Skip to main content

Getting started

Document version: 3.7.1.

API products

The Vipps-API product gives you access to the majority of Vipps APIs, for example:

  • Checkout API - Provide a complete Checkout solution for both Vipps and card payments with auto-fill and shipping integrations.
  • eCom API - Offer Vipps as a method of payment. Offer a quick checkout option where Vipps is the method of payment and the shipping options are specified directly from the Vipps app. This is also known as Vipps Online (Vipps På Nett) and Vipps Express Checkout (Vipps Hurtigkasse).
  • ePayment API - In combination with Checkout API, apply payments, -This is the new version of eCom API.
  • Login API - Allow the customer to log in by using their Vipps account.
  • Order Management API - Add data to orders.
  • Partner API - Get info about merchants/sale units.
  • PSP API - Initiate PSP payments. Update merchants.
  • QR API - Use QR codes to allow customers to connect to Vipps and purchase from your store.
  • Recurring API - A business or organization can allow their customers to set up recurring payments (e.g., for subscriptions, membership, regular donations, etc.) through Vipps. This is also known as Vipps Faste Betalinger.
  • Report API - Fetch information about payment events that have been processed by Vipps.
  • Access Token API- Required to obtain a JWT.

Please note: API keys are not available for Vippsnummer, as there is no external API.

For an overview of all products, in Norwegian, see vipps.no.

Apply for Vipps services

Apply for vipps services on portal.vipps.no.

You need to have a Norwegian organization number, applications must be signed with Norwegian BankID, you must apply for a Merchant Agreement and order a Vipps service. See Common topics: Requirements for applying for a Vipps service.

As soon as the Merchant Agreement has been approved and a product order is sent, access to the Vipps test environment (MT) will be provided by email to the user associated with the product order.

If you have questions about your application, please check the status on portal.vipps.no or contact customer service.

Please note: If you plan to use Vipps through a PSP, you will have to order the appropriate Vipps solution from the PSP, and have them help you with developer access to their systems.

Get credentials

When your application has been processed, Vipps will send an email informing you that the API keys can be retrieved by logging in with BankID on the Vipps portal (portal.vipps.no).

For details, see:

Permissions and users

For problems logging in to the Vipps Portal, see:

Getting the API keys

See Common topics: API keys for details including:

Test environment

The Merchant Test Environment (MT) is available for all Vipps merchants with API access.

See Developer resources: The Vipps Test Environment (MT) for details including:

Quick overview of how to make an API call

We recommend using the standard Vipps HTTP headers for all requests.

Get an access token

All Vipps API calls are authenticated and authorized with an access token (JWT bearer token) and an API subscription key:

Header NameHeader ValueDescription
AuthorizationBearer <JWT access token>Type: Authorization token. See Get an access token.
Ocp-Apim-Subscription-KeyBase 64 encoded stringThe subscription key for this API. This is available on portal.vipps.no.

All Vipps API requests must include an Authorization header with a JSON Web Token (JWT), which we call the access token.

The access token is obtained by calling POST:/accesstoken/get and passing the client_id, client_secret and Ocp-Apim-Subscription-Key. (We are aware that this is a POST, without a body, to an endpoint with get in the URL, and hope to fix it in a later version of the API. Sorry for the inconvenience.)

Request

Request to POST:/accesstoken/get (including the Vipps HTTP headers):

client_id: fb492b5e-7907-4d83-ba20-c7fb60ca35de
client_secret: Y8Kteew6GE2ZmeycEt6egg==
Ocp-Apim-Subscription-Key: 0f14ebcab0ec4b29ae0cb90d91b4a84a
Merchant-Serial-Number: 123456
Vipps-System-Name: Acme Enterprises Ecommerce DeLuxe
Vipps-System-Version: 3.1.2
Vipps-System-Plugin-Name: Point Of Sale Excellence
Vipps-System-Plugin-Version 4.5.6
HeaderDescriptionExample value
Merchant-Serial-NumberThe MSN for the sale unit123456
Vipps-System-NameThe name of the ecommerce solutionwoocommerce
Vipps-System-VersionThe version number of the ecommerce solution5.4
Vipps-System-Plugin-NameThe name of the ecommerce pluginvipps-woocommerce
Vipps-System-Plugin-VersionThe version number of the ecommerce plugin1.4.1

The client_id, client_secret and Ocp-Apim-Subscription-Key are unique per merchantSerialNumber (MSN, i.e. the number of the sale unit).

Please note: Partners should use partner keys.

Please note: You can have multiple access tokens being used at the same time.

Please note: We are in process of changing the name of the header Ocp-Apim-Subscription-Key to Vipps-Subscription-Key. We will at some point phase out the old name completely, but it is not trivial and will take some time. You may encounter both in the developer documentation, and the actual header name to send is Ocp-Apim-Subscription-Key.

Response

The response from POST:/accesstoken/get is like this:

{
"token_type": "Bearer",
"expires_in": "86398",
"ext_expires_in": "0",
"expires_on": "1495271273",
"not_before": "1495184574",
"resource": "00000002-0000-0000-c000-000000000000",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <snip>"
}

The access_token is the most important part. An explanation of the contents of the access token (the JWT properties):

NameDescription
BearerIt’s a Bearer token. The word Bearer must be added before the token
expires_inToken expiry duration in seconds.
ext_expires_inExtra expiry time. Not used.
expires_onToken expiry time in epoch time format.
not_beforeToken creation time in epoch time format.
resourceFor the product for which token has been issued.
access_tokenThe actual access token that needs to be used in Authorization request header.

Please note: The access token is valid for 1 hour in the test environment and 24 hours in the production environment. To be sure that you are using correct time please use expires_in or expires_on. The access token is a JWT (JSON Web Token), and uses UTC time.

Problems? See: FAQ: Common errors.

Make an API call

After obtaining the access token (JWT), it is then used for the "real" calls to the Vipps API, with the Bearer keyword (it is case-sensitive).

A typical example of an API endpoint: POST:/ecomm/v2/payments in the Vipps eCom API: Initiate payment flow: API calls.

Here is an example with Authorization and Ocp-Apim-Subscription-Key (but without the client_id and client_secret, since they are only used for the POST:/accesstoken/get call), including the Vipps HTTP headers:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni <snip>
Ocp-Apim-Subscription-Key: 0f14ebcab0ec4b29ae0cb90d91b4a84a
Merchant-Serial-Number: 123456
Vipps-System-Name: Acme Enterprises Ecommerce DeLuxe
Vipps-System-Version: 3.1.2
Vipps-System-Plugin-Name: Point Of Sale Excellence
Vipps-System-Plugin-Version 4.5.6

For more details: See the OpenAPI specifications and Postman collections for the APIs.

Problems? See:

Checking for errors with the API Dashboard

All merchants have access to the API Dashboard. We strongly recommend to use that for detecting errors in the API use, in addition to normal monitoring.

Next step: Quick start guides

If you are ready to try out some API request, head over to the Quick start guides page and read about creating your own test set up!

See:

Questions?

We're always happy to help with code or other questions you might have! Please create an issue, a pull request, or contact us.

Sign up for our Technical newsletter for developers.