Last modified: Jul 30, 2025

Setting up Maskinporten client

This page describes the process of setting up a Maskinporten client

Setting up the Maskinporten Client

Maskinporten clients are created in the self-service portal:

  1. Start by logging into your account with your chosen method.
  2. When logged into your account, the organisation you represent is shown in the top menu to the right.
    The organisation you represent is shown in the top menu
    The organisation you represent is shown in the top menu.
    If you logged in to represent a synthetic organisation, you will also be able to change the synthetic organisation you represent in the drop down menu on that item.
    You can change synthetic organisation in the drop down menu
    You can change the synthetic organisation you represent in the drop down menu.
  3. Select the Create client button to start creating a new client for the organisation you represent.
  4. On the Add client page select Maskinporten.
  5. On the Add Maskinporten client page fill in the display name, description and add your required scopes (these values can also be changed later). Then click the Create button.
    The add Maskinporten client page
    The 'Add Maskinporten client' page.
  6. You have now created a Maskinporten client for your organisation. To use this client you need to add at least one authentication key. The client supports JWK and PEM keys. Start by either locating an existing key or creating a new one. You can use the Altinn JWKS tool or other key generator of your choice for this. Next, navigate to the key section on your client page and select Add.
    Select the key section on your client page
    Keys can be added in the key section.
    In the JWK or PEM format field paste your public key and click Save. The key is now added to the client. Store your private key from your JWK or PEM in a secure location, as it is used to authorize the use of this client. If you use Azure Key Vault to store your private keys, they need to be base64-encoded before uploading.
    Paste your public key here
    The JWK or PEM public key is pasted in this field
  7. If you didn’t do so in step 5, you need to add the desired scopes to your client before it can be used.
    Adding scopes to the client
    From the Scopes tab on your client definition, click the Add button.
    Adding scopes to the client
    Scopes available to your organisation will be shown in the list. Select the required ones and click Submit.

Required scopes

The client you just created requires the following scopes:

  • altinn:serviceowner
  • altinn:serviceowner/instances.read
  • altinn:serviceowner/instances.write

Using the Maskinporten client in the CLI

In order to make use of your Maskinporten client, you need to add the JWK key pair from step 6 to the Altinn CLI configuration:

Locate your Maskinporten configuration in the appsettings.json file and add a base64 representation of your key in the EncodedJwk field.

If you used the Altinn JWKS tool to generate your keys, you can make use of the export function with the --base64 flag to achieve this. Otherwise you can use any other base64 encoder tool, such as https://www.base64encode.org/.