Profile sharing

The ePayment API enables merchants to request the user's profile information (such as phone number or email address) as part of the payment flow. We call this the userinfo flow.

Privacy terms

Ensure that you comply with our privacy terms.

Vipps
MobilePay

User information consent screen in Vipps

Remember to have a fresh access token, see Set up and Authorize. Then, call the POST:/epayment/v1/payments with profile.

For example:

curl -X POST https://apitest.vipps.no/epayment/v1/payments \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H 'Idempotency-Key: YOUR-IDEMPOTENCY-KEY' \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
-d '{
    "amount": {
        "value": 49900,
        "currency": "NOK"
    },
    "paymentMethod": {
        "type": "WALLET"
    },
    "customer": {
        "phoneNumber": 4712345678
    },
    "reference": UNIQUE-PAYMENT-REFERENCE,
    "userFlow": "WEB_REDIRECT",
    "returnUrl": "https://example.com/redirect?reference=UNIQUE-PAYMENT-REFERENCE",
    "paymentDescription": "Purchase of socks",
    "profile": {
        "scope": "name phoneNumber address birthDate"
    }
}'

The scope determines what information the user is asked to share. The scope can include any of the values, separated by a space:

Scopes	Description	User consent required
`openid`	This scope is only supported through the Login API. This is the scope used to request an Id-token. It provides the claim `sub` which is a unique ID for the end user at that particular merchant. Note: Different merchants will get different `sub`s for the same end user.	no
`address`	The user can have up to three addresses in their Vipps or MobilePay app: home, work and other. User addresses are given as claims `address` and `other_addresses`. The claim `address` returns the address set as default for the Vipps or MobilePay user. The claim `other_addresses` returns any other addresses of the end user. We recommend that merchants fetch all addresses on a user and allow the user to choose which address to use in the relevant context. Some users will not have any registered address, in these situations the claim `address` will be delivered, but the `sub` claims in address will be empty strings (e.g., `"address" : {"country" : "", "street_address" : "", "address_type" : "", "formatted" : "", "postal_code" : "", "region" : "" }`). If a user has information in the `Unit, floor or other details` field, this will be included in the `street_address` response. The `Street address` will then be presented first, before "\n". Then, the contents from `Unit, floor or other details` (e.g., `Suburbia 23"\nUnit B5`)	yes
`birthDate`	User birthdate (verified with National Population Register)	yes
`email`	User email (verified). The flag `email_verified : true` in the response can be used by merchants to confirm that the email actually is verified for each request.	yes
`name`	User first, middle, and given name (verified with National Population Register)	yes
`phoneNumber`	Verified phone number (verified - the number used with Vipps MobilePay)	yes
`gender`	Gender. User chosen gender with options: `male`, `female`, `other` or `prefer not to say`. This scope is only supported through the Login API currently.	yes
`nin`	National Identity Number (NIN) (verified with National Population Register). Note, merchants need to apply for access to NIN. See Who can get access to NIN and how.	yes
`delegatedConsents`	Enables marketing consents to be collected on behalf of a merchant. How to get started with marketing consents	yes

Example scopes:

phoneNumber
email
name address email
name phoneNumber
name birthDate
name email nin

When requesting scopes that require user consent, a view listing these scopes will be displayed to the user with the option to allow or deny the consent request. This view is skipped if no scopes requiring consent are requested. The user must either accept or reject the full set of scopes, and can't make changes to the list of requested scopes. A user can therefore not choose to accept name and deny address.

tip

We recommend asking for the minimal number of scopes needed for your use case to minimize the number of users that deny the consent request.

Scenario: You want to complete a payment and get the name and phone number of a customer. Details about each step are described in the sections below.

Retrieve the access token.
Add scope to the transaction object and include the scope you wish to get access to (valid scope) before calling. Include the scopes you need access to (e.g., "name address email phoneNumber birthDate"), separated by spaces.
The user consents to the information sharing and perform the payment in the Vipps or MobilePay app.
Retrieve the sub by calling GET:/epayment/v1/payments/{reference}
Using the sub from step 4, call GET:/vipps-userinfo-api/userinfo/{sub} to retrieve the user's information.

For more details, see the Userinfo quick start guide.

Create a payment with a profile sharing request​

Profile sharing call-by-call guide​

Create a payment with a profile sharing request

Profile sharing call-by-call guide