Companies and Settings
You can use either the SOAP API, REST API or the web user interface to open and manage company accounts. However, the user interface requires manual work so if the integration will have multiple companies or a complex set-up, API is recommended.
- Create company account
- Configure settings for the account
- Authorize the account (Customer authentication process) either with
- Visma Sign authentication process
- Partner’s own customer authentication process
When registering a new company through the API, different countries have varying levels of support:
| Country | Supported business identifiers | Notes |
|---|---|---|
| Finland (FI) | ORGNR, VAT | Customer authentication supported by Visma Sign (HETU, Finnish banks and mobile) |
| Sweden (SE) | ORGNR, SSN | Customer authentication supported by Visma Sign (personal ID or BankID) |
| Norway (NO) | ORGNR | Customer authentication supported by Visma Sign (BankID) |
| Denmark (DK) | CVR | Customer authentication supported by Visma Sign (personal ID or NemID) |
| Netherlands (NL) | KVK | Customer authentication supported by Visma Sign (iDIN) |
| Estonia (EE) | CC, VAT | Allowed to create but there is no automated authentication process, please contact our support |
| Belgium (BE) | EN | Allowed to create but there is no automated authentication process, please contact our support |
| Germany (DE) | VAT | Allowed to create but there is no automated authentication process, please contact our support |
| Latvia (LV) | VAT | Allowed to create but there is no automated authentication process, please contact our support |
| Italy (IT) | CFI, IVA | Allowed only for specific partners, please contact our support |
| Poland (PL) | VAT | Allowed only for specific partners, please contact our support |
| Other countries | - | Please contact our support |
FI, SE, NO, DK, NL companies can be registered without any special arrangements. Because our customer authentication process supports these countries.
Creating a company requires a vendor key.
-
register_with_password
The method registers a new company account with basic settings and adds/creates a user based on the email in the
user_emailparameter
Note how the user creation works!
- If user given in the
user_emailparameter doesn’t exist, a new user is created based on email and added to the company - If user given in the
user_emailparameter exists, this existing user is added to company
In situations where a new user is created, method returns unique company_uuid and user_api_key. If method is called with an existing user, for security reasons only company_uuid is returned.
Creating a company requires a vendor key and a user API key.
You may use an existing user or create a new one with:
To register a new company with basic settings:
There can be only one company per business id.
If the business id already exists in Maventa you will get an error message when trying to register it again (BID ALREADY TAKEN). Please contact Maventa support (support@maventa.com) regarding the management changes of the already existing account.
In REST API you can check beforehand company’s availability with
When registering a new company account, it gets automatically linked to your vendor. If you take an already existing company account into use, remember to link the company account to your vendor. This is necessary for correct reporting and support handling and also mandatory if you wish to use webhooks. Similarly if a company stops using your vendor, it should be unlinked.
- link_vendor_api_key Link vendor API key
- unlink_vendor_api_key Unlink vendor API key
- POST/v1/company/vendors Link vendor API key
- DELETE/v1/company/vendors Unlink vendor API key
When company account has been created, it can be configured by updating company settings and adding new users.
To be able to send, receive and activate services you need to first verify the account by Know Your Customer process.
Keep Active is a feature for companies that rarely generate transactions. To maintain your company account as active even without generating transactions within a year, use the “Keep Active” feature.
As part of our data maintenance efforts, we will disable inactive company accounts, which means accounts with no transactions in the past 13 months. An email alert will be sent to the account after 12 months of inactivity, notifying that the account will be automatically disabled in one month. This provides time for companies to take appropriate action. If there is no activity after 13 months, the account will be disabled.
In REST API you can trigger Keep Active function with
API methods:
- configure_company - Method to change company’s settings.
- show_company_configuration - Method to view current settings of a company.
- user_create_e - Method to create new users or adding existing one to a company account.
- scan_account_order - Method to activate Scan account for the company.
You can update the receiving setting (enable/disable) also using company_invoice_receiving. Note, that invoice receiving needs to be enabled in order to register company account to Peppol network or to use additional services.
API methods:
- PATCH /v1/company/settings change company’s settings.
- GET /v1/company/settings view current settings of a company.
- POST /v1/users add new or existing user to a company.
- POST /v1/company/notifications - register webhooks
Customer authentication process is a necessary step to get the company’s account authorized. In other words to verify the company_state. The process ensures that a person with right to represent the company has confirmed and approved the registration for the Maventa service and has accepted the Terms of Service. The process is crucial for preventing potential misuse of the service.
The company’s account cannot be fully used until authentication is completed.
Please note that for Finnish companies, the process also automatically creates a bank network opening request.
The customer authentication process can happen with Visma Sign electronic signature service after opening the company’s account or it can happen already on the partner’s side.
If partner wants to use own authentication process, Maventa needs to approve the partner’s customer authentication process.
Visma Sign service is always used if company’s account is registered via Maventa UI.
The authentication takes place within Visma Sign service. A person who has rights to represent company (signing rights or power of attorney) authenticates strongly with bank credentials, BankID or mobileID and signs a document where they confirm that company’s account can be authorized and taken into use.
Strong authentication via Visma Sign is currently available for the following countries: Finland, Sweden, Norway, Denmark and Netherlands.
When company’s representative has been already strongly authenticated on the partner’s side the account can be taken in use without any additional signing.
The partner must provide an tracable information in authorization_method per each company to link the authentication process event on their side (e.g. contract number, signing eventID). If needed partner has to be able to show that the authentication has happened.
Please contact Maventa support to get your own authentication process approved.
What is meant by strong authentication
Strong authentication is a process where service provider (partner) verifies the identity of the company’s representative with certainty. It can be implemented e.g. with login codes of online banks, mobileID, bankID, an electronic identity card or passport.
After company’s account has been created an API call is used to trigger the authentication process, in other words, a Visma Sign document is sent for signing, see Visma sign authentication process
If partner is using own customer authentication process there is still a need to call the authorization method/endpoint, see Own customer authentication process example.
When the customer authentication is completed the company’s account gets authorized and company_state changes from unverified (-1) to verified (1) after this the account is ready to be used fully.
- Authorize a single company POST /v1/company/authorization
- View company’s authorization status GET /v1/company/authorization
- Authorize multiple companies POST /v1/companies/authorizations
- View company’s authorization status GET /v1/companies/{id}/status
- Authorize a company/companies authorize_companies
- View company authorization status company_auth_status
| Company_state | Description |
|---|---|
| verified (1) | Company account is authorized/verified and customer authentication has been completed. Company account can be used normally. |
| unverified (-1) | Company account not authorized/verified, customer authentication required. Account usage is restricted. |
| unknown (0) | Customer authentication and company authorization not needed. Company account has not been verified, but can be used normally. This status is possible for older company accounts. |
NOTE! Sending or receiving of invoices is not allowed if company_state is unverified (-1) and API will return error message “Unauthorized”.
You can use webhooks to get notifications when company’s state changes. See the example “Example for companies authorization”.
You can also register webhook to monitor bank network opening for Finnish companies. The request to open bank network is sent after the authentication is completed. The opening is approved by third party (bank) and it usually takes couple of days.
- The signee needs to be a person who has rights to represent company (signing rights or power of attorney).
- You can use parameter locale to select the language of the PDF document.
- The invitation to sign is valid for 7 days. If the signature is not made within this time, a new request must be sent.
- Company’s authorisation status is automatically updated from Visma Sign every 15 minutes.
In testing, the flow is similar as above but there are no automatic status updates. You need to call API to get the company’s state updated.
You can complete Visma Sign authorization request with these test credentials:
- user ID:
testtest@test.test - password:
xO70MVYD0CXaKcQ2
For bankID you can use Nets test users from https://www.nets.eu/developer/e-ident/eids/Pages/testusers.aspx
In cases where single signee has rights to represent multiple companies it is possible to use one signing to authenticate all of the company accounts at the same time. For example in case of a housing company or accounting office that has power of attorney for multiple customers. One API call can be used to authorize up to 50 companies. For authentication to work, companies must be from the same country.
When this option is used the signing invitation contains a list of companies to be authenticated.
You have created company account, at this point authorisation status is (-1) = unverified. To initiate Visma Sign process to call authorize_companies / POST /v1/companies/authorizations API method.
After Visma Sign process has been completed, company account is set to verified state (1) and is ready to be used.
Visma Sign process
1) Request to sign is sent to an email given in the API call
2) Signee logs into Visma Sign service with a password given in the email
3) Signee sees a document that contains statement of authorisation and accepting attached Terms of Service
-
Text in the document:
I assure that I have the right to represent (signing rights or power of attorney) the company “CompanyName (BID)” and hereby authorise it for sending and receiving of electronic documents. By signing this document I accept the Terms of Service (below). The signing of this document does not cause any expenses for the company. Visma Solutions Oy only invoices the company “CompanyName” based on the number of sent and received documents and activated services according to the valid price list. -
For Finnish companies the document also mentions the bank network opening
4) Signee authenticates strongly and signs the document electronically in Visma Sign service.
- After signee has selected their preferred authentication method and performed the authentication they can see a button Sign document.
5) Signing is ready
After company account creation account’s authorization status is -1 = unverified.
To authorize the account call one of these:
- authorize_companies method
- POST /v1/company/authorization endpoint
- POST /v1/companies/authorizations endpoint
In the API call you must provide an identifier in authorization_method per each company to link to authorisation event (e.g. contract number, signing eventID). After the API call, account is set automatically to verified state 1 and is ready to be used. No need to sign any documents in Visma Sign service.
New companies with a new user can be created for:
- Testing at https://testing.maventa.com/registrations/
- Production at https://secure.maventa.com/registrations/
If you need to create a new company for an existing user, login to Maventa UI first.
Before account can be used it needs to be authorized using Visma Sign service. When the user logins to the account for the first time, user needs to go through a first time wizard where they add information of the company and configure basic settings. The last step of the wizard is the company authorization process with Visma Sign service. This process is the same as described within the Visma Sign authentication process above, but in this case the signing is initiated from the UI.
- The language of the PDF document is defined based on company country.
- The language of the Visma Sign invitation email is defined based on the language that is set for the user interface at the time the authentication request is sent. E.g. when UI is in Finnish, Visma Sign email is sent in Finnish.
In Maventa there are two type of accounts; Company accounts and Partner accounts. Company account is the default account type. Partner accounts are used by the integration partners.
The key difference between a Partner and a Company account is that Partner accounts have extra identifier, vendor_api_key, which is used to link API calls to the partner company. The vendor api key is used for billing and reporting purposes. One Partner company can have multiple vendor API keys, for example one for each country they have customers in.
Partners don’t need to worry about controlling the account type, all accounts registered to Maventa are first created as Company account and changed to Partner account if and when needed by Maventa.
I am testing Visma Sign in test environment, the signing has been done but the status is not updating. What is wrong?
There is a difference in status updating between stage and production. See Visma Sign in testing