Frequently Asked Questions

Frequently Asked Questionss


1. Should I use an SSO account or a B2B account?

Choosing the right account type depends on whether you are accessing the APIs as an individual or on behalf of a company.


SSO Account (Individual User Account)

A Single Sign On (SSO) account is a personal login used by an individual to access DNV’s Veracity platform. It is created directly by the user via the Veracity sign up page.


An SSO account is used to:

  • Represent you as an individual user on Veracity
  • Access marketplace services
  • Manage your own subscriptions
  • Use services such as Data Workbench and Access Hub

For more details about SSO and how it works, see the
https://developer.veracity.com/docs/section/customerservices/sso

B2B Account (Company Account in Veracity Access Hub)

A B2B account represents a company or organization on Veracity and is managed through the Veracity Access Hub. It enables multiple users to work under a shared company identity.


A B2B account allows organizations to:

  • Manage users, roles, and access centrally
  • Control access to applications and APIs
  • Manage company level subscriptions

Company administrators can:

  • Add or remove users
  • Approve requests to join the company
  • Assign roles and permissions
  • Organize users into groups

Depending on your needs, applications can be accessed using either an individual SSO account or a company B2B account.


2. What is a JWT token and how is it used?

A JWT (JSON Web Token) is a secure, digitally signed token used for authentication and authorization when calling DNV APIs.


After a successful login using OAuth 2.0 / OpenID Connect, Veracity issues tokens that confirm who you are and what you are allowed to access.


The tokens include:

  • ID Token – Describes the authenticated user
  • Access Token (JWT) – Used when calling APIs
  • Refresh Token – Used to obtain new access tokens

For API calls, the Access Token (JWT) is the most important and must be included with each request.


JWT structure

A JWT consists of three parts:

  • header.payload.signature
    • Header – Token type and signing algorithm (e.g. RS256)
    • Payload – Claims such as:
      • sub - User or client ID
      • iss - Token issuer (Veracity)
      • aud - Intended API audience
      • exp - Expiration time
      • scope - Granted permissions (e.g. read, write)
    • Signature – Verifies the token is authentic and unchanged

3. What is MFA and when is it required?

Multi Factor Authentication (MFA) adds an additional layer of security on top of the standard username and password login.


MFA helps protect sensitive information such as:

  • Certificates and compliance data
  • Vessel and asset information
  • Emissions and regulatory documentation

With MFA enabled:

  • Access is granted only when two authentication factors are verified
  • APIs that require higher trust can enforce additional validation
  • MFA requirements can be applied based on risk or functionality

For more details, see the
https://developer.veracity.com/docs/section/identity/signing/mfa .


4. How is access to PII (Personally Identifiable Information) handled?

Access to PII is strictly controlled and governed by DNV security and privacy policies.


Only authorized users and applications with the correct permissions can access PII. API access to PII may require:

  • Explicit scopes in the access token
  • Use of B2B accounts with approved roles
  • MFA, depending on data sensitivity

All access to PII is logged and monitored to ensure regulatory compliance.


5. How do I contact support or raise a ticket?


Support Instructions



Support Page