Forbrukerrådets forsikringstjeneste
This website contains technical documentation for the guidelines on reporting information about insurance services to the Financial Portal.
The guidelines apply to insurance companies that, pursuant to the Financial Institutions Regulation (FOR-2016-12-09-1502) § 16-4, are required to make product information available to the Financial Portal.
The Financial Portal’s insurance service is intended to enable consumers to make informed decisions in the market by comparing prices and terms of insurance agreements.
The documentation on this website describes the technical structure of the service, security and authentication, as well as details about the API for the products compared within the service.
It also explains how the Norwegian Consumer Council sends requests to insurance companies, how the companies are expected to respond, and which data should be exchanged, along with information on testing and quality assurance.
Products
The Consumer Council's insurance service will initially offer products in car insurance, home insurance, contents insurance, and travel insurance. Each product has its own specifications and requirements for request and response.
The Consumer Council will document each product in detail, including the data to be sent in the request, the expected response format, and the rules that apply to each product. This ensures that companies can implement the API in a consistent and standardized manner, and that the Consumer Council can receive insurance offers from companies easily and effectively.
Changelog
This page provides an overview of changes in the documentation for the Consumer Council's insurance service. The changelog is updated regularly to reflect changes in the service and documentation.
For major changes, the Consumer Council will inform insurance companies well in advance of the changes taking effect. This gives companies the opportunity to adapt to the changes and ensure they can meet the new requirements.
The Consumer Council also offers support to companies during change implementation and is available to answer questions and provide guidance on how companies can adapt to service changes. This helps ensure a smooth transition to new service versions and minimizes potential issues during the transition.
If a company wishes to make changes to its API used by the Consumer Council, the company must inform the Consumer Council well in advance of the changes taking effect. The Consumer Council is always available at support-fp@forbrukerradet.no.
| Date | Change |
|---|---|
| 2026-05-04 | Added clarification of nullable fields in the response. |
| 2026-04-15 | Removed "basePrice" data field and improved description of discounts and fees/costs |
| 2026-04-10 | Updated design of data structure for response and added more descriptions |
| 2025-11-12 | Corrected ownerType values |
| 2025-11-06 | Removed id field from offerRequest data, added example for transferred and modelSplitName, improved datetime format annotation |
| 2025-11-04 | Added information about test vehicles from Tenor |
| 2025-11-04 | Updated information about date stamps |
| 2025-10-31 | Added basePrice in company response |
| 2025-10-19 | Added example for bonus in response |
| 2025-10-15 | Described integers/decimals in data, corrected coverage and approved field in car example |
| 2025-10-07 | Updated error codes for car insurance responses |
| 2025-10-07 | Updated information about OAuth authentication |
| 2025-09-09 | Changed how allowed values are displayed, as well as updated datatypes |
| 2025-09-08 | Added new allowed values for deductible |
| 2025-08-12 | Fixed translations and added missing changes |
| 2025-06-24 | Added information about optional values, corrected example json, information about security, and changed bonus from int to string |
| 2025-05-28 | Added changelog table |
| 2025-05-30 | Corrected product information and contact endpoint |
Technical Structure
The Consumer Council's insurance service is built with modern web technology and structured so that users can easily navigate and define their insurance needs. The service uses an API-based architecture, in which the Consumer Council gathers all necessary consumer information via calls to third-party APIs, for example the National Registry and the Norwegian Public Roads Administration.
The Consumer Council then sends a request to insurance companies with the consumer's selections, and companies respond with insurance offers based on those selections. This allows the Consumer Council to offer consumers an easy and efficient way to explore the insurance market.
Technically, the response from companies to the Consumer Council occurs when companies implement an API that the Consumer Council can call. This API is accessible over the internet, and the Consumer Council uses standard HTTP protocols to send requests and receive responses.
The Consumer Council's request contains all necessary consumer choices, including which products are selected, which coverages are desired, and any other relevant details. Companies then use this information to calculate insurance prices and return an offer to the Consumer Council.
The company returns a JSON response containing information about the insurance offer, including price, coverage, terms, and any other relevant details. It will return an annual total price and optional information on discounts given. The Consumer Council then uses this information to present the insurance offer to the consumer in a simple and clear manner.
Security
In designing the solution, the Consumer Council has emphasized security and privacy. The solution is built on Azure and uses modern security and authentication solutions. All traffic between the Consumer Council and companies occurs over secure channels, and sensitive data is encrypted both in transit and at rest. All traffic is monitored and scanned to prevent malicious activity.
The Consumer Council has implemented the necessary measures to protect against unauthorized access, data breaches, and other security threats. This includes firewalls, access controls, and system monitoring to detect and handle potential security breaches. The Consumer Council follows strict internal security policies and has routines to ensure that all employees are trained in security and privacy, and that they follow strict guidelines for handling sensitive data. This includes requirements for password protection, two-factor authentication, and regular updates of software and systems to ensure they are protected against known vulnerabilities.
Requests will always be routed through the Consumer Council's API, which acts as a gateway to the insurance companies' APIs. This ensures that all requests are authenticated and authorized and securely transmitted.
For consumers using the solution, identification with secure ID through IDPorten is required before performing a search. This ensures that a real consumer is using the solution, and prevents misuse of the service for sending false requests or conducting unwanted actions.
If a user is inactive for a certain period, the user will be logged out and notified to restart the process.
The Consumer Council limits the number of requests a user can make within a given timeframe to prevent mapping of pricing models.
Connections from the Consumer Council to companies are made over encrypted SSL/HTTPS. Upon request, private links can be established between the Consumer Council's environment and the company's environment if the company also uses Azure.
Available offers on the Consumer Council's platform are only accessible to a logged-in user at the moment a search is performed.
Authentication
The Consumer Council authenticates to companies' APIs using a Client ID and secret issued by each company, following the OAuth standard. The communication between the services is machine-to-machine and requires the use of the "Client Credentials" grant type.
This means that the company must provide an authentication endpoint that the Consumer Council can use to retrieve access tokens using the client ID and secret. This access token will then be used in all requests to the company's API to identify and authorize the requests. This ensures that only authorized parties can send requests to companies' APIs.
Request Example
POST /auth HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=******&client_secret=******
Response Example
{
"access_token": "JWT",
"token_type": "Bearer",
"expires_in": 3600
}
Testing and Quality Assurance
The Consumer Council provides a dedicated test environment so companies can validate integration before production. The test environment mirrors production, allowing test data and responses. Documentation and guidance cover request/response formats and data requirements.
A test tool is available to simplify sending test requests and verifying integration. The Consumer Council also conducts its own integration, security, and performance tests, and offers support during testing. Service monitoring ensures reliability, security, and availability, and regular reviews maintain compliance with privacy and quality standards. Companies are expected to respond promptly to pricing requests.