People

The API distinguishes natural people from legal entities, and customer-side people from your own staff. Five types you should know about: User, Administrator (with BoardMember and ExternalAdministrator implementations), Employee, and LegalEntity.

User

A natural person who appears in the system through an administrator role at one of your bank's customer organizations. Users are deduplicated globally — the same individual on two organizations is one User with two administrator relationships.

Key fields

• id, firstname, lastname, email, phoneNumber.
• addressEntity: Address — current address (the legacy flat address, postalCode, city, country strings on User are deprecated).
• legalEntity: LegalEntity — KYC details (SSN, tax residencies, citizenships, e-id verifications, legal addresses).
• marketingConsent, politicallyExposedPerson.
• currentPhotoLegitimation, currentSocialSecurityCard — current identity-document submissions.
• administrators: [Administrator!]! — administrator relationships this user has.

The users* queries surface only users with active administrator memberships in your bank's organizations — historical or other-bank memberships aren't visible.

Administrator (interface)

The relationship between a User and an Organization. The interface has two concrete implementations:

• BoardMember — adds boardMemberRoles: [BoardMemberRole] (chairman, cashier, secretary, …) and isAuthorizedSignatory.
• ExternalAdministrator — adds externalAdministratorRoles: [ExternalAdministratorRole] (CEO, accountant, …).

Both expose attorneys: [Attorney] (powers of attorney) and allowEBoksCommunicationFromBank.

You usually traverse Administrator from Organization.administrators rather than querying it directly.

Employee

A staff member at your own bank. Created via createEmployee.

Key fields

• id, externalId, firstName, lastName.
• roles: [BankEmployeeRole] — assigned permissions (e.g. CAN_REJECT_BANK_PACKAGES, CAN_EDIT_EMPLOYEES).
• creationDate, lastLoginTime.

employees excludes support employees and soft-deleted accounts automatically.

LegalEntity

KYC-related data attached to a User. Holds the user's social security number, tax residencies, citizenships, e-id verifications, and legal addresses. Modeled separately because the data is sensitive and loaded on demand.

Key fields

• ssn (encrypted at rest), legalName, countryOfBirth, cityOrLocationOfBirth.
• taxResidencies: [TaxResidency], citizenships: [Citizenship].
• verifications: [LegalEntityVerification]! — historic e-id verifications. currentVerification is the active one.
• legalAddresses: [LegalAddress]!. currentLegalAddress is the active one.
• isEidVerified.

SSN handling

Social security numbers are encrypted at rest. The usersBySsn query encrypts the input server-side before comparing — pass the plaintext SSN as you have it, never pre-encrypted.

Where to query / mutate

• Read: Querying people.
• Write: Managing employees.