Skip to main content

ePayment PSP API changelog

note

This page covers ePayment API changes that are specific to PSP integrations. There may be additional changes that apply to all ePayment API integrations — see the ePayment API changelog.

June 2026​

  • softDeclineCompletedRedirectUrl is now a required field in the PSP card callback request. PSPs implementing the card passthrough callback must include this field.

May 2026​

  • Added the PSP card callback endpoint specification for PSP card passthrough payments. Vipps MobilePay POSTs card details to your cardCallbackUrl; your server must respond with the authorization result within 20 seconds.
    • The request body (CardCallbackRequest) includes pspReference, authorizationAttemptId, merchantSerialNumber, amount, softDeclineCompletedRedirectUrl, and cardInfo.
    • cardInfo contains maskedCardNumber, cardType, cardIssuedInCountryCode, cardDataType, and either a networkToken object or encryptedPan string depending on cardDataType.
    • The response (CardCallbackResponse) must have a status of RESERVE, SOFT_DECLINE, or FAIL, with corresponding required fields (networkTransactionReference, softDeclineUrl, or errorCode/errorMessage).
    • Callback requests are authenticated using HMAC-SHA256 signed with the PSP's client_secret. Verify the Authorization, X-Vipps-Authorization, x-ms-date, and x-ms-content-sha256 headers.

March 2026​

  • Added PSP support via the new CARD_PASSTHROUGH payment method type. PSPs can now create payments where the user's card token is sent to a PSP-controlled callback URL for processing. This requires:
    • paymentMethod.type set to CARD_PASSTHROUGH
    • A new cardPassthrough object in the create payment request body, specifying the callback URL, allowed card types, and optionally a public encryption key ID for receiving encrypted PANs
    • The Psp-Id header on all requests
    • See ePayment PSP API guide for details.