Skip to main content

Push Provisioning API (⚠️ Work in Progress) (0.1.0)

Download OpenAPI specification:Download

This API is intended for card issuers who want to provide a fast, secure, and user-friendly way for customers to add (push) their eligible cards to Vipps or MobilePay without manually entering card details.

For a detailed overview of the push provisioning flow, please refer to the Push Provisioning API documentation.

Headers

X-Request-ID

Business correlation across multiple traces (retries, async jobs). Can be provided by the client.

X-Trace-ID

Direct lookup for single trace.

Authentication

Mutual TLS authentication for secure API communication. To access this API, you must provide a valid client certificate signed by Vipps MobilePay Certificate Authority.

Vipps MobilePay Certificate Authority details:

Error Codes

  • INTERNAL_SERVER_ERROR

    An uncategorized server-side error occurred. User may try again later, if the issue persists please contact support.

  • REQUEST_VALIDATION_ERROR

    The request failed validation. Returned when required fields are missing or input does not pass validation checks. Details are provided in the response body.

Initiate Card Provisioning

Initiate card provisioning flow to let the user easily add the given card to their Vipps MobilePay app.

Request Body schema: application/json
required
encryptedCardData
required
string

Encrypted JSON Web Encryption (JWE) token containing sensitive card data.

  • Required headers: alg, enc, kid.
  • Algorithm: RSA-OAEP-256 with SHA-256 key and 4096-bit size.
  • Encryption: AES-128-GCM with 128-bit key.
  • Pan: Payment Account Reference (PAN) of the card e.g. 1234567890123456.
  • Expiry: Card expiration date in YYYY-MM format, e.g. '2025-12'.
  • Payload: { pan, expiry }.
countryCode
required
string

ISO 3166-1 alpha-2 country code indicating nationality of the given NIN.

nin
required
string

National identity number of the cardholder.

returnUrl
string or null <uri>

Redirect URL for returning to the calling application after provisioning completes.

issuerName
required
string

The name of the bank that issued the card. Must be between 1 and 255 characters.

appSwitch
required
boolean

Current version only support AppSwitch true. Unsupported AppSwitch=false: Disable to trigger immediate push notification to Vipps/MobilePay app without leaving issuer app/web, and request user to open their Vipps/MobilePay app (in case push notifications are disabled). The returned universal link can be disregarded or used for retry.

last4
required
string

Last 4 digits of the card number for display and verification purposes.

suggestedNickname
string or null

If you allow your customers to give custom names to their cards or to the connected account, please provide us with this information. We will suggest it as a nickname for the card in our app. If defined, it must be between 5 and 25 characters.

Responses

Request samples

Content type
application/json
{
  • "encryptedCardData": "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0...",
  • "countryCode": "NO",
  • "nin": "12345678901",
  • "issuerName": "Vipps Bank AS",
  • "appSwitch": true,
  • "last4": "1234",
  • "suggestedNickname": "Budget Account"
}

Response samples