **BankID**, followed by an automatic credit score check. ### Endpoint ``` POST https://demo-api.frontpayment.no/api/v1/connect/company/check ``` ### Authentication Include a **Bearer Token** in the `Authorization` header. You can obtain this token from **Front Payment**. **Example:** ``` Authorization: Bearer YOUR_FRONTPAYMENT_BEARER_TOKEN ``` ### Request Payload Send the following JSON object in the request body: ```json { "companyId": 123879056, "callback": { "success": "https://your-success-url.com/", "failure": "https://your-failure-url.com/", "callbackUrl": "https://example.com/callback" } } ``` ### Validation Rules Make sure your request meets the following requirements:
Field Type Description
companyId number Required The organization number of the company to be verified.
callback array Required This field accepts an array of urls.
callback.success url Required The URL we will redirect the user to after a successful BankID verification.
callback.failure url Required The URL we will redirect the user to after a failed or cancelled BankID verification.
callback.callbackUrl url Required To receive real-time notifications after bank id verification state changes, you must provide a callback url. This is an server-to-server HTTP GET request.
### Response A successful request returns **201 Created**: ```json { "status_code": 201, "status_message": "OK", "message": "Company Check Request Created Successfully", "is_data": false, "data": { "url": "https://auth.current.bankid.no/", "companyCheckUuid": "COMCHK1755071611" } } ``` If the API returns a **510 error**, it indicates a server-side failure: ```json { "status_code": 510, "status_message": "Execution Exception Occurred", "message": "somethingWentWrong", "is_error": true, "errors": "Array" } ``` --- ## Step 2: User Flow 1. Redirect the user's browser to the `url` received in the response. 2. The user completes the **BankID verification** on a secure page. --- ## Step 3: Credit Check & Redirection - Once verification succeeds, **Front Payment** performs an automatic credit check. - Browser is redirected to: - **Success URL:** If verification and credit check pass. - **Failure URL:** If verification fails or credit is denied. > **Note:** These redirects do not contain credit result data. --- ## Step 4: Notifications via Callback URL After the BankID verification and credit check, **Front Payment** sends a server-to-server GET request to your `callbackUrl`. ### Callback URL Parameters When we call your callback URL, the following query parameters will be included: | Parameter | Type | Description | | :------------------------ | :------------------- | :--------------------------------------- | | `companyCheckUuid` | `string` | The UUID you received when initiating the call. | | `companyId` | `string` | The verified company’s ID. | | `companyType` | `string` | The type/category of the company. | | `companyName` | `string` | The legal name of the company. | | `score` | `number` | The company’s credit score. | | `riskLevel` | `string` | The risk level based on the credit score. | | `scoreMessage` | `string` | Message providing context about the credit score. | | `defaultProbability` | `number` | Probability of default based on credit assessment. | | `personalNumber` | `number` | Personal number retrieved from BankID. | | `contactPersonName` | `string` | Full name of the contact person from BankID. | | `contactPersonEmail` | `string` | Email address of the contact person from BankID. | | `createdAt` | `number` | Unix timestamp of when the company check was created. | | `checksum` | `string` | Security hashing string for validation. | **Example:** ``` https://your-callback-url.com/callback?companyCheckUuid=COM1234&companyId=23451&companyType=Lorem&companyName=Lorem&score=650&createdAt=1755764131&checksum=abcdef123456... ``` --- ## Checksum Verification To ensure the callback data is secure and untampered, verify the checksum provided. **Front Payment** generates it using: ``` hash('sha256', concatenatedParameters + secretKey) ``` **Example Verification (PHP Conceptual):** ```php $getParameters = $_GET; $receivedChecksum = $getParameters['checksum']; $secretKey = ''; // Provided by Front Payment $concatenatedValues = ''; foreach($getParameters as $key => $value) { if ($key == 'checksum') break; $concatenatedValues .= $value; } $hashedKey = hash('sha256', $concatenatedValues . $secretKey); if (!hash_equals($hashedKey, $receivedChecksum)) { return "Checksum verification failed."; } return "Callback successfully processed."; ``` By verifying the checksum, you can confirm the integrity and authenticity of the callback data.