Getting started
To implement MobilePay Online, the first step is to secure an agreement. Simply fill out the PSP partner form to get started.
Once the agreement is signed, you'll gain access to our test environment, where you can start testing the API and ensure everything runs smoothly.
Testing MobilePay Online
MobilePay Online uses a different security solution than our other Vipps MobilePay APIs.
Already have test credentials or partner keys? You'll need new ones for MobilePay Online—just request new credentials.
-
Credentials: During onboarding, you'll get a client ID and client secret for testing, plus a test user. Need new credentials? Email us at developer@vippsmobilepay.com and let us know if you need a Danish or Finnish test user.
-
Endpoints: All test endpoints are listed in the MobilePay Online API specification.
-
Test app: Download and login instructions for the test app are on our test apps page.
Note: You can't add your own cards to test users. Instead, use magic numbers for testing EMVCo tokens.
PublicKey
You must supply two PublicKeys for Card encryption: The RSA public key should be provided as X.509 SubjectPublicKeyInfo
(using ASN.1 DER Encoding) represented in PEM encoding (use PEM file extension). The public key must have a length of 4096 bits.
You must clearly state in the file name which one is for Sandbox and which is for Production.
Naming template for public key: {integratorname}-{environment}-public
Example for sandbox: company-sandprod-public
Example for production: company-prod-public
Please send the PublicKeys in a ZIP-file. We will register the keys and supply you with a PublicKeyId to be used when initiating payments.
Please note that if a public key is unused for 6 months, we will delete it. If this happens you must supply a new public key.
Public key for encrypted PAN callback payload decryption
A callback will be made on the encryptedPanCallbackUrl when using Card data callback.
For testing in the sandbox:
- The response from the encrypted PAN callback will be a valid, encrypted payload for an RSA2048 key
- Decrypt the response with the following: sandbox private test key
Magic numbers for EMVCo Tokens
It is not possible to add payment cards in the test app. Any request to the PSP API will return a Visa Token. However, this can be changed
by setting the amount in the init request.
No matter what is selected in the app,
the token returned by the MakePayment request will be:
| Amount Value (minor currency unit) | Token Number | Expiry | Cryptogram |
|---|---|---|---|
| 2200 | 5226603115488031 | 05/25 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
| 3100 | Emulates Card not eligible | ||
| 3200 | 4111111111111111 | 03/30 | uxToh3Ep6gsR8AAkvZALN19Iz34= |
| 4200 | 4895370013193500 | 03/30 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
| 4300 | 5226603115488031 | 03/30 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
| 4400 | 4895370012792682 | 12/22 | AgAAAAAAAIR8CQrXSohbQAAAAAA= |
| 5100 | 4268270087302871 | 09/24 | AgAAAAAAAIR8CQrXSohbQAAAAAA= |
| 5200 | 5413330089010442 | 12/25 | AgAAAAAAAIR8CQrXSohbQAAAAAA= |
| 5300 | 4895370013193500 | 03/30 | /wAAAAwAUkMTObMAAAAAgS0AAAA== |
| All other amounts | 4895370013193500 | 05/30 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
For instance:
"amount": 3100, Will emulate a card that is not eligible.
PAN test card
"amount": 5400 will result in a card data callback with an encrypted VISA-DEBIT PAN.
"amount": 3100 which emulates Card not eligible will fall back to PAN and also result in a card data callback.
Test options for merchants
Testing is handled by the Payment Service Provider (PSP)—merchants can't test directly with MobilePay. As a PSP, you have two options for enabling merchant testing:
-
Perform tests using the test API
To do this, you must supply your merchants with the test user that we have gave you during onboarding. Your merchants can either use the test app, or the Force Approve endpoint. It is your responsibility to instruct and support merchants in the use of these.
-
Perform tests using the production API
To perform tests in production, you can either create a
merchantIdused only for test payments, or merchants can test using their ownmerchantId. To do this, merchants must use the production MobilePay app downloaded through App store or Google Play and a production user. All payments should be cancelled to ensure that not transactions are completed.