Skip to main content

Vipps Login API (1.1.0)

Download OpenAPI specification:Download

See the API Guide for more information. For the userinfo endpoint, see Vipps Userinfo API.

Vipps Login API

OpenID configuration endpoint

The well-known endpoint can be used to retrieve configuration information for OpenID Connect clients. To learn more about this endpoint, please refer to the specification at https://openid.net/specs/openid-connect-discovery-1_0.html

header Parameters
Vipps-System-Name
string <= 30 characters
Example: Acme Commerce

The name of the solution. One word in lowercase letters is good. See HTTP headers.

Vipps-System-Version
string <= 30 characters
Example: 2.6

The version number of the solution. See HTTP headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: acme-webshop

The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 4.3

The version number of the ecommerce plugin (if applicable). See HTTP headers.

Responses

Response samples

Content type
application/json
{}

The OAuth 2.0 authorize endpoint

The resource owner (end user) is redirected to this endpoint at the beginning of the authentication process, and it is used to obtain an authorization grant. To learn more about this endpoint please refer to the specification at https://tools.ietf.org/html/rfc6749#section-3.1

header Parameters
Vipps-System-Name
string <= 30 characters
Example: Acme Commerce

The name of the solution. One word in lowercase letters is good. See HTTP headers.

Vipps-System-Version
string <= 30 characters
Example: 2.6

The version number of the solution. See HTTP headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: acme-webshop

The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 4.3

The version number of the ecommerce plugin (if applicable). See HTTP headers.

Responses

The OAuth 2.0 token endpoint

The token endpoint is used by the client to obtain an access token by presenting its authorization grant. To learn more about this endpoint please refer to the specification at https://tools.ietf.org/html/rfc6749#section-3.2

Authorizations:
Basic-AuthorizationBearer-Authorization
header Parameters
Merchant-Serial-Number
string
Example: 123456

This is a required parameter if you are a partner making API requests on behalf of a merchant. The partner must use the merchant's MSN, not the partner's MSN.

Vipps-System-Name
string <= 30 characters
Example: Acme Commerce

The name of the solution. One word in lowercase letters is good. See HTTP headers.

Vipps-System-Version
string <= 30 characters
Example: 2.6

The version number of the solution. See HTTP headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: acme-webshop

The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 4.3

The version number of the ecommerce plugin (if applicable). See HTTP headers.

Request Body schema: application/x-www-form-urlencoded
grant_type
required
string

Value MUST be authorization_code.

code
required
string

The authorization code received from the authorization server as a query param on the redirect_uri.

redirect_uri
required
string

The redirect URL which the user agent is redirected to after finishing a login. If the URL is using a custom URL scheme, such as myapp://, a path is required: myapp://path-to-something. The URL must be exactly the same as the one specified on portal.vipps.no. Be extra careful with trailing slashes and URL-encoded entities.

client_id
string

The client_id is available on portal.vipps.no, under the 'Utvikler' section. This parameter is required if the token endpoint authentication method is set to client_secret_post.

client_secret
string

The client_secret is available on portal.vipps.no, under the 'Utvikler' section. This parameter is required if the token endpoint authentication method is set to client_secret_post.

code_verifier
string

Required if PKCE, https://tools.ietf.org/html/rfc7636, is used.

Responses

Response samples

Content type
application/json
{
  • "access_token": "shxuQPSLpKAiBrgD-HPbgDWc3RHzcXq3skcydKwRroo.Y5aH3PavJkZnSq5dffj8AmKVE-SdwRcbKhUKkmqimoQ",
  • "expires_in": 3599,
  • "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo2ZjIxMTlkZS03ZWY4LTQ0NDQtYjNkYy1lNDNiYWY2MDUwMGYifQ.eyJhdF9oYXNoIjoiUGpLVVQ0VUpFYkZWY05MempyOVppQSIsImF1ZCI6WyJlZGRkYjMyZi01MDI4LTQzOTctYjBhYi1lOGVjZjIxOGZkYzIiXSwiYXV0aF90aW1lIjoxNjQzMTIwMjA0LCJleHAiOjE2NDMxMjM4MDUsImlhdCI6MTY0MzEyMDIwNSwiaXNzIjoiaHR0cHM6Ly9lY2U0NmVjNC02ZjljLTQ4OWItOGZlNS0xNDZhODllMTE2MzUudGVjaC0wMi5uZXQvYWNjZXNzLW1hbmFnZW1lbnQtMS4wL2FjY2Vzcy8iLCJqdGkiOiI1MzM2NzJlYi1lY2M0LTQ0OTQtYjM4NS02NWY2MGJkMTk1YTciLCJub25jZSI6IjU4OTU0MTFlLWU5MzAtNDMyYS05ZWIzLWQzYTAzODhlMWIzOSIsInJhdCI6MTY0MzEyMDAwNywic2lkIjoiYWJlMjIzOTUtZThkNC00ODFlLThjZDItNTU0YmYwOWY0MzJmIiwic3ViIjoiNjNkODMwM2YtNDFkNS00MTUwLTllMzMtMGEzOWVkODE4NTZjIn0.Nejx0nIAPhGjDAOKIpLUVK2bcfTmUr7JfKU8V_7SHUdLGFjSHmDSXkAqYIL_oFXmTQsBrVXTQO-yjL6WGpR5nrpYPHzpY7hMUj00VQ1KTd9gwoMk6uBDvXAnSN7O-cNqC0ehZAlZ6ofR9TwDn03fhS1UcxhLnFq9phzxKD4q7EgBkHOQiwv90M8ZvrZMqdwtdjqIOABks0tVcYlQFKKDDrij0Df90vrFR-coAZeXJzRGsMUivvZlkwlYEQAlTx2BxBT2WqJr407DX-W0k0mj7QPnPQNV-0qT0VLJ6liUwFUi6MQrQ01yosrHwrmwY-0f_GwDDSPp4HizkTmT_CecQy9CLsbnASrcBurpLvjl9bfxXiYtZvvDlxyoyjMd05z94MmuADvM-nIWztKHIbU4ez6qRS1uyMPN2P9-_wzD7Tj2RCrAfSHlgTrx-grhqdkIqcVKdx8RVj5cmmbLDsmgfwLdM0m5Z_QYmctxq7TsLWm0x2A2-rbxlAma5USRDfPpzWBwbZDbJygXEIccGUwgG7SK6XHeTblHmgz87Tx7yfqTw9YSYbzxjnCCBwCXlKUUcHOLMRF_L0BwTBaNaFtYfgc5ne68Ej0V2Mz_BodR3OpRnukTdb1_nXAbDs4JiKhM22aR3R7qopAUnhUAFbde2q1sfwGr-b21a4NgEaWtFwk",
  • "token_type": "bearer",
  • "scope": "openid name phoneNumber address birthDate email"
}

JSON Web Keys Discovery

This endpoint returns JWK (JSON Web Keys) to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT (JSON Web Token, the access token).

header Parameters
Vipps-System-Name
string <= 30 characters
Example: Acme Commerce

The name of the solution. One word in lowercase letters is good. See HTTP headers.

Vipps-System-Version
string <= 30 characters
Example: 2.6

The version number of the solution. See HTTP headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: acme-webshop

The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 4.3

The version number of the ecommerce plugin (if applicable). See HTTP headers.

Responses

Response samples

Content type
application/json
{
  • "keys": [
    ]
}