You can use either the SOAP API , REST API or the web user interface to open and manage company accounts. However, the user interface requires manual work so if the integration will have multiple companies or a complex set-up, API is recommended.
Call the API to register a new company with basic settings.
Note how the user creation works!
user_emailparameter doesn’t exist, a new user is created based on email and added to the company
user_emailparameter exists, this existing user is added to company
In situations where a new user is created, method returns unique
user_api_key. If method is called with an existing user, for security reasons only
company_uuid is returned.
Creating a company requires a vendor key and a user API key. You may use an existing user or create a new one.
There can be only one company per business id. If the business id already exists in Maventa you will get an error message if you try to register it again (BID ALREADY TAKEN).
In REST API you can check beforehand company’s availability with
To get access to already created company contact Maventa support (firstname.lastname@example.org).
When company account has been created, it can be configured by updating company settings and adding new users.
Note To be able to send, receive and activate services you need to first verify the account by Know You Customer process.
You can update the receiving setting (enable/disable) also using company_invoice_receiving. Note, that invoice receiving needs to be enabled in order to register company account to Peppol network or to use additional services.
Verifying the account is a step that is done to know that a person with right to represent the company has confirmed and approved registration to Maventa service, before account is activated..
This Know Your Customer process is important to prevent potential misuse of service. Before verification is completed account cannot be used for sending or receiving. To use the account it is also required that the customer has accepted the Terms of Service .
Note that for Finnish companies, verification creates also automatically the request to open bank network.
The KYC process can happen on the integrators side or with Visma Sign electronic signature service when customer’s account is opened in to Maventa.
If you want to use own KYC process, you need to check with Maventa that your process to authenticate the customer meets the verification requirements.
Visma Sign is always used if customer’s account is registered over Maventa UI.
The account verification takes place with Visma Sign electronic signature service. A person who has rights to represent company (signing rights or power of attorney) authenticates strongly with bank credentials, BankID or mobileID and signs a document where they confirm that account can be taken into use for the company.
Strong authentication via Visma Sign is currently available for the following countries: Finland, Sweden, Norway, Denmark.
When customer has been already strongly authenticated on the integrator side the account can be taken in use without any additional signing from customer.
The integration must provide an identifier per each company to link to verification event on their side (e.g. contract number, signing eventID). If needed integrator has to be able to show that the KYC has happened.
Strong authentication includes an element that enables the service provider to verify the identity of the user with certainty. It can be implemented e.g. with login codes of online banks, mobileID, bankID, an electronic identity card or passport.
company_stateneeds to be verified (1).
|verified (1)||Company is authorised and KYC has been completed. Account can be used to send, download and activate additional services.|
|unverified (-1)||Authorisation required. Sending, downloading and activating additional services is not possible.|
|unknown (0)||Authorisation functionality not in use. Account has not been verified with authorize_companies method, but can be used to send, download and activate additional services. This status is possible for older accounts / integrations.|
NOTE! Sending or receiving of invoices is not allowed if company_state is unverified (-1) and API will return error message “Unauthorized”. Invoices can be sent and received after the authorization is done.
You can use webhooks to get notifications when company status changes.
You can also register webhook to monitor bank network opening for Finnish companies. The request to open bank network is sent after the verification is completed. The opening is approved by third party (bank) and it usually takes couple of days.
In testing, the flow is similar as above but there are no automatic updates. You need to call API to get the company’s status updated.
You can complete Visma Sign authorization request with these test credentials:
For bankID you can use Nets test users from https://www.nets.eu/developer/e-ident/eids/Pages/testusers.aspx
In cases where the same signee has rights to represent multiple companies it is possible to use one signing to verify the accounts at the same time. For example in case of a housing company or accounting office that power of attorney for multiple customers. One API call can be used to authorize up to 50 companies in time. For the authorisation to work, the companies that are authorised need to be from the same country.
When this option is used the sign PDF contains a list of all companies to be verified.
The KYC functionality will work out of the box for new integrators, but if you are an existing integrator you need to contact your integration contact point to activate the KYC requirements for your vendor key. The functionality is first activated for your
vendor_api_key in testing, so you can test the flow.
If KYC functionality has not been yet activated for your vendor you can still at this moment create companies and use them without calling authorisation methods and completing the AutoInvoice KYC process. If you call the authorisation API method for a company it will not trigger any actions- other than for Finnish companies, where calling the method triggers Visma Sign process to send bank network opening request.
How does it work in more detail if the KYC functionality is not activated?
authorize_companiescall initiates Visma Sign process for bank network opening request. The
company_auth_statuswill remain 0 after signing
Please note that all integrators are required to use the KYC process after 1.7.2022
After that it will no longer be possible to create companies as before in status 0 = unknown but all companies have to complete KYC process to be able to send and receive invoices and activate services.
After Visma Sign flow has been completed, account is set to verified state (1) and is ready to be used.
1) Request to sign sent to an email given in the API call
2) Signee logs into Visma Sign with a password given in the email
3) Signee sees a document that contains statement of authorisation and accepting attached Terms of Service
Authorisation for company “CompanyName (BID)” I assure that I have the right to represent (signing rights or power of attorney) the company “CompanyName (BID)” and hereby authorise it for sending and receiving of electronic documents. By signing this document I accept the Terms of Service (below). The signing of this document does not cause any expenses for the company. Visma Solutions Oy only invoices the company “CompanyName” based on the number of sent and received documents and activated services according to the valid price list.
For Finnish companies the document also mentions of the bank network opening
4) Signee authenticates strongly and signs the document electronically in Visma Sign.
5) Signing is ready
In the API call you must provide an identifier per each company to link to verification event (e.g. contract number, signing eventID).
After the API call, account is set to verified state (1) and is ready to be used.
New companies with a new user can be created for:
If you need to create a new company for an existing user, log-in to Maventa UI first.
Before production account can be used it needs to be verified using strong authentication and electronic signing. When the user logs in to the account for the first time, user needs to go through a set-up wizard where they add information of the company and configure some of the basic settings. The last step of the wizard is the company verification process with Visma Sign service. This process is the same as described within the Visma Sign verification process above, but in this case the signing is initiated from the UI.
In Maventa there are two type of accounts; Company accounts and Partner accounts. Company account is the default account type. Partner accounts are used by the integrating partners (ERPs and such with multiple customers).
The key difference between a Partner and a regular Company account is that Partner accounts have an own identifier,
vendor_api_key, that is used to link actions to the partner company. The vendor api key is used for billing and reporting purposes. One Partner company can own many vendor_api_keys, for example one for each country they have customers in.
Integrators don’t need to worry about controlling the account types, all accounts registered to Maventa are first created as Company account and changed to account type Partner if and when needed by Maventa.
Q: I am calling the method and it returns status unknown = 0, what does this mean?
A: It looks like the KYC / Visma Sign process has not been activated for your software’s
vendor_api_key. See Existing integrators moving to use KYC here. Please contact your integration contact point or Maventa team to activate the functionality.
Q: I am testing Visma Sign in test environment, the signing has been done but the status is not updating. What is wrong?
A: There is a difference in status updating between stage and production. See Visma Sign testing here