API keys
API keys authenticate your API requests to Vipps MobilePay.
| Key type | Description |
|---|---|
| Merchant keys | Standard API keys provided to a merchant, allowing access to their sales unit. Used by merchants and sometimes by partners acting on a merchant's behalf. |
| Partner keys | Elevated API keys provided to large partners, allowing access to all their merchants' sales units. Used by partners acting on behalf of all their merchants. |
| Accounting keys | Specialty keys provided to accounting partners, giving them access to the Report API for one of their merchants' sales units. |
| Merchant-level keys | Specialty keys provided to Donations product users, allowing them to review their donations proceeds. |
The key type you need depends on your role:
- Merchants
- Partners
- Donations
You will use "normal API keys", or Merchant keys. These are unique for each sales unit.
You will usually use your Partner keys — see API keys for partners.
Accounting partners will use Accounting keys for access to the Report API only.
Partners may occasionally use merchant keys on behalf of a single merchant.
Donations product users — see Merchant-level keys
Getting the API keys
- Merchants
- Partners
- Donations
Log in to the business portal and follow these steps:
-
Click For developers in the sidebar. You should see a list of sales units. Select Test or Production.
-
Find your sales unit and click Show keys. A panel opens where you can copy each key value.
-
Also copy the Merchant Serial Number (MSN) — you will need it in API requests.
Screenshot: API keys panel for sales unit showing four key fields: client_id, client_secret, Ocp-Apim-Subscription-Key (primary), and Ocp-Apim-Subscription-Key (secondary). Each has a Regenerate button. A note explains the primary and secondary keys are interchangeable.
If you accidentally expose your API keys, regenerate them immediately.
For more information, see about the business portal.
Partners use different key types depending on their role and the APIs they need to access. See API keys for partners for a full overview of partner key types and how to get them.
If you can't use partner keys, you have two options:
- Ask the merchant to securely send their keys to you.
- If the merchant can't share keys securely, they can add a portal user for you with Assistant access, so you can log in and retrieve the keys yourself.
If you compromise your partner keys, contact the partner team immediately.
The Donations product uses merchant-level keys rather than sales unit keys.
See merchant-level keys for details on how to find these.
Production and test keys
As a merchant, you will need two separate sets of keys — one for testing and one for production. Each set is tied to a specific sales unit and can only be used for that unit. If you have multiple sales units, you will have a separate set of keys for each one.
- Test environment: Keys are normally available a few minutes after the sales unit is created. See How to create a test sales unit for details.
- Production environment: Keys are normally available a few days after application, depending on workload and whether we need additional information.
API keys are sensitive information, so handle them carefully:
- Vipps MobilePay will never ask for your API keys.
- If you need to share keys with a colleague, always use encrypted email or a secure secret manager. If keys can't be moved securely, you can create a portal user for that person and give them basic access to the sales unit.
- If you accidentally expose your API keys, regenerate them immediately:
- Merchants: Click the Regenerate button on your sales unit page in the business portal. See How to regenerate API keys for step-by-step instructions.
- Partners: For partner-level keys, contact the partner team. For merchant keys, the merchant must regenerate them via the business portal.
- Update your integrations after regenerating keys so they continue to work.
API key details
The key names you receive depend on which authentication method your key type uses.
Merchant keys and partner keys (standard authentication) include four values:
| API Key Name | Description | Format | Example |
|---|---|---|---|
client_id | Client ID for the sales unit (the "username") | GUID | 00000000-0000-0000-0000-000000000000 |
client_secret | Client secret for the sales unit (the "password") | Base64 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== |
Ocp-Apim-Subscription-Key (primary) | Subscription key for the API product | Hex | 00000000000000000000000000000000 |
Ocp-Apim-Subscription-Key (secondary) | Interchangeable with the primary key | Hex | 00000000000000000000000000000000 |
The primary and secondary Ocp-Apim-Subscription-Key values are interchangeable. Having two lets you rotate one without downtime while the other remains active.
Accounting keys and Donations merchant-level keys (specialized authentication) use only client_id and client_secret — there is no subscription key.
You use client_id and client_secret with the Access Token API to get an access token for subsequent API requests.
The same merchant keys work across all integration types — direct API, mobile apps, point of sale, and plugins.
The Merchant Serial Number (MSN) is not an API key, but you will need it in many API requests. You can find it in the same place as your API keys in the business portal.
Related pages
- Partners: See API keys for partners for the full overview of partner key types.