ePayment PSP API changelog
note
This page covers ePayment API changes that are specific to PSP integrations. There may be additional changes that apply to all ePayment API integrations — see the ePayment API changelog.
June 2026​
softDeclineCompletedRedirectUrlis now a required field in the PSP card callback request. PSPs implementing the card passthrough callback must include this field.
May 2026​
- Added the PSP card callback endpoint specification for PSP card passthrough payments. Vipps MobilePay POSTs card details to your
cardCallbackUrl; your server must respond with the authorization result within 20 seconds.- The request body (
CardCallbackRequest) includespspReference,authorizationAttemptId,merchantSerialNumber,amount,softDeclineCompletedRedirectUrl, andcardInfo. cardInfocontainsmaskedCardNumber,cardType,cardIssuedInCountryCode,cardDataType, and either anetworkTokenobject orencryptedPanstring depending oncardDataType.- The response (
CardCallbackResponse) must have astatusofRESERVE,SOFT_DECLINE, orFAIL, with corresponding required fields (networkTransactionReference,softDeclineUrl, orerrorCode/errorMessage). - Callback requests are authenticated using HMAC-SHA256 signed with the PSP's
client_secret. Verify theAuthorization,X-Vipps-Authorization,x-ms-date, andx-ms-content-sha256headers.
- The request body (
March 2026​
- Added PSP support via the new
CARD_PASSTHROUGHpayment method type. PSPs can now create payments where the user's card token is sent to a PSP-controlled callback URL for processing. This requires:paymentMethod.typeset toCARD_PASSTHROUGH- A new
cardPassthroughobject in the create payment request body, specifying the callback URL, allowed card types, and optionally a public encryption key ID for receiving encrypted PANs - The
Psp-Idheader on all requests - See ePayment PSP API guide for details.