Skip to main content

Access token (2.0.0)

Download OpenAPI specification:Download

The Access token API is for requesting an access token, which is a JWT (JSON Web Token).

There are two endpoints:

  1. POST:/accesstoken/get: (Standard authentication) Used by most APIs, and has been in use for several years.
  2. POST:/miami/v1/token: (Partner specialized authentication) for partners with limited, specialized use. Possible expansion in the future.

For POST:/accesstoken/get: The access token must be provided in all API requests, together with the subscription key. The access token is valid for 1 hour in the test environment and 24 hours in the production environment.

For POST:/miami/v1/token: The access token must be provided in all API requests (no subscription key needed). The access token is valid for 15 minutes in both the test environment and the production environment.

See the Access token API guide for more details.

Authorization Service

The primary authorization service for Vipps MobilePay APIs.

Request an access token (JWT bearer token)

This is an authentication endpoint for merchant use. The access token endpoint is used to get the JWT (JSON Web Token) that must be passed in every API request in the Authorization header. The access token is a base64-encoded string value that must be acquired first before making any Vipps MobilePay API calls. The access token is valid for 1 hour in the test environment and 24 hours in the production environment. For more details, see Standard authentication.

header Parameters
client_id
required
string <guid>
Example: fb492b5e-7907-4d83-ba20-c7fb60ca35de

The client_id is available on portal.vippsmobilepay.com, under the Developer section. Think of it as the "username".

client_secret
required
string
Example: Y8Kteew6GE2ZmeycEt6egg==

The client_secret is available on portal.vippsmobilepay.com, under the Developer section. Think of it as the "password". Keep it secret. We will never ask for it, and we don't need it for anything.

Ocp-Apim-Subscription-Key
required
string
Example: da7d5b0e18a84aeda961c0c31b75c2a9

The subscription key for a sales unit. See API keys.

Merchant-Serial-Number
string [ 4 .. 7 ] characters ^[0-9]{4,6}$
Example: 123456

The merchant serial number (MSN) for the sales unit. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit.

Vipps-System-Name
string <= 30 characters
Example: WooCommerce

The name of the ecommerce solution. One word in lowercase letters is good. See http-headers.

Vipps-System-Version
string <= 30 characters
Example: 5.4.0

The version number of the ecommerce solution. See http-headers.

Vipps-System-Plugin-Name
string <= 30 characters
Example: woocommerce-payment

The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See http-headers.

Vipps-System-Plugin-Version
string <= 30 characters
Example: 1.4.1

The version number of the ecommerce plugin (if applicable). See http-headers.

Responses

Response samples

Content type
application/json;charset=UTF-8
{
  • "token_type": "Bearer",
  • "expires_in": 3600,
  • "ext_expires_in": 3600,
  • "expires_on": 1547823408,
  • "not_before": 1547819508,
  • "resource": "00000002-0000-0000-c000-000000000000",
  • "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <truncated>"
}

Token endpoint

A token authorization for partners in certain roles.

Request an access token

This is a token endpoint for partners in certain roles. This is based on OAuth (Open Authorization) and requires only client_id and client_secret. The Ocp-Apim-Subscription-Key is not used. Important: This endpoint will be renamed to /authentication/v1/token later, when the internal technical dependencies are resolved. For more details, see Partner specialized authentication.

header Parameters
Authorization
required
string
Example: Basic OTY1OGY0ZTItMjZhOC00MzQzLTliNzUtNjdhZTkzODAyMzJkOlk4S3RlZXc2R0UyWm1leWNFdDZlZ2c9PQ==

The string 'client_id:client_secret' encoded to Base64 with Basic in front

Request Body schema: application/x-www-form-urlencoded; charset=utf-8
required
grant_type
string
Value: "client_credentials"

Responses

Response samples

Content type
application/json;charset=UTF-8
{
  • "token_type": "Bearer",
  • "expires_in": 900,
  • "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <truncated>"
}