merchant_vat is used to identify which merchant that should be given consent to if a user has multiple merchants assigned. You should include it, as it is a practical way to manage merchants going through the OIDC flow, which is also a more scalable solution, as the your merchant customer base grows.
When you include the VAT, it is even easier for you to identify the merchant, as the VAT numer is then directly mapped to the access_token. Therefore, tracking is made easier.
- You should include the VAT if you are an integrator managing the MobilePay API solution on behalf of others.
- If you have more than one VAT number that you are managing the MobilePay API solution for.
- As an integrator, you will be making API calls on behalf of a merchant. If you are getting 403 forbidden, The server understood the request, but will not fulfill it due to client-related issues. It is because you did not include the
merchant_vatin the authorize request. The server understood the request, but will not fulfill it due to client-related issues.
You should send it as an extra URL parameter (authorize?merchant_vat=DK12345678).
You can find the information by extracting it from the
The extension methods support three different scenarios, to get the merchant_id.
- You have a JWE or JWS in 'Compact Serialization Format'.
- You have a System.Security.Claims. ClaimsPrinciple
- You have a System.Security.Claims. ClaimsIdentity