Push Provisioning API (⚠️ Work in Progress) (0.1.0)

Download OpenAPI specification:Download

Vipps MobilePay: support_ps@vippsmobilepay.com URL: https://vipps.no

This API is intended for card issuers who want to provide a fast, secure, and user-friendly way for customers to add (push) their eligible cards to Vipps or MobilePay without manually entering card details.

For a detailed overview of the push provisioning flow, please refer to the Push Provisioning API documentation.

Headers

X-Request-ID

Business correlation across multiple traces (retries, async jobs). Can be provided by the client.

X-Trace-ID

Direct lookup for single trace.

Authentication

Mutual TLS authentication for secure API communication. To access this API, you must provide a valid client certificate signed by Vipps MobilePay Certificate Authority.

Vipps MobilePay Certificate Authority details:

root certificate: https://certs.godaddy.com/repository/gdroot-g2.crt
intermediate certificate : https://certs.godaddy.com/repository/gdig2.crt.pem

Error Codes

INTERNAL_SERVER_ERROR

An uncategorized server-side error occurred. User may try again later, if the issue persists please contact support.
REQUEST_VALIDATION_ERROR

The request failed validation. Returned when required fields are missing or input does not pass validation checks. Details are provided in the response body.

Initiate Card Provisioning

Initiate card provisioning flow to let the user easily add the given card to their Vipps MobilePay app.

Request Body schema: application/json
required

encryptedCardData required	string Encrypted JSON Web Encryption (JWE) token containing sensitive card data. Required headers: alg, enc, kid. Algorithm: RSA-OAEP-256 with SHA-256 key and 4096-bit size. Encryption: AES-128-GCM with 128-bit key. Pan: Payment Account Reference (PAN) of the card e.g. 1234567890123456. Expiry: Card expiration date in YYYY-MM format, e.g. '2025-12'. Payload: { pan, expiry }.
countryCode required	string ISO 3166-1 alpha-2 country code indicating nationality of the given NIN.
nin required	string National identity number of the cardholder.
returnUrl	string or null <uri> Redirect URL for returning to the calling application after provisioning completes.
issuerName required	string The name of the bank that issued the card. Must be between 1 and 255 characters.
appSwitch required	boolean Current version only support AppSwitch true. Unsupported AppSwitch=false: Disable to trigger immediate push notification to Vipps/MobilePay app without leaving issuer app/web, and request user to open their Vipps/MobilePay app (in case push notifications are disabled). The returned universal link can be disregarded or used for retry.
last4 required	string Last 4 digits of the card number for display and verification purposes.
suggestedNickname	string or null If you allow your customers to give custom names to their cards or to the connected account, please provide us with this information. We will suggest it as a nickname for the card in our app. If defined, it must be between 5 and 25 characters.

Responses

Request samples

Payload

Content type

application/json

{"encryptedCardData": "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0...",
"countryCode": "NO",
"nin": "12345678901",
"returnUrl": "https://example.com/callback",
"issuerName": "Vipps Bank AS",
"appSwitch": true,
"last4": "1234",
"suggestedNickname": "Budget Account"
}

Response samples