Before you can use the CPR integration with Datafordeleren's GraphQL service, you must register your organization on the Datafordeleren platform, create an IT system, and obtain OAuth credentials. This is a one-time process per environment, performed by an IT administrator.

Prerequisites

  • A MitID Erhverv (business) account for your organization

Step 1: Sign in to Datafordeler Administration

  1. Go to portal.datafordeler.dk and sign in with MitID Erhverv.
  2. For test environments, use the corresponding test portal:

Important

Access to protected data applies separately to each environment. You must repeat steps 2-5 for each environment you need (for example, both Test 04 for testing and Production for live use).

Step 2: Create an IT system

Before you can request access to data or create credentials, you must register an IT system in the Datafordeler Administration portal.

  1. In the portal, go to the section for creating IT systems.
  2. Create a new IT system and give it a descriptive name (for example, your company name or Business Central).

Step 3: Create an IP allowlist

Datafordeleren requires that the IP addresses calling the API are registered in an IP allowlist.

  1. In the Datafordeler Administration portal, create an IP Allowlist for your IT system.
  2. Add the public IPv4 address of your Business Central server (on-premises) or the outbound IP range of your Business Central cloud environment.
  3. You can add multiple IP addresses or ranges as needed.

Note

IPv6 addresses cannot be whitelisted. Make sure to use IPv4 addresses.

Important

If the calling IP address is not on the allowlist, all API calls will be rejected. Make sure to update the allowlist if your server infrastructure changes.

Step 4: Create OAuth credentials

Create OAuth credentials for your IT system to authenticate API calls.

  1. In the portal, go to OAuth Shared Secret.
  2. Choose Create to create a new shared secret credential.
  3. Enter a name for the credential (for example, your company name).
  4. Note the Client ID and Secret — you will need these in Business Central.

Option B: Certificate (for on-premises environments)

  1. In the portal, go to OAuth Certificate.
  2. Choose Create to create a new certificate credential.
  3. Upload your certificate's public key (.cer file) and note the Client ID and Thumbprint.
  4. You will need the corresponding PFX file (with private key) and its password to upload in Business Central.

Note

Certificate authentication uses a different token endpoint (auth-oces.datafordeler.dk) than shared secret authentication (auth.datafordeler.dk). VisionIdentity handles this automatically based on your chosen authentication method.

Step 5: Apply for CPR access via CPR's servicedesk and virk.dk

Access to CPR data requires a separate application through CPR's own channels, in addition to the Datafordeleren setup.

  1. Create a ticket of type Application ("Ansøgning") in CPR's servicedesk at CPR Servicedesk.
  2. Complete the application via virk.dk using MitID Erhverv at virk.dk - Application for access to CPR. On virk.dk, choose Datafordeler GraphQL og Fildownload under Products.
  3. Wait for approval from CPR. This may take several business days.

Step 6: Request data access in Datafordeler Administration

After CPR has approved your application, request data access (Dataadgang) for the CPR service in the Datafordeler Administration portal.

  1. In the portal, open your IT system and choose Dataadgang (Data access).
  2. Choose only one of the following CPR entities — do not select any other entities:
    • CustomPrivateSectorPerson — for private companies. Returns current data only, and withholds name and address information for persons with protection. This is a paid service.
    • CustomPublicSectorPerson — for public authorities. Returns full data including historical records.
  3. Upload an application document describing your organization and why you need access to CPR data.
  4. Submit the access request.

Warning

Only select CustomPrivateSectorPerson or CustomPublicSectorPerson. Do not select any other entities, as this will cause your application to be rejected.

Important

Private sector access is a paid service and restricts which data is returned. If a person has name and address protection, the service returns null for those fields. VisionIdentity handles this gracefully by keeping the existing data and showing a notification.

Step 7: Configure Business Central

  1. Choose the Search icon, enter Identity Integration Setup, then choose the related link.
  2. Turn on Enable CPR No. Integration.
  3. Make sure CPR Legacy Mode is turned off (this is the default for new installations).
  4. Under Datafordeleren GraphQL, configure the following fields:
Field Description
CPR Environment Choose the Datafordeleren environment: Production, Test 03, Test 04, or Test 06. The service URL and authentication URL are updated automatically.
CPR Sector Type Choose Private Sector or Public Sector based on your organization type and the access you were granted.
CPR Authentication Method Choose Shared Secret or Certificate based on the credentials you created in Step 4.
CPR Client ID Enter the Client ID from your Datafordeleren credential.
CPR Client Secret (Shared Secret only) Enter the secret from your Datafordeleren credential.
Certificate Password (Certificate only) Enter the password for the PFX certificate file.
  1. If using certificate authentication, choose the Upload Certificate action to upload the PFX certificate file.
  2. Test the connection by opening a customer card with a CPR number and choosing Get Data From CVR/CPR.

Troubleshooting

Debug mode

If you experience issues, turn on CPR Debug Mode on the setup page. This downloads the request and response as JSON files after each CPR lookup, which helps identify the problem.

Fetch CPR Schema

Use the Fetch CPR Schema action on the setup page to download the GraphQL schema from Datafordeleren. This can help verify that your credentials are working and shows the available fields.

Common errors

Error Cause Solution
401 Unauthorized Invalid credentials or wrong authentication URL Verify your Client ID and secret/certificate. Check that the authentication method matches your credential type.
403 Forbidden No access to the requested CPR service Verify your access request was approved for the correct sector type (Private/Public) and the correct environment.
400 Bad Request Query structure issue Turn on debug mode and review the request JSON. Contact support if the issue persists.
Connection refused IP not on allowlist Verify your server's IP address is registered in the IP allowlist for the correct environment.