API keys
API keys are unique to each sales unit and act as your credentials when authenticating API requests. They are referred to as merchant keys to distinguish them from other key types, such as partner keys.
This page is for merchants building a direct API integration. If that's not you:
- Partners — see API keys for partners instead.
- Donations API users — see Merchant level keys instead.
- VM number users — you don't need API keys. See the Help Center for more information.
Production and test keys​
As a merchant building a direct integration, you will need two separate sets of API keys — one for testing and one for production. Each set is tied to a specific sales unit and can only be used for that unit. If you have multiple sales units, you will have a separate set of keys for each one.
- Test environment: Keys are normally available a few minutes after the sales unit is created. See How to create a test sales unit for details.
- Production environment: Keys are normally available a few days after application, depending on workload and whether we need additional information.
- Vipps MobilePay will never ask for your API keys.
- If you need to share keys with a colleague, always use encrypted email or a secure secrets manager.
- If you accidentally expose your API keys, regenerate them immediately:
- Merchants: Click the Regenerate button on your sales unit page in the business portal. See How to regenerate API keys for step-by-step instructions.
- Partners: For partner-level keys, contact the partner team. For merchant keys, the merchant must regenerate them via the business portal.
- Update your integrations after regenerating keys so they continue to work.
Getting the API keys​
- Merchants
- Partners
You can find your API keys in the business portal. Log in and follow these steps:
- Click For developers from the sidebar. (If you don't see this option, ask your administrator to give you Developer access). On the page that opens, you should see a list of sales units. Select Test or Production.
- Find your sales unit and click the corresponding Show keys button. A panel will open where you can copy the values of each key.
- Take a copy of the Merchant Sales Number (MSN) as well, as part of your API credentials.
Partners use different key types depending on their role and the APIs they need to access.
See API keys for partners for a full overview of partner key types and how to get them.
API key details​
| API Key Name | Description | Format | Example |
|---|---|---|---|
client_id | Client ID for the sales unit (the "username") | GUID | fb492b5e-7907-4d83-bc20-c7fb60ca35de |
client_secret | Client secret for the sales unit (the "password") | Base64 | Y8Kteew6GE3ZmeycEt6egg== |
Ocp-Apim-Subscription-Key (primary) | Subscription key for the API product | Base64 | 0f14ebcab0eb4b29ae0cb90d91b4a84a |
Ocp-Apim-Subscription-Key (secondary) | Interchangeable with the primary key | Base64 | 0f14ebcab0eb4b29ae0cb90d91b4a84a |
You use client_id and client_secret with the Access Token API to get an access token for subsequent API requests.
The primary and secondary Ocp-Apim-Subscription-Key values are interchangeable. Having two lets you rotate one without downtime while the other remains active.
The same keys work across all integration types — direct API, mobile apps, point of sale, and plugins.
The Merchant Serial Number (MSN) is not an API key, but you will need it in many API requests. You can find it in the same place as your API keys in the business portal.
Next step​
Once you have your API keys, see Authentication and authorization to learn how to use them to obtain an access token.