Developer toolkit · Norway
The machine gate,
made passable.
Maskinporten is the OAuth2 machine-to-machine gate in front of ~50 Norwegian public-sector APIs. This toolkit gets you through it: a TypeScript client, a credential-free mock, and a wizard for the scopes you need.
Why
Getting a token shouldn't be a rite of passage
To call a Maskinporten-protected API you build a JWT grant with exactly the right claims, sign it, and exchange it — and for Altinn, exchange it again. Java and .NET have libraries for this. Node/TypeScript didn't, so every team hand-rolls the same glue — and testing it means real organisation credentials against a test environment.
Maskinporten Tools removes that: one call for a cached token, a local mock so you build and CI-test with zero credentials, and a wizard that tells you which scopes and Altinn resources your use-case needs.
Toolkit
Three tools, one gate
maskinporten
The client. One call → a cached, auto-renewing token. Altinn token exchange and systembruker built in.
maskinporten-mock
A credential-free mock of the token endpoint. Develop and CI-test offline — the same mock this page talks to.
maskinporten-wizard
A CLI that does what a page can't: init scaffolds a keypair + .env;
doctor runs a real token request and decodes the failure.
Wizard
Which scopes do I need?
Pick an integration goal. The wizard lists the exact Maskinporten scopes, Altinn resource URNs, which authority grants them, and the registration steps to do first.
Playground
Poke the live mock
It behaves like the real Maskinporten token endpoint — discovery, JWKS, and the JWT-bearer grant — without any of the setup. Every call below hits the hosted mock from your browser.
Choose a call on the left. Responses show here, exactly as the mock returns them.
Docs
Read before you register
Calling real Maskinporten needs a Norwegian organisation number, a signing key, a registered client, and pre-allocated scopes. These cover the whole path.