Access token (2.0.0)
Download OpenAPI specification:Download
The Access token API is for requesting an access token, which is a JWT (JSON Web Token).
There are two endpoints:
POST:/accesstoken/get: Used by most APIs, and has been in use for several years.POST:/miami/v1/token: Used by some new APIs and roles, from 2023.
For POST:/accesstoken/get:
The access token must be provided in all API requests, together with the subscription key.
The access token is valid for 1 hour in the test environment and
24 hours in the production environment.
For POST:/miami/v1/token:
The access token must be provided in all API requests (no subscription key needed).
The access token is valid for 15 minutes in both the test environment and the production environment.
See the API Guide for more details.
Request an access token (JWT bearer token)
This is an authentication endpoint for merchant use.
The access token endpoint is used to get the JWT (JSON Web Token) that
must be passed in every API request in the Authorization header.
The access token is a base64-encoded string value that must be
acquired first before making any Vipps MobilePay API calls.
The access token is valid for 1 hour in the test environment
and 24 hours in the production environment.
See: https://developer.vippsmobilepay.com/docs/APIs/access-token-api/
header Parameters
| client_id required | string <guid> Example: fb492b5e-7907-4d83-ba20-c7fb60ca35de The |
| client_secret required | string Example: Y8Kteew6GE2ZmeycEt6egg== The |
| Ocp-Apim-Subscription-Key required | string Example: da7d5b0e18a84aeda961c0c31b75c2a9 The subscription key for a sales unit. See API keys. |
| Merchant-Serial-Number | string [ 4 .. 7 ] characters ^[0-9]{4,6}$ Example: 123456 The merchant serial number (MSN) for the sales unit. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit. |
| Vipps-System-Name | string <= 30 characters Example: WooCommerce The name of the ecommerce solution. One word in lowercase letters is good. See http-headers. |
| Vipps-System-Version | string <= 30 characters Example: 5.4.0 The version number of the ecommerce solution. See http-headers. |
| Vipps-System-Plugin-Name | string <= 30 characters Example: woocommerce-payment The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers. |
| Vipps-System-Plugin-Version | string <= 30 characters Example: 1.4.1 The version number of the ecommerce plugin (if applicable). See http-headers. |
Responses
Response samples
- 200
{- "token_type": "Bearer",
- "expires_in": 3600,
- "ext_expires_in": 3600,
- "expires_on": 1547823408,
- "not_before": 1547819508,
- "resource": "00000002-0000-0000-c000-000000000000",
- "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <truncated>"
}Request an access token.
This is a token endpoint for partners in certain roles.
This is based on OAuth (Open Authorization) and requires only client_id and client_secret.
The Ocp-Apim-Subscription-Key is not used.
Important: This endpoint will be renamed to /authentication/v1/token later,
when the internal technical dependencies are resolved.
header Parameters
| Authorization required | string Example: Basic OTY1OGY0ZTItMjZhOC00MzQzLTliNzUtNjdhZTkzODAyMzJkOlk4S3RlZXc2R0UyWm1leWNFdDZlZ2c9PQ== The string 'client_id:client_secret' encoded to Base64 with Basic in front |
Request Body schema: application/x-www-form-urlencoded; charset=utf-8required
| grant_type | string Value: "client_credentials" |
Responses
Response samples
- 200
{- "token_type": "Bearer",
- "expires_in": 900,
- "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <truncated>"
}