Skip to main content

Authentication

Vipps MobilePay API requests must include the Authorization header with a JSON Web Token (JWT), which we call the access token.

To get an access token, first you need to have API keys. Get your API keys, as described in API keys.

note

Partners should use Partner keys.

Get your access token by calling POST:/accesstoken/get and including the client_id, client_secret and Ocp-Apim-Subscription-Key headers.

For example:

curl -X POST 'https://apitest.vipps.no/accesstoken/get' \
-H "Content-Type: application/json" \
-H 'client_id: YOUR-CLIENT-ID' \
-H 'client_secret: YOUR-CLIENT-SECRET' \
-H 'Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY' \
-H 'Merchant-Serial-Number: YOUR-MSN' \
-H 'Vipps-System-Name: acme' \
-H 'Vipps-System-Version: 3.1.2' \
-H 'Vipps-System-Plugin-Name: acme-webshop' \
-H 'Vipps-System-Plugin-Version: 4.5.6' \
--data ''

Replace the value of the Vipps-System headers with your own values. See HTTP headers for more details.

note

When a partner uses partner keys for requests that are not for a specific merchant, the Merchant-Serial-Number can be omitted.

Many of these headers are optional during testing, but you should include them in your integration, so that error information can be found in the logs.

See the Access Token API Guide for more details about the parameters and responses.

Help us improve our documentation

Did you find what you were looking for?