Skip to main content

Authentication and authorization

Before you can use any Vipps MobilePay API, we need to verify your identity and confirm that you have the right to perform the requested action. Your API keys are proof of your identity — keep them secret.

For most APIs, you use your API keys to get a short-lived access token, then include that token in every API request.

  1. Your integration sends a POST /accesstoken/get request with API keys to the Access Token API.
  2. Access Token API returns an access_token, valid for 24 hours.
  3. Your integration sends an API request to the Vipps MobilePay API with the token in the Authorization header.
  4. The API returns a response.

When you're ready to implement, the Access Token API introduction will identify which method applies to you and link you to the quick start guide for your API.

Last updated on