Vipps

Redirect

schedule 9 min read

Vipps is a two-phase payment instrument supported by the major Norwegian banks. In the redirect scenario, Swedbank Pay receives a mobile number (msisdn) from the payer through Swedbank Pay Payments. Swedbank Pay performs a payment that the payer must confirm through the Vipps mobile app.

Introduction

  • When the payer starts the purchase process, you make a POST request towards Swedbank Pay with the collected Purchase information.
  • This will generate a payment object with a unique paymentID.
  • You will receive a Redirect URL to a hosted page.
  • You need to redirect the payer to the Redirect payment where the payer must push the payment button. This triggers a POST towards Swedbank Pay.
  • The payer is redirected to a Vipps payment page to enter the mobile number.
  • Swedbank Pay handles the dialogue with Vipps and the payer confirms the purchase in the Vipps app.
  • To receive the state of the transaction you need to do a GET request containing the paymentID generated in the first step.

You redirect the payer to collect the payer’s mobile number.

steps of the vipps purchase flow

Step 1: Create a Purchase

link

Callback URL

It is mandatory to set a callbackUrl in the POST request creating the payment. When callbackUrl is set, Swedbank Pay will send a POST request to this URL when the payer has fulfilled the payment. Upon receiving this POST request, a subsequent GET request towards the id of the payment generated initially must be made to receive the state of the transaction.

warning

GDPR

GDPR sensitive data such as email, phone numbers and social security numbers must not be used directly in request fields such as payerReference. If it is necessary to use GDPR sensitive data, it must be hashed and then the hash can be used in requests towards Swedbank Pay.

A Purchase payment is a straightforward way to charge the the payer. Below you will see the POST request you will need to send to collect the purchase information.

Request

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
POST /psp/vipps/payments HTTP/1.1
Authorization: Bearer <AccessToken>
Content-Type: application/json

{
    "payment": {
        "operation": "Purchase",
        "intent": "Authorization",
        "currency": "NOK",
        "prices": [
            {
                "type": "Vipps",
                "amount": 1500,
                "vatAmount": 0
            }
        ],
        "description": "Test Purchase",
        "payerReference": "AB1234",
        "userAgent": "Mozilla/5.0...",
        "language": "nb-NO",
        "urls": {
            "hostUrls": [ "https://example.net" ],
            "completeUrl": "https://example.net/payment-completed",
            "cancelUrl": "https://example.net/payment-canceled",
            "callbackUrl": "https://example.net/payment-callback",
            "logoUrl": "https://example.net/payment-logo.png",
            "termsOfServiceUrl": "https://example.net/payment-terms.pdf",
            "paymentUrl": "https://example.net/payment-cart"
        },
        "payeeInfo": {
            "payeeId": "5cabf558-5283-482f-b252-4d58e06f6f3b",
            "payeeReference": "CD1234",
            "payeeName": "Merchant1",
            "productCategory": "A123"
        },
        "prefillInfo": {
            "msisdn": "+4792345678"
        }
    }
}

Response

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
HTTP/1.1 200 OK
Content-Type: application/json

{
    "payment": {
        "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1",
        "number": 1234567890,
        "created": "2016-09-14T13:21:29.3182115Z",
        "updated": "2016-09-14T13:21:57.6627579Z",
        "instrument": "Vipps",
        "operation": "Purchase",
        "intent": "Authorization",
        "state": "Ready",
        "currency": "NOK",
        "amount": 0,
        "remainingCaptureAmount": 1500,
        "remainingCancellationAmount": 1500,
        "remainingReversalAmount": 0,
        "description": "Test Purchase",
        "payerReference": "AB1234",
        "initiatingSystemUserAgent": "PostmanRuntime/3.0.1",
        "userAgent": "Mozilla/5.0...",
        "language": "nb-NO",
        "prices": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/prices"
        },
        "transactions": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/transactions"
        },
        "authorizations": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/authorizations"
        },
        "reversals": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/reversals"
        },
        "cancellations": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/cancellations"
        },
        "urls": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/urls"
        },
        "payeeInfo": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/payeeInfo"
        },
        "settings": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/settings"
        }
    },
    "operations": [
        {
            "method": "PATCH",
            "href": "https://api.externalintegration.payex.com/psp/vipps/payments/ec2a9b09-601a-42ae-8e33-a5737e1cf177",
            "rel": "update-payment-abort"
        },
        {
            "method": "GET",
            "href": "https://api.externalintegration.payex.com/vipps/payments/authorize/8fb05a835f2fc227dc7bca9abaf649b919ba8a572deb448bff543dd5806dacb7",
            "rel": "redirect-authorization"
        }
    ]
}
Required Field Type Description
check payment object The payment object contains information about the specific payment.
check └➔ operation string The operation that the payment is supposed to perform. The Purchase operation is used in our example.
check └➔ intent string Authorization. Reserves the amount, and is followed by a cancellation or capture of funds.

check └➔ currency string NOK
check └➔ prices object The prices resource lists the prices related to a specific payment.
check └─➔ type string  
check └─➔ amount integer The amount (including VAT, if any) to charge the payer, entered in the lowest monetary unit of the selected currency. E.g.: 10000 = 100.00 NOK, 5000 = 50.00 NOK.
check └─➔ vatAmount integer The payment’s VAT (Value Added Tax) amount, entered in the lowest monetary unit of the selected currency. E.g.: 10000 = 100.00 NOK, 5000 = 50.00 NOK. The vatAmount entered will not affect the amount shown on the payment page, which only shows the total amount. This field is used to specify how much ofthe total amount the VAT will be. Set to 0 (zero) if there is no VAT amount charged.
check └➔ description string(40) A 40 character length textual description of the purchase.
  └➔ payerReference string The reference to the payer from the merchant system, like e-mail address, mobile number, customer number etc.
check └➔ userAgent string The User-Agent string of the payer’s web browser.
check └➔ language string sv-SE, nb-NO or en-US.
check └➔ urls object The urls resource lists urls that redirects users to relevant sites.
check └─➔ completeUrl string The URL that Swedbank Pay will redirect back to when the payer has completed his or her interactions with the payment. This does not indicate a successful payment, only that it has reached a final (complete) state. A GET request needs to be performed on the payment to inspect it further. See completeUrl for details.
  └─➔ cancelUrl string The URI to redirect the payer to if the payment is canceled. Only used in redirect scenarios. Can not be used simultaneously with paymentUrl; only cancelUrl or paymentUrl can be used, not both.
  └─➔ callbackUrl string The URL that Swedbank Pay will perform an HTTP POST against every time a transaction is created on the payment. See callback for details.
check └➔ payeeInfo object The payeeInfo object, containing information about the payee (the recipient of the money). See payeeInfo for details.
check └─➔ payeeId string This is the unique id that identifies this payee (like merchant) set by Swedbank Pay.
check └─➔ payeeReference string(50*) A unique reference from the merchant system. It is set per operation to ensure an exactly-once delivery of a transactional operation. See payeeReference for details.
  └─➔ payeeName string The payee name (like merchant name) that will be displayed when redirected to Swedbank Pay.
  └─➔ productCategory string A product category or number sent in from the payee/merchant. This is not validated by Swedbank Pay, but will be passed through the payment process and may be used in the settlement process.
  └─➔ orderReference String(50) The order reference should reflect the order reference found in the merchant’s systems.
  └─➔ subsite String(40) The subsite field can be used to perform split settlement on the payment. The subsites must be resolved with Swedbank Pay reconciliation before being used.If you send in an unknown subsite value, it will be ignored and the paymentwill be settled using the merchant’s default settlement account.

Step 2: Authorization

To create an authorization in the redirect flow, simply perform an HTTP redirect of the payer towards the URL in the href of the redirect-authorization operation found in the list of operations in the response from the creation of the payment.

Once the payment is successfully authorized, the payer is returned to either the completeUrl or the cancelUrl; depending on the action performed. On the page as well as in the callbackUrl you need to perform an HTTP GET request towards the id of the payment to inspect its status.

Step 3: Get the transaction state

The GETrequest below will give you the transaction state of the payment. The paymentId used below was provided in the fist step when creating a purchase.

Request

1
2
3
4
GET /psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/ HTTP/1.1
Host: api.externalintegration.payex.com
Authorization: Bearer <AccessToken>
Content-Type: application/json

Response

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
HTTP/1.1 200 OK
Content-Type: application/json

{
    "payment": {
        "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1",
        "number": 1234567890,
        "created": "2016-09-14T13:21:29.3182115Z",
        "updated": "2016-09-14T13:21:57.6627579Z",
        "state": "Ready",
        "operation": "Purchase",
        "intent": "Authorization",
        "currency": "NOK",
        "amount": 1500,
        "remainingCaptureAmount": 1500,
        "remainingCancellationAmount": 1500,
        "remainingReversalAmount": 0,
        "description": "Test Purchase",
        "payerReference": "AB1234",
        "initiatingSystemUserAgent": "PostmanRuntime/3.0.1",
        "userAgent": "Mozilla/5.0...",
        "language": "nb-NO",
        "prices": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/prices"
        },
        "payeeInfo": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/payeeInfo"
        },
        "urls": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/urls"
        },
        "transactions": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/transactions"
        },
        "authorizations": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/authorizations"
        },
        "captures": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/captures"
        },
        "reversals": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/reversals"
        },
        "cancellations": {
            "id": "/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/cancellations"
        }
    },
    "operations": [
        {
            "method": "PATCH",
            "href": "https://api.externalintegration.payex.com/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1",
            "rel": "update-payment-abort",
            "contentType": "application/json"
        },
        {
            "method": "GET",
            "href": "https://ecom.externalintegration.payex.com/vipps/core/scripts/client/px.vipps.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119&operation=authorize",
            "rel": "view-authorization",
            "contentType": "application/javascript"
        },
        {
            "method": "GET",
            "href": "https://ecom.externalintegration.payex.com/vipps/core/scripts/client/px.vipps.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119&operation=authorize",
            "rel": "view-payment",
            "contentType": "application/javascript"
        },
        {
            "method": "GET",
            "href": "https://ecom.externalintegration.payex.com/vipps/payments/authorize/ec2a9b09-601a-42ae-8e33-a5737e1cf177",
            "rel": "redirect-authorization",
            "contentType": "text/html"
        },
        {
            "method": "POST",
            "href": "https://api.externalintegration.payex.com/psp/vipps/payments/7e6cdfc3-1276-44e9-9992-7cf4419750e1/captures",
            "rel": "create-capture",
            "contentType": "application/json"
        },
        {
            "method": "GET",
            "href": "https://api.externalintegration.payex.com/psp/vipps/7e6cdfc3-1276-44e9-9992-7cf4419750e1/paid",
            "rel": "paid-payment",
            "contentType": "application/json"
        },
        {
            "method": "GET",
            "href": "https://api.externalintegration.payex.com/psp/vipps/7e6cdfc3-1276-44e9-9992-7cf4419750e1/failed",
            "rel": "failed-payment",
            "contentType": "application/problem+json"
        }
    ]
}
Field Type Description
payment object The payment object contains information about the specific payment.
└➔ id string The relative URI and unique identifier of the payment resource . Please read about URI Usage to understand how this and other URIs should be used in your solution.
└➔ number integer The payment number , useful when there’s need to reference the payment in human communication. Not usable for programmatic identification of the payment, for that id should be used instead.
└➔ created string The ISO-8601 date of when the payment was created.
└➔ updated string The ISO-8601 date of when the payment was updated.
└➔ state string Ready, Pending, Failed or Aborted. Indicates the state of the payment, not the state of any transactions performed on the payment. To find the state of the payment’s transactions (such as a successful authorization), see the transactions resource or the different specialized type-specific resources such as authorizations or sales.
└➔ prices object The prices resource lists the prices related to a specific payment.
└➔ prices.id string The relative URI and unique identifier of the prices resource . Please read about URI Usage to understand how this and other URIs should be used in your solution.
└➔ description string(40) A 40 character length textual description of the purchase.
└➔ payerReference string The reference to the payer from the merchant system, like e-mail address, mobile number, customer number etc.
└➔ userAgent string The user agent string of the payer’s browser.
└➔ language string sv-SE, nb-NO or en-US.
└➔ urls string The URI to the urls resource where all URIs related to the payment can be retrieved.
└➔ payeeInfo string The payeeInfo object, containing information about the payee (the recipient of the money). See payeeInfo for details.
operations array The array of possible operations to perform
└─➔ method string The HTTP method to use when performing the operation.
└─➔ href string The target URI to perform the operation against.
└─➔ rel string The name of the relation the operation has to the current resource.

Vipps Redirect integration flow

The sequence diagram below shows the two requests you have to send to Swedbank Pay to make a purchase. The links will take you directly to the API description for the specific request.

sequenceDiagram
    participant Browser
    participant Merchant
    participant SwedbankPay as Swedbank Pay
    participant VippsApi as Vipps API
    participant VippsApp as Vipps App

    Browser->>Merchant: Start purchase (pay with Vipps)
    activate Browser
    activate Merchant
    Merchant->>SwedbankPay: POST <Create  Vipps payment>
    activate SwedbankPay
    note left of Merchant: First API request
    SwedbankPay-->>Merchant: Payment resource
    deactivate SwedbankPay
    Merchant-->>Browser: Redirect to payment page
    deactivate Merchant

    note left of Browser: Redirect to Swedbank Pay
    Browser->>SwedbankPay: Redirect
    activate SwedbankPay
    SwedbankPay-->>VippsApi: Initialize Vipps payment
    activate VippsApi
    VippsApi-->>SwedbankPay: Response
    activate SwedbankPay
    SwedbankPay-->>-Browser: Display payment page
    activate Browser
    Browser->>Browser: Enter mobile number
    SwedbankPay-->>Browser: Authorization response (State=Pending)
    note left of Browser: Check your phone

    VippsApi-->>VippsApp: Confirm Payment UI
    activate VippsApp
    VippsApp-->>VippsApp: Confirmation dialogue
    VippsApp-->>VippsApi: Confirmation
    deactivate VippsApp

    VippsApi-->>SwedbankPay: Make payment
    activate SwedbankPay
    SwedbankPay-->>SwedbankPay: Execute payment
    SwedbankPay-->>VippsApi: Response
    deactivate SwedbankPay
    deactivate VippsApi

    SwedbankPay-->>SwedbankPay: Authorize result
    SwedbankPay-->>Browser: Authorize result
    deactivate SwedbankPay

    Browser-->>Merchant: Redirect to merchant
    activate Merchant
    note left of Browser: Redirect to merchant

        alt Callback
        activate SwedbankPay
        SwedbankPay-->>-VippsApi: Callback response
        SwedbankPay->>-Merchant: Transaction callback
        end

    activate SwedbankPay
    Merchant-->>SwedbankPay: GET <payment.id>
    note left of Merchant: Second API request
    SwedbankPay-->>Merchant: Payment resource
    Merchant-->>Browser: Display purchase result
    deactivate SwedbankPay
    deactivate Merchant
    deactivate Browser

You will later (i.e. if a physical product, when you are ready to ship the purchased products) have to make a Capture or Cancel request.