Vipps Login API (1.1.0)
Download OpenAPI specification:Download
See the API Guide for more information. For the userinfo endpoint, see Vipps Userinfo API.
OpenID configuration endpoint
The well-known endpoint can be used to retrieve configuration information for OpenID Connect clients. To learn more about this endpoint, please refer to the specification at https://openid.net/specs/openid-connect-discovery-1_0.html
header Parameters
| Vipps-System-Name | string <= 30 characters Example: Acme Commerce The name of the solution. One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Version | |
| Vipps-System-Plugin-Name | string <= 30 characters Example: acme-webshop The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Plugin-Version | string <= 30 characters Example: 4.3 The version number of the ecommerce plugin (if applicable). See HTTP headers. |
Responses
Response samples
- 200
- 401
- 500
{- "claims_parameter_supported": false,
- "claims_supported": [
- [
- "sub"
]
], - "grant_types_supported": [
- [
- "openid",
- "name",
- "phoneNumber",
- "address",
- "birthDate",
- "email"
]
], - "id_token_signing_alg_values_supported": [
- [
- "RS256"
]
], - "request_parameter_supported": true,
- "request_uri_parameter_supported": true,
- "require_request_uri_registration": true,
- "response_modes_supported": [
- [
- "query"
]
], - "response_types_supported": [
- [
- "code"
]
], - "scopes_supported": [
- [
- "openid",
- "address",
- "name",
- "email",
- "phoneNumber",
- "nnin",
- "birthDate"
]
], - "subject_types_supported": [
- [
- "pairwise"
]
], - "token_endpoint": "string",
- "token_endpoint_auth_methods_supported": [
- [
- "client_secret_basic",
- "client_secret_post"
]
]
}The OAuth 2.0 authorize endpoint
The resource owner (end user) is redirected to this endpoint at the beginning of the authentication process, and it is used to obtain an authorization grant. To learn more about this endpoint please refer to the specification at https://tools.ietf.org/html/rfc6749#section-3.1
header Parameters
| Vipps-System-Name | string <= 30 characters Example: Acme Commerce The name of the solution. One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Version | |
| Vipps-System-Plugin-Name | string <= 30 characters Example: acme-webshop The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Plugin-Version | string <= 30 characters Example: 4.3 The version number of the ecommerce plugin (if applicable). See HTTP headers. |
Responses
The OAuth 2.0 token endpoint
The token endpoint is used by the client to obtain an access token by presenting its authorization grant. To learn more about this endpoint please refer to the specification at https://tools.ietf.org/html/rfc6749#section-3.2
Authorizations:
header Parameters
| Merchant-Serial-Number | string Example: 123456 This is a required parameter if you are a partner making API requests on behalf of a merchant. The partner must use the merchant's MSN, not the partner's MSN. |
| Vipps-System-Name | string <= 30 characters Example: Acme Commerce The name of the solution. One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Version | |
| Vipps-System-Plugin-Name | string <= 30 characters Example: acme-webshop The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Plugin-Version | string <= 30 characters Example: 4.3 The version number of the ecommerce plugin (if applicable). See HTTP headers. |
Request Body schema: application/x-www-form-urlencoded
| grant_type required | string Value MUST be authorization_code. |
| code required | string The authorization code received from the authorization server as a query param on the redirect_uri. |
| redirect_uri required | string The redirect URL which the user agent is redirected to after finishing a login. If the URL is using a custom URL scheme, such as myapp://, a path is required: myapp://path-to-something. The URL must be exactly the same as the one specified on portal.vipps.no. Be extra careful with trailing slashes and URL-encoded entities. |
| client_id | string The |
| client_secret | string The |
| code_verifier | string Required if PKCE, https://tools.ietf.org/html/rfc7636, is used. |
Responses
Response samples
- 200
- 401
- 500
{- "access_token": "shxuQPSLpKAiBrgD-HPbgDWc3RHzcXq3skcydKwRroo.Y5aH3PavJkZnSq5dffj8AmKVE-SdwRcbKhUKkmqimoQ",
- "expires_in": 3599,
- "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo2ZjIxMTlkZS03ZWY4LTQ0NDQtYjNkYy1lNDNiYWY2MDUwMGYifQ.eyJhdF9oYXNoIjoiUGpLVVQ0VUpFYkZWY05MempyOVppQSIsImF1ZCI6WyJlZGRkYjMyZi01MDI4LTQzOTctYjBhYi1lOGVjZjIxOGZkYzIiXSwiYXV0aF90aW1lIjoxNjQzMTIwMjA0LCJleHAiOjE2NDMxMjM4MDUsImlhdCI6MTY0MzEyMDIwNSwiaXNzIjoiaHR0cHM6Ly9lY2U0NmVjNC02ZjljLTQ4OWItOGZlNS0xNDZhODllMTE2MzUudGVjaC0wMi5uZXQvYWNjZXNzLW1hbmFnZW1lbnQtMS4wL2FjY2Vzcy8iLCJqdGkiOiI1MzM2NzJlYi1lY2M0LTQ0OTQtYjM4NS02NWY2MGJkMTk1YTciLCJub25jZSI6IjU4OTU0MTFlLWU5MzAtNDMyYS05ZWIzLWQzYTAzODhlMWIzOSIsInJhdCI6MTY0MzEyMDAwNywic2lkIjoiYWJlMjIzOTUtZThkNC00ODFlLThjZDItNTU0YmYwOWY0MzJmIiwic3ViIjoiNjNkODMwM2YtNDFkNS00MTUwLTllMzMtMGEzOWVkODE4NTZjIn0.Nejx0nIAPhGjDAOKIpLUVK2bcfTmUr7JfKU8V_7SHUdLGFjSHmDSXkAqYIL_oFXmTQsBrVXTQO-yjL6WGpR5nrpYPHzpY7hMUj00VQ1KTd9gwoMk6uBDvXAnSN7O-cNqC0ehZAlZ6ofR9TwDn03fhS1UcxhLnFq9phzxKD4q7EgBkHOQiwv90M8ZvrZMqdwtdjqIOABks0tVcYlQFKKDDrij0Df90vrFR-coAZeXJzRGsMUivvZlkwlYEQAlTx2BxBT2WqJr407DX-W0k0mj7QPnPQNV-0qT0VLJ6liUwFUi6MQrQ01yosrHwrmwY-0f_GwDDSPp4HizkTmT_CecQy9CLsbnASrcBurpLvjl9bfxXiYtZvvDlxyoyjMd05z94MmuADvM-nIWztKHIbU4ez6qRS1uyMPN2P9-_wzD7Tj2RCrAfSHlgTrx-grhqdkIqcVKdx8RVj5cmmbLDsmgfwLdM0m5Z_QYmctxq7TsLWm0x2A2-rbxlAma5USRDfPpzWBwbZDbJygXEIccGUwgG7SK6XHeTblHmgz87Tx7yfqTw9YSYbzxjnCCBwCXlKUUcHOLMRF_L0BwTBaNaFtYfgc5ne68Ej0V2Mz_BodR3OpRnukTdb1_nXAbDs4JiKhM22aR3R7qopAUnhUAFbde2q1sfwGr-b21a4NgEaWtFwk",
- "token_type": "bearer",
- "scope": "openid name phoneNumber address birthDate email"
}JSON Web Keys Discovery
This endpoint returns JWK (JSON Web Keys) to be used as public keys for verifying OpenID Connect ID Tokens and, if enabled, OAuth 2.0 JWT (JSON Web Token, the access token).
header Parameters
| Vipps-System-Name | string <= 30 characters Example: Acme Commerce The name of the solution. One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Version | |
| Vipps-System-Plugin-Name | string <= 30 characters Example: acme-webshop The name of the plugin (if applicable). One word in lowercase letters is good. See HTTP headers. |
| Vipps-System-Plugin-Version | string <= 30 characters Example: 4.3 The version number of the ecommerce plugin (if applicable). See HTTP headers. |
Responses
Response samples
- 200
- 500
{- "keys": [
- {
- "alg": "RS256",
- "crv": "P-256",
- "d": "T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE",
- "dp": "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",
- "dq": "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",
- "e": "AQAB",
- "k": "GawgguFyGrWKav7AX4VKUg",
- "kid": "1603dfe0af8f4596",
- "kty": "RSA",
- "n": "vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0",
- "p": "6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ",
- "q": "0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ",
- "qi": "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
- "use": "sig",
- "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
- "x5c": [
- "string"
], - "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"
}
]
}