Getting started
To implement MobilePay Online, the first step is to secure an agreement. Simply fill out the PSP partner form to get started.
Once the agreement is signed, you'll gain access to our test environment, where you can start testing the API and ensure everything runs smoothly.
Testing MobilePay Onlineโ
MobilePay Online uses a different security solution than our other Vipps MobilePay APIs.
Already have test credentials or partner keys? You'll need new ones for MobilePay Onlineโjust request new credentials.
-
Credentials: During onboarding, you'll get a client ID and client secret for testing, plus a test user. Need new credentials? Email us at developer@vippsmobilepay.com and let us know if you need a Danish or Finnish test user.
-
Endpoints: All test endpoints are listed in the MobilePay Online API specification.
-
Test app: Download and login instructions for the test app are on our test apps page.
Note: You can't add your own cards to test users. Instead, use magic numbers for testing EMVCo tokens.
PublicKeyโ
You must supply two PublicKeys for Card encryption: The RSA public key should be provided as X.509 SubjectPublicKeyInfo
(using ASN.1 DER Encoding) represented in PEM encoding (use PEM file extension).
The public key must have a length of 4096 bits.
You must clearly state in the file name which one is for Sandbox and which is for Production.
Naming template for public key: {integratorname}-{environment}-public
Example for sandbox: company-sandprod-public
Example for production: company-prod-public
Please send the PublicKeys in a ZIP-file.
We will register the keys and supply you with a PublicKeyId
to be used when initiating payments.
Please note that if a public key is unused for 6 months, we will delete it. If this happens you must supply a new public key.
Public key for encrypted PAN callback payload decryptionโ
A callback will be made on the encryptedPanCallbackUrl
when using Card data callback.
For testing in the sandbox:
- The response from the encrypted PAN callback will be a valid, encrypted payload for an RSA2048 key
- Decrypt the response with the following: sandbox private test key
Magic numbers for EMVCo Tokensโ
It is not possible to add payment cards in the test app.
Any request to the PSP API will return a Visa Token. However, this can be changed
by setting the amount in the init
request.
No matter what is selected in the app,
the token returned by the MakePayment
request will be:
Amount Value (minor currency unit) | Token Number | Expiry | Cryptogram |
---|---|---|---|
2200 | 5226603115488031 | 05/25 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
3100 | Emulates Card not eligible | ||
3200 | 4111111111111111 | 03/30 | uxToh3Ep6gsR8AAkvZALN19Iz34= |
4200 | 4895370013193500 | 03/30 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
4300 | 5226603115488031 | 03/30 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
4400 | 4895370012792682 | 12/22 | AgAAAAAAAIR8CQrXSohbQAAAAAA= |
5100 | 4268270087302871 | 09/24 | AgAAAAAAAIR8CQrXSohbQAAAAAA= |
5200 | 5413330089010442 | 12/25 | AgAAAAAAAIR8CQrXSohbQAAAAAA= |
5300 | 4895370013193500 | 03/30 | /wAAAAwAUkMTObMAAAAAgS0AAAA== |
All other amounts | 4895370013193500 | 05/30 | AlhlvxmN2ZKuAAESNFZ4GoABFA== |
For instance:
"amount": 3100,
Will emulate a card that is not eligible.
PAN test cardโ
"amount": 5400
will result in a card data callback
with an encrypted VISA-DEBIT
PAN.
"amount": 3100
which emulates Card not eligible will fall back to PAN and also result in a
card data callback.
Test options for merchantsโ
Testing is managed by the Payment Service Provider (PSP); merchants cannot test directly with MobilePay. As a PSP, you have two options for enabling merchant testing:
-
Perform tests using the test API
- To enable this, you must provide your merchants with the test user credentials supplied during onboarding.
- Your merchants can perform tests either by using the test app or by utilizing the Force Approve endpoint.
- As a platform provider, it is your responsibility to guide and support your merchants in using these tools.
-
Perform tests using the production API
- To perform tests in the production environment, you may either create a dedicated
merchantId
for test payments or allow merchants to use their ownmerchantId
. - Merchants must use the production MobilePay app, available from the App Store or Google Play, along with a production user account.
- Please ensure that all test payments are cancelled before completion to avoid processing actual transactions.
- To perform tests in the production environment, you may either create a dedicated