Skip to main content

Access token FAQ

What do I do if I've compromised the keys

For merchants:

  • If you accidentally share your API keys, you must generate new ones by clicking the regenerate button on your portal.vippsmobilepay.com page.

For partners:

  • For keys other than merchant API keys, contact the partner team. For merchant keys, the merchant needs to generate new ones on the portal.

Update your integrations, so they will continue working.

Why are there two endpoints?

The goal is to eventually move all the APIs and keys to using the new token endpoint, which is currently only used by partners for limited specialty uses.

The legacy accesstoken endpoint will continue to work, so integrations will continue to work as before.

There are technical reasons for the two endpoints and the different roles, and it's unfortunately no easy way to "streamline" this for all APIs and roles at once.

How long is an access token valid?

With POST:/accesstoken/get, the access token is valid for 1 hour in the test environment and 24 hours in the production environment.

With POST:/miami/v1/token, the access token is valid for 15 minutes regardless the environment.

Help us improve our documentation

Did you find what you were looking for?