Frequently asked questions
Here are the profile sharing and Userinfo API Frequently Asked Questions (FAQ).
What is the sub?
The sub is a unique identifier for a user and relates to their consent to share information.
For technical details, see API Guide: Sub.
Why can I get userinfo after the user has revoked consent?
For the payment session only, there may be some delay in consent revocation.
To better support merchants that do not handle online fetching and processing of the user info as part of a payment session, we keep this information accessible for the merchant for the next 168 hours. The data will be available even if the user revokes the consent in this period. Revoking consents will immediately affect future login and payment sessions.
For technical details, see:
How can I get updated information, like addresses, for a user?
You can request that the user shares their Vipps MobilePay information with you (e.g., address) through a payment request or a login request.
If they consent to sharing the information, you can then retrieve it through the Userinfo API. You must save this information and handle everything according to GDPR.
- For a payment session, the user information is available for 168 hours (1 week) after the request.
- For login sessions, the user information is available for ~10 minutes after the request.
For technical details, see:
How can we detect users' consent removal?
Or: How can our system dynamically "know/find out" if the user has revoked the consent for us to have access to his/her personal data in our system?
Your system can dynamically detect when a user's consent has been revoked by using the Login API's Revoke consent webhooks.
Who can get access to NIN and how?
Only merchants with legal requirements or other objective needs for using the NIN to achieve the required user identification can get access to NIN. We comply with local applicable laws as well as guidance from the Norwegian Data Protection Authority, Datatilsynet, and other relevant local authorities.
Access to the nin scope through the Login API is a paid service. For details, see the Login API guide.
Can we fetch the user data after the time-limit?
User data must be fetched within the specified time limit as described in time-limits. Once the time limit has expired, it is no longer possible to retrieve user data through the API. For privacy reasons, Vipps MobilePay cannot provide user data manually after the expiration of the time limit, as user consent does not cover such actions.