Skip to main content

Profile sharing

Privacy terms

Ensure that you comply with our privacy terms.

Request and retrieve customer profile information (i.e., phone number) securely during the payment process, with explicit user consent.

You request consent by supplying the scope property with needed values to the create payment request. A consent screen will be displayed in the user's Vipps Vipps or MobilePay MobilePay app before the payment screen.

User information consent screen in Vipps

The user must complete both the consent screen and the payment screen before the merchant gets access to their profile information. If the user doesn't consent to access, then the payment or agreement will fail.

How to get profile informationโ€‹

To request access to user profile information, send the Create payment request, POST:/epayment/v1/payments with profile.scope property.

Include the scope values you need access to (e.g., "address email name phoneNumber"), separated by spaces. The options include: address, birthDate, email, name, phoneNumber, and nin (in special cases). See Userinfo API guide: scope for more details.

tip

Use as few scopes as possible to reduce the risk that they cancel the payment.

For example:

curl -X POST https://apitest.vipps.no/epayment/v1/payments \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Idempotency-Key: YOUR-IDEMPOTENCY-KEY" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
-d '{
"amount": {
"value": 49900,
"currency": "NOK"
},
"paymentMethod": {
"type": "WALLET"
},
"customer": {
"phoneNumber": 4712345678
},
"reference": UNIQUE-PAYMENT-REFERENCE,
"userFlow": "WEB_REDIRECT",
"returnUrl": "https://example.com/redirect?reference=UNIQUE-PAYMENT-REFERENCE",
"paymentDescription": "Purchase of socks",
"profile": {
"scope": "name phoneNumber address birthDate"
}
}'

The user will be prompted to give consent to sharing the corresponding information. If the user has not previously consented to sharing all requested details, they will be asked to provide consent for any outstanding items before completing the payment flow.

The consent card must be accepted before the user can approve the payment in the Vipps Vipps or MobilePay MobilePay app. If the user does not provide consent, the payment will fail.

Step 2 - Get the payment detailsโ€‹

Once the payment is approved, you can get the payment details by calling the GET:/epayment/v1/payments/{reference} endpoint. Replace {reference} with the value you specified in your create payment request.

From the response, you will use the userDetails and sub.

For example:

{
"profile": {
"sub": "126684df-c056-4625-821d-f2905febe3f9"
},
"userDetails": {
"email": "test.user@example.com",
"firstName": "Test",
"lastName": "User",
"mobileNumber": "4712345678",
"dateOfBirth": "1955-05-18",
"addresses": [
{
"addressLine1": "BOKS 6300, ETTERSTAD",
"addressLine2": "",
"city": "OSLO",
"country": "NO",
"postCode": "0603"
},
{
"addressLine1": "Robert Levins gate 5",
"addressLine2": "",
"city": "Oslo",
"country": "NO",
"postCode": "0152"
}
]
},
// ... other items here....
}

The userDetails object can contain the following values, if requested in the scope:
email, firstName, lastName, mobileNumber, dateOfBirth, and addresses.

The sub is a unique identifier for a Vipps MobilePay user and is tied to their consent to share information with a specific sales unit. Use the sub to retrieve additional details - such as verified email and phone number, alternative addresses, or nin in special cases โ€” via the Userinfo API, as described in Step 3.

Step 3 - Use the sub to get profile information (optional)โ€‹

Use the sub you got in the last step and call this endpoint:
GET:/vipps-userinfo-api/userinfo/{sub}

The response will provide the allowed profile information.

For example:

{
"address": {
"address_type": "home",
"country": "NO",
"formatted": "BOKS 6300, ETTERSTAD\n0603\nOSLO\nNO",
"postal_code": "0603",
"region": "OSLO",
"street_address": "BOKS 6300, ETTERSTAD"
},
"birthdate": "1955-05-18",
"email": "test.user@example.com",
"email_verified": false,
"family_name": "User",
"given_name": "Test",
"name": "Test User",
"other_addresses": [
{
"address_type": "work",
"country": "NO",
"formatted": "Robert Levins gate 5\n0152\nOslo\nNO",
"postal_code": "0152",
"region": "Oslo",
"street_address": "Robert Levins gate 5"
}
],
"phone_number": "4748571123",
"phone_number_verified": true,
"sid": "57bccee36b19600c",
"sub": "126684df-c056-4625-821d-f2905febe3f9"
}

Consents remain valid for 7 days.

tip

You should fetch the user's information as soon as consent is given. If you delay, the information could become outdated. Always process the data as it was when consent was granted.

For more details about the response as well as consent and data access, see the Userinfo API guide.

See Userinfo API guide for more details.