Maskinporten and Altinn are national common components developed and operated by the Norwegian Digitalisation Agency (Digitaliseringsdirektoratet - Digdir).

Together, they aim to simplify the sharing and use of data across systems, for example by granting businesses appropriate access to data offered by public entities via interfaces. The solution guarantees the identity of the businesses involved and ensures authentication in machine-to-machine communication. It enables systems to be connected and new services to be developed efficiently.

Maskinporten is built on OAuth 2.0 and JWT-bearer grants. Authentication works by your client creating a JWT grant that specifies which scopes it requests, signing it with its key and sending it to Maskinporten. Maskinporten verifies the client's identity and its access to the requested scopes, then returns a short-lived access token.

To use Maskinporten, the business must either be registered in the Norwegian Central Coordinating Register for Legal Entities with a Norwegian organisation number, or have an eSeal certificate issued by a CA on the EU trusted lists (EUTL).

For a more in-depth description, see Digdir's documentation on Maskinporten.