Quick start

This guide takes you through the essential Login API requests. This can be helpful to you when getting started and implementing your Login checklist.

Explore the other pages of this API guide for more details about each endpoint and to learn about special features.

Before you begin

Test sales unit configuration

Your test sales unit must be set up for using login. See How to set up login on your sales unit.

API keys

If you're new to the platform, see Getting started for information about API keys, product activation, and the test environment.

The provided example values in this guide must be changed with the values for your sales unit and user. This applies for API keys, HTTP headers, reference, phone number, etc

Integrate from a website

The provided example values in this guide must be changed with the values for your sales unit and user. This applies for API keys, HTTP headers, reference, phone number, etc.

Step 1 - Setup

You will need the following values (How to find the API keys):

• client_id - Client_id for a test sales unit.
• client_secret - Client_secret for a test sales unit.
• Ocp-Apim-Subscription-Key - Subscription key for a test sales unit.
• merchantSerialNumber - The unique ID for a test sales unit.
• internationalMobileNumber - The MSISDN for the test app profile you have received or registered. This is your test mobile number including country code.
• redirect_uri - The website to send the user to after they log in. This must be exactly the same redirect URI as the one you specified on your sales unit on portal.vippsmobilepay.com. For help, see Portal: How to set up login on your sales unit.

curl

warning

🔥 Do not store production keys in the Postman cloud. 🔥

To prevent your sensitive data and credentials from being synced to the Postman cloud, store them in the Current Value fields of your Postman environment.

Open Postman and do the following:

1. Import the following files:

   • Login API Postman collection
   • Global Postman environment

2. Select to use the imported global environment.

3. In the global environment, update only the Current Value field with your own values for the following:

   • client_id
   • client_secret
   • Ocp-Apim-Subscription-Key
   • merchantSerialNumber
   • internationalMobileNumber
   • well-known_uri
   • redirect_uri

Postman

No additional setup needed :)

Step 2 - Get OIDC well-known endpoint

Get configuration information for OpenID Connect clients by using OpenID configuration endpoint.

curl

Send Get OIDC well-known

Postman

curl -X GET https://apitest.vipps.no/access-management-1.0/access/.well-known/openid-configuration \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \

The URL of the OpenID Provider's OAuth 2.0 Authorization Endpoint is provided in the response.

Step 3 - Log in

Log the user in by using OpenID Connect.

Partners

Partners, here you should use the MSN of the target sales unit instead of your client ID.

curl

In your active Postman environment, copy the value of key start_login_uri and paste it into the address field of any browser.

Postman

Compose the URI in this format (OAuth 2.0 Authorize):

https://apitest.vipps.no/access-management-1.0/access/oauth2/auth?client_id=YOUR-CLIENT-ID&response_type=code&scope=openid%20name%20phoneNumber%20address%20birthDate&state=8652682f-ba1d-4719-b1ec-8694ba97bde7&redirect_uri=http://localhost

Paste the URL into the address field of any browser.

Finish the login. If you have not yet consented to sharing your user information, a new screen will be presented in the app requesting your consent.

If you have already completed this process and selected Remember me in browser earlier, this will take you straight to the redirect URL.

Step 4 - Get token

On the redirect URL page, copy the code value out from the address field in the URL.

curl

Paste the code into the key code in the active Postman environment and then get the token.

Send request "Get token"

Postman

Use the code and client credentials in the following command. The client credentials is a base64-encoded string consisting of the client_id and client_secret issued by Vipps.

Example in JavaScript:

const clientId = "123456-test-4a3d-a47c-412136fd0871"
const clientSecret = "testdzlJbUZaM1lqODlnUUtrUHI="

const combinedString = `${clientId}:${clientSecret}`;
const clientCredentials = Buffer.from(combinedString, 'utf8').toString('base64');

curl -X POST https://apitest.vipps.no/access-management-1.0/access/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic {client_credentials}' \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=THE CODE FROM THE URL' \
--data-urlencode 'redirect_uri=http://the-exact-redirect-uri-configured-on.portal.vippsmobilepay.com'

note

The POST:/access-management-1.0/access/oauth2/token endpoint uses Basic authentication for merchants, and Bearer for partners using partner keys.

Copy the access token from the response.

Step 5 - (Optional) Get userinfo

Send request Get Userinfo. This uses GET:/vipps-userinfo-api/userinfo/.

Use the access token from the previous step.

curl

Send request "Get userinfo"

Postman

curl -X GET https://apitest.vipps.no/vipps-userinfo-api/userinfo/ \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR-ACCESS-TOKEN" \
-H "Ocp-Apim-Subscription-Key: YOUR-SUBSCRIPTION-KEY" \
-H "Merchant-Serial-Number: YOUR-MSN" \
-H "Vipps-System-Name: acme" \
-H "Vipps-System-Version: 3.1.2" \
-H "Vipps-System-Plugin-Name: acme-webshop" \
-H "Vipps-System-Plugin-Version: 4.5.6" \

Next steps

Complete the required Login checklist to integrate the API into your software.