Quick start
This guide takes you through the essential Login API requests.
Before you begin​
Sign up as an organization with Vipps MobilePay and get your API keys:
client_id- Client_id for a test sales unit.client_secret- Client_secret for a test sales unit.Ocp-Apim-Subscription-Key- Subscription key for a test sales unit.merchantSerialNumber- The unique ID for a test sales unit.
If you're new to the platform, see Getting started for information about API keys, product activation, and the test environment.
The provided example values in this guide must be changed with the values for your sales unit and user. This applies for API keys, HTTP headers, reference, phone number, etc.
Your test sales unit must be set up for using login. See How to set up login on your sales unit.
Step 1 - Setup​
You will need the following values (How to find the API keys):
client_id- Client_id for a test sales unit.client_secret- Client_secret for a test sales unit.Ocp-Apim-Subscription-Key- Subscription key for a test sales unit.merchantSerialNumber- The unique ID for a test sales unit.internationalMobileNumber- The MSISDN for the test app profile you have received or registered. This is your test mobile number including country code.redirect_uri- The website to send the user to after they log in. This must be exactly the same redirect URI as the one you specified on your sales unit on portal.vippsmobilepay.com. For help, see Portal: How to set up login on your sales unit.
If using Postman, download the following files and import them into Postman.
Select the global environment as your active environment and update the Current Value field with your own values for the API keys, redirect_uri, and international mobile number. 🔥 Do not store production keys in the cloud. 🔥
Step 2 - Get OIDC well-known endpoint​
Get configuration information for OpenID Connect clients by using OpenID configuration endpoint.
- curl
- Postman
Send Get OIDC well-known
curl -X GET https://apitest.vipps.no/access-management-1.0/access/.well-known/openid-configuration \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
The URL of the OpenID Provider's OAuth 2.0 Authorization Endpoint is provided in the response.
Step 3 - Log in​
Log the user in by using OpenID Connect.
If you are a partner, you should use the MSN of the target sales unit instead of your client ID.
- curl
- Postman
In your active Postman environment, copy the value of key start_login_uri and paste it into the address field of any browser.
Compose the URI in this format (OAuth 2.0 Authorize):
https://apitest.vipps.no/access-management-1.0/access/oauth2/auth?client_id=YOUR-CLIENT-ID&response_type=code&scope=openid%20name%20phoneNumber%20address%20birthDate&state=8652682f-ba1d-4719-b1ec-8694ba97bde7&redirect_uri=http://localhost
Paste the URL into the address field of any browser.
Finish the login. If you have not yet consented to sharing your user information, a new screen will be presented in the app requesting your consent.
If you have already completed this process and selected Remember me in browser earlier, this will take you straight to the redirect URL.
Step 4 - Get token​
On the redirect URL page, copy the code value out from the address field in the URL.
- curl
- Postman
Paste the code into the key code in the active Postman environment and then get the token.
Send request "Get token"
Use the code and client credentials in the following command.
The client credentials is a base64-encoded string consisting of the client_id and client_secret issued by Vipps.
Example in JavaScript:
const clientId = "123456-test-4a3d-a47c-412136fd0871"
const clientSecret = "testdzlJbUZaM1lqODlnUUtrUHI="
const combinedString = `${clientId}:${clientSecret}`;
const clientCredentials = Buffer.from(combinedString, 'utf8').toString('base64');
curl -X POST https://apitest.vipps.no/access-management-1.0/access/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic {client_credentials}' \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=THE CODE FROM THE URL' \
--data-urlencode 'redirect_uri=http://the-exact-redirect-uri-configured-on.portal.vippsmobilepay.com'
The
POST:/access-management-1.0/access/oauth2/token
endpoint uses Basic authentication for merchants, and Bearer for partners using partner keys.
Copy the access token from the response.
Step 5 - (Optional) Get userinfo​
Send request Get Userinfo. This uses GET:/vipps-userinfo-api/userinfo/.
Use the access token from the previous step.
- curl
- Postman
Send request "Get userinfo"
curl -X GET https://apitest.vipps.no/vipps-userinfo-api/userinfo/ \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
Next steps​
Complete the required Login checklist to integrate the API into your software.
