API version: 2.0.
Endpoints to integrate
|OpenID Connect (Get OIDC well-known endpoint)|
|The OAuth 2.0 authorize endpoint|
|The OAuth 2.0 token endpoint|
|JSON Web Keys Discovery|
When the checklist is completed, notify Vipps MobilePay Integration Service at email@example.com. Include examples from the test environment, pilot customer info, and a description of the implemented solution.
We will verify the integration and contact you. After the checklist is approved, we'll send you the information you need to get started.
|Use correct flow||Native app integrations use the app-to-app flow. Merchant initiated login must not be used for web-based login.|
|Do not use embedded iFrames||Integration with the Login API is redirect-based (i.e., do not use an embedded iFrame).|
|Set company name and logo||The sales unit name appears on the Vipps MobilePay landing page. Both the name and logo appear in the Vipps or MobilePay app under Personal information > Companies with access. See how to change name and logo.|
|Whitelist redirect URIs||Ensure that all |
|Use only required scopes||Request only the scopes that you require, no "nice to have" scopes. If using national identity number, you must be granted access to request these scopes. See FAQ for details.|
|Comply with our terms and conditions||If you, as a merchant, will act on behalf of others (share data you have gotten from us with other merchants), ensure that you comply with our terms and conditions to do this. This is shown in section 8.4 in our terms and conditions for merchants.|
|Present terms and conditions||Terms and conditions are presented to the user, and the necessary consents are collected from the user (i.e., consent to marketing purposes, etc.).|
|Generate a ||Ensure that a unique |
|Do not share ||Ensure that the |
|Ensure functionality||Ensure that your solution is verified to work if the user start in a "non-default" browser on mobile, e.g. start Vipps Login from Chrome browser on iOS.|
|Update user registry||Implement proper linking of the Vipps or MobilePay user to your own user registry. This login must be based on either phone number or e-mail address. See recommendations on linking to user account.|
|Handle errors||Make sure to log and handle all errors. For example, handle cancelled logins and error situations while redirecting the user back to |
|Include standard HTTP headers||Send the HTTP headers in all API requests for better tracking and troubleshooting (mandatory for partners and platforms, who must send these headers as part of the checklist approval).|
Avoid integration pitfalls
|Follow design guidelines||The branding must be according to the Design guidelines.|
|Educate customer support||Make sure your customer service, etc. has all the tools and information they need available in your system, through the APIs listed in the first item in this checklist, and that they do not need to visit portal.vipps.no for normal work.|