openapi: 3.0.0 info: description: >- Access token API contains the endpoints to request a JWT access token. The access token must be provided in all API requests, together with the subscription key. The access token is valid for 1 hour in the test environment and 24 hours in the production environment. For details, see the [API Guide](https://developer.vippsmobilepay.com/docs/APIs/access-token-api). version: 1.0.1 title: Access token tags: - name: Authorization Service description: Authorization Service servers: - url: https://api.vipps.no description: >- Production environment (uses the production API keys, the official app and live data) - url: https://apitest.vipps.no description: Test environment (uses the test API keys, the test app and test data) paths: /accesstoken/get: post: tags: - Authorization Service summary: Request a new access token (JWT bearer token) parameters: - name: client_id in: header description: >- The `client_id` is available on portal.vipps.no, under the 'Utvikler' tab. Think of it as the "username". required: true schema: type: string format: guid example: fb492b5e-7907-4d83-ba20-c7fb60ca35de - name: client_secret in: header description: >- The `client_secret` is available on portal.vipps.no, under the 'Utvikler' tab. Think of it as the "password". Keep it secret. Vipps will never ask for it, and do not need it. required: true schema: type: string example: Y8Kteew6GE2ZmeycEt6egg== - $ref: '#/components/parameters/Ocp-Apim-Subscription-Key' - $ref: '#/components/parameters/Merchant-Serial-Number' - $ref: '#/components/parameters/Vipps-System-Name' - $ref: '#/components/parameters/Vipps-System-Version' - $ref: '#/components/parameters/Vipps-System-Plugin-Name' - $ref: '#/components/parameters/Vipps-System-Plugin-Version' description: |- The accesstoken endpoint is used to get the JWT (JSON Web Token) that must be passed in every API request in the `Authorization` header. The access token is a base64-encoded string value that must be acquired first before making any Vipps API calls. The access token is valid for 1 hour in the test environment and 24 hours in the production environment. operationId: fetchAuthorizationTokenUsingPost responses: '200': description: OK content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/AuthorizationTokenResponse' '400': description: Bad request '401': description: Unauthorized '500': description: A server error on Vipps' side. components: schemas: AuthorizationTokenResponse: type: object required: - token_type - expires_in - ext_expires_in - expires_on - not_before - resource - access_token properties: token_type: type: string description: |- The type for the access token. This will always be `Bearer`. example: Bearer expires_in: type: integer description: |- Token expiry time in seconds. The access token is valid for 1 hour in the test environment and 24 hours in the production environment. example: 3600 ext_expires_in: type: integer description: Extra time added to expiry time. Currently disabled. example: 3600 expires_on: type: integer description: Token expiry time in epoch time format. example: 1547823408 not_before: type: integer description: Token creation time in epoch time format. example: 1547819508 resource: type: string description: |- A common resource object. Not used in token validation. This can be disregarded. example: 00000002-0000-0000-c000-000000000000 access_token: type: string format: byte description: |- The access token itself. It is a base64-encoded string, typically 1000+ characters. It can be decoded on https://jwt.io, and using standard libraries. See the documentation for details. example: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni parameters: Merchant-Serial-Number: name: Merchant-Serial-Number in: header required: false schema: type: string pattern: ^[0-9]{4,6}$ minLength: 4 maxLength: 6 example: '123456' description: >- The merchant serial number (MSN) for the sales unit. The Merchant-Serial-Number header can be used with all API keys, and can speed up any trouble-shooting of API problems quite a bit. Ocp-Apim-Subscription-Key: name: Ocp-Apim-Subscription-Key in: header required: true schema: type: string example: da7d5b0e18a84aeda961c0c31b75c2a9 description: |- The subscription key for the authorization token is available on portal.vipps.no, under the 'Utvikler' tab. Keep it secret. Vipps will never ask for it, and do not need it. Vipps-System-Name: name: Vipps-System-Name in: header description: >- The name of the ecommerce solution. One word in lowercase letters is good. See [http-headers](https://developer.vippsmobilepay.com/docs/common-topics/http-headers). schema: type: string maxLength: 30 example: WooCommerce Vipps-System-Version: name: Vipps-System-Version in: header description: >- The version number of the ecommerce solution. See [http-headers](https://developer.vippsmobilepay.com/docs/common-topics/http-headers). schema: type: string maxLength: 30 example: 5.4.0 Vipps-System-Plugin-Name: name: Vipps-System-Plugin-Name in: header description: >- The name of the ecommerce plugin (if applicable). One word in lowercase letters is good. See [http-headers](https://developer.vippsmobilepay.com/docs/common-topics/http-headers). schema: type: string maxLength: 30 example: woocommerce-payment Vipps-System-Plugin-Version: name: Vipps-System-Plugin-Version in: header description: >- The version number of the ecommerce plugin (if applicable). See [http-headers](https://developer.vippsmobilepay.com/docs/common-topics/http-headers). schema: type: string maxLength: 30 example: 1.4.1