Quick start
Before you begin
The provided example values in this guide must be changed with the values for your sales unit and user. This applies for API keys, HTTP headers, reference, phone number, etc.
Your first QR code
Step 1 - Setup
You must have already signed up as an organization with Vipps MobilePay and have your API keys. See Getting started guide for help.
Get these API key values for your sales unit (How to find the API keys):
client_id- Client_id for a test sales unit.client_secret- Client secret for a test sales unit.Ocp-Apim-Subscription-Key- Subscription key for a test sales unit.merchantSerialNumber- The unique ID for a test sales unit.
You will also need this for the eCom API requests:
MobileNumber- The phone number for the test app profile you have received or registered. This is your test mobile number without country code.
- curl
- Postman
🔥 Do not store production keys in the Postman cloud. 🔥
To prevent your sensitive data and credentials from being synced to the Postman cloud, store them in the Current Value fields of your Postman environment.
Open Postman and do the following:
-
Import the following files:
-
Select to use the imported global environment.
-
In the global environment, update only the Current Value field with your own values for the following:
client_idclient_secretOcp-Apim-Subscription-KeymerchantSerialNumberMobileNumber
No additional setup needed :)
Step 2 - Get an access token
Get an access_token from the
Access token API:
POST:/accesstoken/get.
- curl
- Postman
Send request "Get Access Token"
curl -X POST 'https://apitest.vipps.no/accesstoken/get' \
-H "Content-Type: application/json" \
-H 'client_id: YOUR-CLIENT-ID' \
-H 'client_secret: YOUR-CLIENT-SECRET' \
-H 'Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY' \
-H 'Merchant-Serial-Number: YOUR-MSN' \
--data ''
For production, include all the Vipps-System headers so that we can help with debugging any problems.
For details, see HTTP headers.
The property access_token should be used as the Bearer token in the Authorization header of all the following API requests.
Merchant Redirect QR
A merchant redirect QR contains a link to your webshop. When the user scans this with their phone, your website will open.
- Vipps
- MobilePay
Generate a merchant redirect QR with:
POST:/qr/v1/merchant-redirect.
- curl
- Postman
Send request "Merchant Redirect QR > Generate QR"
The qr-id variable is now set in the environment for use with subsequent calls.
Ctrl+click the link to see the QR code. Scanning the QR should open the specified URL on your phone.
The result from this request provides a URL with its own JWT token, which will expire.
Get a new token by calling Get QR by id.
curl -X POST https://apitest.vipps.no/qr/v1/merchant-redirect \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H 'Idempotency-Key: YOUR-IDEMPOTENCY-KEY' \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
-d '{
"redirectUrl": "https://example.com/mywebshop",
"id": "UNIQUE-QR-ID"
}'
Enter the returned link into a browser. It will show the QR code. Scanning the QR should open the specified URL on your phone.
The result from this request provides a URL with its own JWT token, which will expire.
Get a new token by calling
GET:/qr/v1/merchant-redirect/{qr-id}.
Relevant examples:
- Static QR directing to the merchant site for payment
- Static QR directing to the merchant site for product selection
One-time payment QR
A one-time payment QR (also called dynamic QR) is connected to a payment. When the user scans this QR with their phone, the Vipps app will open and present them with the payment request.
If you are using the ePayment API in your solution, you do not need to use the QR API. See Dynamic QR directing to the app for payment for an example.
Legacy method for eCom API
Create a payment and get the unique payment reference.
- curl
- Postman
Send request "Initiate Payment"
The orderId and vippsLandingPageUrl variables are now in the environment of this Postman example.
curl -X POST 'https://apitest.vipps.no/ecomm/v2/payments/' \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H 'Idempotency-Key: YOUR-IDEMPOTENCY-KEY' \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
-d '{
"customerInfo": {
"mobileNumber": "12345678"
},
"merchantInfo": {
"merchantSerialNumber": "123456",
"callbackPrefix":"https://example.com/vipps/callbacks-for-payment-update-from-vipps",
"fallBack": "https://example.com/vipps/fallback-result-page-for-both-success-and-failure/acme-shop-123-order123abc",
},
"transaction": {
"amount": 49900,
"orderId": "UNIQUE-PAYMENT-REFERENCE",
"transactionText": "One pair of socks.",
}
}'
Note that orderId must be unique for each payment you create.
Take note of the URL that is returned in the response body and provide it in the POST:/qr/v1 request to generate the one-time payment QR.
- curl
- Postman
Send request "Generate OTP QR"
This supplies vippsLandingPageUrl to
POST:/qr/v1
to provide a URL that can be used to show a QR code.
Ctrl+click the link to see the QR code. Scanning the QR should open the test app on your phone and allow you to complete the one-time purchase.
curl -X POST 'https://apitest.vipps.no/qr/v1' \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
-d '{
"url": "https://apitest.vipps.no/dwo-api-application/v1/deeplink/vippsgateway?v=2&token=eyJraWQiOiJqd3RrZXkiLCJhbGciOiJSUzI1NiJ<truncated>"
}'
Next steps
See the QR API guide to read about the concepts and details.