API keys
API keys are unique for each sales unit and provide authentication for doing payment operations with the sales unit. These are like passcodes that confirm your identity and that your API request is valid.
If you are a partner, please use your partner keys. For details, see the Partner keys guide.
If you use Vipps MobilePay number, there are no API keys required.
Production and test keysβ
The API keys are linked to a specific test sales unit and can only be used for this unit.
The test environment and production environments are completely separate. You will, therefore, need to use a different set of API keys for the test environment versus the production environment.
- API keys for the test environment: Normally available a few minutes after the sales unit is created. See How to create a test sales unit for details.
- API keys for the production environment: Normally available after a few days after application, depending on the workload and whether we need additional information.
Getting the API keysβ
You can find the API keys for your test or production sales unit in the business portal, portal.vippsmobilepay.com. If you need help logging in, see the business portal help guide.
-
Go to For developers in the sidebar. (If you donβt see this, tell your Administrator that you need Developer access).
-
In the API keys tab, select either Production or Test, depending on your sales unit type.
-
Find the sales unit in the table.
-
Click the corresponding Show keys button. A panel will open where you can copy the values of each key.
API keys are sensitive information, so handle them carefully:
- Vipps MobilePay will never ask for your API keys, and you must keep them secret.
- Always send API keys by encrypted email.
- Merchants: If you accidentally share your API keys, you must generate new ones by clicking the regenerate button on your portal.vippsmobilepay.com page.
- Partners: For keys other than merchant API keys, contact the partner team. For merchant keys, the merchant needs to generate new ones on the portal.
- Update your integrations, so they will continue working.
If you need to transfer the API keys to someone, be sure to do it securely. If they can't be moved securely, you can create a portal user for that person and give them basic access to the sales unit.
A Vipps MobilePay partner should use Partner keys, and not the merchant keys. If a partner can't get partner keys, there are two solutions:
- The merchant can download the API keys and send them to the partner securely.
- If the merchant is unable to provide the API keys to the partner securely, they can add a production user for the partner and give them Assistant access. Then, the partner can log in to the portal and download the API keys.
API key detailsβ
The keys are:
| API Key Name | Description | Format | Example |
|---|---|---|---|
client_id | Client ID for the sales unit (the "username") | GUID | fb492b5e-7907-4d83-bc20-c7fb60ca35de |
client_secret | Client secret for the merchant (the "password") | Base64 | Y8Kteew6GE3ZmeycEt6egg== |
Ocp-Apim-Subscription-Key (primary) | Subscription key for the API product | Base64 | 0f14ebcab0eb4b29ae0cb90d91b4a84a |
Ocp-Apim-Subscription-Key (secondary) | Subscription key for the API product | Base64 | 0f14ebcab0eb4b29ae0cb90d91b4a84a |
The client_id and client_secret are used with the
Access token API
to get an access token to use for all subsequent API requests.
There is both a primary and secondary Ocp-Apim-Subscription-Key and these are interchangeable:
You can use either one, they both work in the same way.
Having two active keys enables you to
regenerate one subscription key, while still using the other key, without downtime.
If you want, you can just ignore the second key.
The same API keys are used for many types of integration: Direct integration, native apps for iOS and Android, point of sale integrations, all the Vipps MobilePay plugins and any other solution based on the APIs.
The Merchant Serial Number is not an API key, but it is an important value that you will also use in several API requests. This is a unique identifier that is defined when a sales unit is created. You can also find it here, in the same place as the API keys.