Profile sharing
Ensure that you comply with our privacy terms.
Request and retrieve customer profile information (i.e., phone number) securely during the payment process, with explicit user consent.
You request consent by supplying the scope
property with needed values to the
create payment request.
A consent screen will be displayed in the user's Vipps or MobilePay
app
before the payment screen.
- Vipps
- MobilePay
The user must complete both the consent screen and the payment screen before the merchant gets access to their profile information. If the user doesn't consent to access, then the payment or agreement will fail.
How to get profile informationโ
Step 1 - Request consentโ
To request access to user profile information, send the Create payment request,
POST:/epayment/v1/payments
with profile.scope
property.
Include the scope
values you need access to (e.g., "address email name phoneNumber"
), separated by spaces.
The options include: address
, birthDate
, email
, name
, phoneNumber
, and nin
(in special cases).
See Userinfo API guide: scope for more details.
Use as few scopes as possible to reduce the risk that they cancel the payment.
For example:
curl -X POST https://apitest.vipps.no/epayment/v1/payments \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Idempotency-Key: YOUR-IDEMPOTENCY-KEY" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
-d '{
"amount": {
"value": 49900,
"currency": "NOK"
},
"paymentMethod": {
"type": "WALLET"
},
"customer": {
"phoneNumber": 4712345678
},
"reference": UNIQUE-PAYMENT-REFERENCE,
"userFlow": "WEB_REDIRECT",
"returnUrl": "https://example.com/redirect?reference=UNIQUE-PAYMENT-REFERENCE",
"paymentDescription": "Purchase of socks",
"profile": {
"scope": "name phoneNumber address birthDate"
}
}'
The user will be prompted to give consent to sharing the corresponding information. If the user has not previously consented to sharing all requested details, they will be asked to provide consent for any outstanding items before completing the payment flow.
The consent card must be accepted before the user can approve the payment in the Vipps or MobilePay
app.
If the user does not provide consent, the payment will fail.
Step 2 - Get the payment detailsโ
Once the payment is approved, you can get the payment details by calling the
GET:/epayment/v1/payments/{reference}
endpoint.
Replace {reference}
with the value you specified in your create payment request.
From the response, you will use the userDetails
and sub
.
For example:
{
"profile": {
"sub": "126684df-c056-4625-821d-f2905febe3f9"
},
"userDetails": {
"email": "test.user@example.com",
"firstName": "Test",
"lastName": "User",
"mobileNumber": "4712345678",
"dateOfBirth": "1955-05-18",
"addresses": [
{
"addressLine1": "BOKS 6300, ETTERSTAD",
"addressLine2": "",
"city": "OSLO",
"country": "NO",
"postCode": "0603"
},
{
"addressLine1": "Robert Levins gate 5",
"addressLine2": "",
"city": "Oslo",
"country": "NO",
"postCode": "0152"
}
]
},
// ... other items here....
}
The userDetails
object can contain the following values, if requested in the scope
:
email
, firstName
, lastName
, mobileNumber
, dateOfBirth
, and addresses
.
The sub
is a unique identifier for a Vipps MobilePay user and is tied to their consent to share information with a specific sales unit. Use the sub
to retrieve additional details - such as verified email and phone number, alternative addresses, or nin
in special cases โ via the
Userinfo API, as described in Step 3.
Step 3 - Use the sub
to get profile information (optional)โ
Use the sub
you got in the last step and call this endpoint:
GET:/vipps-userinfo-api/userinfo/{sub}
The response will provide the allowed profile information.
For example:
{
"address": {
"address_type": "home",
"country": "NO",
"formatted": "BOKS 6300, ETTERSTAD\n0603\nOSLO\nNO",
"postal_code": "0603",
"region": "OSLO",
"street_address": "BOKS 6300, ETTERSTAD"
},
"birthdate": "1955-05-18",
"email": "test.user@example.com",
"email_verified": false,
"family_name": "User",
"given_name": "Test",
"name": "Test User",
"other_addresses": [
{
"address_type": "work",
"country": "NO",
"formatted": "Robert Levins gate 5\n0152\nOslo\nNO",
"postal_code": "0152",
"region": "Oslo",
"street_address": "Robert Levins gate 5"
}
],
"phone_number": "4748571123",
"phone_number_verified": true,
"sid": "57bccee36b19600c",
"sub": "126684df-c056-4625-821d-f2905febe3f9"
}
Consents remain valid for 7 days.
You should fetch the user's information as soon as consent is given. If you delay, the information could become outdated. Always process the data as it was when consent was granted.
For more details about the response as well as consent and data access, see the Userinfo API guide.
See Userinfo API guide for more details.