Getting started

The getting started section covers basic information about where you can find information about the availible Sdir APIs and how to get an access token to be able to call an API.

  1. Enterprise Certificate
    Your company must authenticate against Maskinporten with a Enterprise Certificate. The Enterprise Certificate can be ordered from Commfides or Buypass. You will need a test and a production certificate.
  2. Apply for access to Samarbeidsportalen
    Sdir uses Maskinporten for access control. The solution guarantees identity between companies, and ensures machine-to-machine authentication. Contact Norwegian Digitalisation Agency,, to get access to Samarbeidsportalen and Maskinporten.
  3. Apply for access to the Sdir API scopes
    Send a email to and request access to the Sdir API test scope.
  4. Maskinport intergration
    Create Maskinport intergration for test in the Samarbeidsportalen to the Sdir API scopes. We use ver2 for the test enviroment.
  5. API subscription
    Developers who need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. Sign up for the test enviroment and the select the product (API endpoints) you what to subscribe for. Take a note of the subscripton key, which is needed in the HTTP requests.
  6. Getting Access Token from Maskinporten
    A JWT grant is a request sent by the client towards Maskinporten, in order to obtain an Access Token. We have a guide covering the aquisition of the token using the JWT grant generator here. We have also a ASP.NET Core code sample.
  7. Make your first request
    You are now ready to start using the Sdir API. You need to add the following to the header of the HTTP requests:
  • Ocp-Apim-Subscription-Key with the primary subscription key as value.
  • Authorization with the value “Bearer " + Access Token.

Authentication Flow