Publisert - 12.02.2026

Authentication and authorization

Authentication

Access to the CPPA API is configured in the HelseID self service portal, see CPPA REST API Public.

Access to version 1

Version 1 of the API authenticates users with bearer tokens from HelseID, and requires that the token includes the scope nhn:cppa/access.

Access to version 2

Version 2 of the API authenticates with bearer tokens and a DPoP proof (demonistrating proof of possession). Access to version 2 also requires that the scope nhn:cppa/access-with-dpop is included. Read more about DPoP in the HelseID developer portal pages.

Authorization

Some parts of the API require that the HelseId client belongs to the organization that owns the HerId in Addresseregisteret.

  • Reading any Profile is open to everyone, and does not require authorization, only that the user is logged in with HelseId.
  • Editing a Profile requires that the user belongs to the organization that owns the HerId of the Profile.
  • Creating and reading an Agreement requires that the user belongs to the organization that owns one of the HerIds involved in the Agreement.

More information on HelseID

Read more technical documentation on HelseID, including example code for requesting tokens in the HelseID developer portal pages.

Søk i Utviklerportalen

Søket er fullført!