Partner specialized authentication
This type of authentication applies to:
- Accounting partners for access to the Report API.
- Partners who want to use management keys for accessing the Management API.
👉 If these don't apply to you, go to the Standard authentication section.
What does this provide access to?
You can use this access token with management keys and accounting keys.
- Management keys - Provide authentication for the Management API.
- Accounting keys - Provide authentication for the Report API.
The Management API and Report API are not available in the test environment, so you will only need production keys.
A mapping of the authentication type to APIs and keys:
| API | Partner keys | Management keys | Accounting keys |
|---|---|---|---|
| Main APIs | Standard authentication | N/A | N/A |
| Management API | Standard authentication | Partner specialized authentication | N/A |
| Report API | N/A | N/A | Partner specialized authentication |
Get your API keys
The partner team will provide these to you.
How partners get API keys
Once your partner application has been approved, you'll receive a welcome email with a test sales unit and API keys. If you have lost this or need a new test sales unit, please contact partner@vippsmobilepay.com. Sales units are specific for either Norway, Denmark, or Finland. Remember to state which country the sales unit should be created for.
Note that partner functionality is not available in test. Instead, you will receive merchant API keys, as mentioned in the limitations section. All payment and login flows can be tested using the merchant API keys.
Partners can also get access to the test environment by ordering the Login API. See Partner: How to get access to your sales units on the merchant portal.
Get the access token
To get the access token, you will use
POST:/miami/v1/token.
This endpoint will be renamed to
POST:/authentication/v1/token
later, when the internal technical dependencies are resolved.
This endpoint uses a completely standard OAuth client credentials flow, allowing use of standardized libraries. We strongly recommend this approach, using one of the trusted libraries to perform the flow.
The value for authorization is a string representing your Base64-encoded accounting keys, client_id and client_secret.
Example of how to convert your client_id and client_secret to base64 with JavaScript:
const clientId = 'YOUR-CLIENT-ID';
const clientSecret = 'YOUR-CLIENT-SECRET';
const base64Credentials = btoa(`${clientId}:${clientSecret}`);
console.log(base64Credentials);
Provide the Base64-encoded value in the Authorization heading in a request to
POST:/miami/v1/token:
curl -X POST https://api.vipps.no/miami/v1/token \
-H 'Authorization: Basic <YOUR-BASE64-ENCODED-VALUE>' \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'Vipps-System-Name: acme' \
-H 'Vipps-System-Version: 3.1.2' \
-H 'Vipps-System-Plugin-Name: acme-webshop' \
-H 'Vipps-System-Plugin-Version: 4.5.6' \
--data-urlencode 'grant_type=client_credentials'
You must include the last line with 'grant_type=client_credentials', or
you'll get an invalid_client error.
The Ocp-Apim-Subscription-Key HTTP header should not be sent.
An access token will be returned. It is valid for 15 minutes.
Example (JSON) response from
POST:/miami/v1/token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <truncated>",
"token_type": "Bearer",
"expires_in": 900
}