Skip to main content
API docs by Redocly

QR API (1.0)

Download OpenAPI specification:Download

URL: https://developer.vippsmobilepay.com/docs/contact/

The QR API enables you to generate Vipps and MobilePay QR codes and merchant redirects for a Vipps MobilePay payment. See the QR API Guide for more details.

Merchant redirect QR

Create merchant redirect QR

Generate a QR that works as a redirect back to the merchant

Authorizations:
BearerToken
header Parameters
Accept
required
string
Enum: "image/*" "image/png" "image/svg+xml" "text/targetUrl"

Requested image format. Supported values: {image/*,image/png, image/svg+xml, text/targetUrl}

Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Size
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR

Request Body schema: application/json
id
required
string or null [ 1 .. 128 ] characters ^[-_+%æøåÆØÅ\w\s]*$

Merchant supplied Id for QR

redirectUrl
required
string or null <uri> ^https:\/\/[\w\.]+([\w#!:.?+=&%@\-\/]+)?$

The target url of the QR (redirect destination)

ttl
integer or null [ 300 .. 2147483647 ]

Optional time-to-live field, given in seconds

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{}

Get all merchant redirect QRs

Get all merchant redirect QRs for this saleunit

Authorizations:
BearerToken
header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Accept
required
string
Enum: "image/*" "image/png" "image/svg+xml" "text/targetUrl"

Requested image format. Supported values: {image/*,image/png, image/svg+xml, text/targetUrl}

Size
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR

Responses

Response samples

Content type
application/json
[]

Update redirectUrl for merchant redirect QR

Update the redirect url (target destination) of the QR

Authorizations:
BearerToken
path Parameters
id
required
string

The unique ID for QR

header Parameters
Accept
required
string
Enum: "image/*" "image/png" "image/svg+xml" "text/targetUrl"

Requested image format. Supported values: {image/*,image/png, image/svg+xml, text/targetUrl}

Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Size
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR

Request Body schema: application/json
redirectUrl
required
string <uri> ^https:\/\/[\w\.]+([\w#!:.?+=&%@\-\/]+)?$

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{}

Delete merchant redirect QR

Delete merchant redirect QR

Authorizations:
BearerToken
path Parameters
id
required
string

The unique ID for QR

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Size
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR

Responses

Response samples

Content type
application/json
{
  • "type": "string",
  • "title": "string",
  • "detail": "string",
  • "instance": "string",
  • "invalidParams": [
    ]
}

Get merchant redirect QR by ID

Get merchant redirect QR by ID

Authorizations:
BearerToken
path Parameters
id
required
string

The unique ID for QR

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Accept
required
string
Enum: "image/*" "image/png" "image/svg+xml" "text/targetUrl"

Requested image format. Supported values: {image/*,image/png, image/svg+xml, text/targetUrl}

Size
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR

Responses

Response samples

Content type
application/json
{}

One time payment QR

Create One Time Payment QR

Endpoint for generating a Vipps MobilePay QR for a merchant payment. Given a valid vippsLandingPageUrl, this endpoint will return a QR for that payment.

Authorizations:
BearerToken
header Parameters
Accept
required
string
Enum: "image/*" "image/png" "image/svg+xml" "text/targetUrl"

Requested image format. Supported values: {image/*,image/png, image/svg+xml, text/targetUrl}

Size
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR

Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Request Body schema: application/json
url
required
string

Url to the Vipps landing page, obtained from ecom/recurring apis

Responses

Request samples

Content type
application/json
{
  • "url": " https://api.vipps.no/dwo-api-application/v1/deeplink/vippsgateway?v=2&token=eyJraWQiO...."
}

Response samples

Content type
application/json
{}

Merchant callback QR

Get all merchant callback QRs

Returns all QR codes that matches the provided Merchant-Serial-Number.

Authorizations:
BearerToken
query Parameters
QrImageFormat
string
Enum: "PNG" "SVG"

Requested image format. Supported values: {PNG, SVG}. If not provided, SVG is chosen.

QrImageSize
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR. Only relevant if PNG is chosen as image format.

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
required
string

The merchant serial number (MSN) for the sales unit. See API keys.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Responses

Response samples

Content type
application/json
[]

Get callback QR by ID

Returns the QR code represented by the merchantQrId and Merchant-Serial-Number provided in the path and header respectively. The image format and size of the QR code is defined by the Accept and Size headers respectively.

Authorizations:
BearerToken
path Parameters
merchantQrId
required
string

The merchant defined identifier for a QR code.

query Parameters
QrImageFormat
string
Enum: "PNG" "SVG"

Requested image format. Supported values: {PNG, SVG}. If not provided, SVG is chosen.

QrImageSize
integer [ 100 .. 2000 ]

Eks: 200. Then 200x200 px is set at dimension for the QR. Only relevant if PNG is chosen as image format.

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
required
string

The merchant serial number (MSN) for the sales unit. See API keys.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Responses

Response samples

Content type
application/json
{}

Create or update callback QR

Note: MobilePay integrators that needs to migrate existing QRs cannot use this endpoint. They must use the dedicated endpoint: PUT /v1/merchant-callback/mobilepay/{beaconId}

Creates or updates the QR code that encapsulates the provided merchantSerialNumber and merchantQrId. See Webhooks API to create a webhook that will send callbacks when this QR code is scanned by a Vipps or MobilePay user.

If the endpoint is called with the same merchantQrId twice or more, it is the last call that defines the location property. The actual QR code image will not be updated on consecutive calls.

Authorizations:
BearerToken
path Parameters
merchantQrId
required
string

The merchant defined identifier for a QR code.

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
required
string

The merchant serial number (MSN) for the sales unit. See API keys.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Request Body schema: application/json
locationDescription
required
string <= 36 characters

A description of where the QR code will be located. It will be shown in the app when a user scans the QR code. Examples could be ‘Kasse 1’ , ‘Kiosk’ or ‘Platform 3’.

category
string (CategoryEnum)
Default: "IN_STORE"
Enum: "IN_STORE" "VENDING"

Category for the QR. Different categories will show different messages in the apps while the user is waiting for the payment/login to show.

Responses

Request samples

Content type
application/json
{
  • "locationDescription": "string",
  • "category": "IN_STORE"
}

Response samples

Content type
application/json
{
  • "type": "string",
  • "title": "string",
  • "detail": "string",
  • "instance": "string",
  • "invalidParams": [
    ]
}

Delete callback QR

Deletes the QR code that matches the provided merchantQrId and merchantSerialNumber.

Authorizations:
BearerToken
path Parameters
merchantQrId
required
string

The merchant defined identifier for a QR code.

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
required
string

The merchant serial number (MSN) for the sales unit. See API keys.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Responses

Response samples

Content type
application/json
{
  • "type": "string",
  • "title": "string",
  • "detail": "string",
  • "instance": "string",
  • "invalidParams": [
    ]
}

Create or update MobilePay QR code

This endpoint is for creating existing MobilePay PoS QR codes. It is meant for merchants that have printed QR codes that they need to assign to a store.

This endpoint will not create a new QR code but rather map the provided beaconId with the Merchant-Serial-Number, to make sure the already printed QR code can be re-used. When the QR code is scanned by MobilePay users, it will result in a callback being sent to the merchant if the merchant has registered a webhook for the user.checked-in.v1 event.

The callback will include a MerchantQrId which in this scenario will equal the beaconId.

Authorizations:
BearerToken
path Parameters
beaconId
required
string

The MobilePay PoS BeaconId

header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
required
string

The merchant serial number (MSN) for the sales unit. See API keys.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.2.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Request Body schema: application/json
locationDescription
required
string <= 36 characters

A description of where the QR code will be located. This corresponds to the PoS name field from the old MobilePay V10 API. It will be shown in the app when a user scans the QR code. Examples could be ‘Kasse 1’ , ‘Kiosk’ or ‘Platform 3’.

category
string (CategoryEnum)
Default: "IN_STORE"
Enum: "IN_STORE" "VENDING"

Category for the QR. Different categories will show different messages in the apps while the user is waiting for the payment/login to show.

Responses

Request samples

Content type
application/json
{
  • "locationDescription": "cashier_1",
  • "category": "IN_STORE"
}

Response samples

Content type
application/json
{
  • "type": "string",
  • "title": "string",
  • "detail": "string",
  • "instance": "string",
  • "invalidParams": [
    ]
}

QR Exchange

Exchange user presented QR code for data

Authorizations:
BearerToken
header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Request Body schema: application/json
required
qrCode
required
string

The complete content of the QR code.

requestedData
Array of strings (RequestedData)
Default: ["MSISDN"]
Items Value: "MSISDN"

Responses

Request samples

Content type
application/json
Example

Response samples

Content type
application/json
Example
{
  • "msisdn": "4798765432",
  • "timestamp": 1634025600,
  • "version": "2.0"
}

Customer Exchange

Exchange customer for data, for example customerToken received on webhook.

Authorizations:
BearerToken
header Parameters
Authorization
required
string

The access token is a base64-encoded string that is required for all API calls. It is a JWT (JSON Web Token). The access token is fetched from the POST:/accesstoken/get endpoint. It is valid for 1 hour in the test environment and 24 hours in the production environment.

Ocp-Apim-Subscription-Key
required
string

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string

The merchant serial number (MSN) for the sales unit. Partners and PSP merchants must always send the Merchant-Serial-Number header, and we recommend that everyone sends it, also when using the merchant's own API keys. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Request Body schema: application/json
required
required
object

The customer identifier.

requestedData
required
Array of strings (RequestedData)
Default: ["MSISDN"]
Items Value: "MSISDN"

Responses

Request samples

Content type
application/json
{
  • "customer": {
    },
  • "requestedData": [
    ]
}

Response samples

Content type
application/json
{
  • "msisdn": "4798765432",
  • "timestamp": 1634025600
}