Go directly to contents.
Suomi.fi Messages

Technical maintenance

This page describes the minimum technical measures that your organisation must take to ensure the maintenance of your connection to Suomi.fi Messages. Your organisation must look after the technical maintenance of its connection throughout its life cycle.

Managing information security

The use of Suomi.fi Messages requires compliance with good information security practices. Below, we have listed the minimum information security measures that must be followed, as well as instructions for recycling the password used in the REST API.

For more details about information security and data protection in the Suomi.fi Messages service, see the Data security and data protection page.

Required maintenance measures

Your organisation must ensure that

  • the information security of its information systems is appropriately arranged
  • security updates are monitored and installed
  • any information security incidents are appropriately reported to the Digital and Population Data Services Agency
  • its connection and the systems related to it are maintained in terms of their access rights, user IDs, backups, and incident management

The Digital and Population Data Services Agency reserves the right to restrict the use of Suomi.fi Messages if the information security or data protection of Suomi.fi Messages or a related service or register could be compromised without said restriction.

REST API password rotation

We recommend rotating your password every six months, and at least once a year. The password must also be rotated whenever a person with access to the password leaves your organisation.

Since the API features a separate endpoint for password rotation, your organisation should automate its password rotation process. In this case, you can rotate your password daily for the best level of security. This way, the risk of a password being revealed during the rotation phase is reduced significantly, and your organisation will not need to create any separate processes for personnel changes or password rotations.

Renewing the certificates for connections made through Valtori’s Shared Integration Platform (VIA)

If you wish to change the Signing Certificate installed on Valtori’s Shared Integration Platform (VIA), please submit the public part of the Signing Certificate in Base64 encoded form to the Digital and Population Data Services Agency at organisaatiopalvelut@dvv.fi. Write “Certificate change” as the subject of your email. The Digital and Population Data Services Agency will deliver the certificate for installation to VIA, and after Valtori has signed off on the change, it will be available to your organisation’s connection.

Please note that you will not need to submit the new certificate if its common name and authority chain are not changed from the ones used in the previous certificate. This can occur when, for example, only the validity period of the certificate is changed. In this case, it is sufficient for your organisation to renew the certificate at its own dispatch point.

Ensuring the functionality of end user message retrievals

If your organisation has permitted end users to send messages to your organisation, the functionality of the process used to regularly retrieve messages from end users must be ensured. In practice, your organisation must ensure that any sent messages are delivered to you as quickly as possible.

Suomi.fi Messages monitors the retrieval of messages sent by end users to alert you of any possible disruptions. However, your organisation will not be automatically notified of a triggered alert.

For more information about receiving messages sent by end users as a functionality, see the Receiving messages page.

Updated: 21/10/2025

Are you satisfied with the content on this page?