For PartnersFor Acquiring Partners
Klarna

1. Request a new client

It is possible to integrate directly with Klarna OpenIDConnect.
Obtain a client with either the client_secret_basic or client_secret_post authentication methods selected and save the secret. You will need to use it to authenticate requests to the OIDC.

2. Choose a right IDP URL
Employ an IDP URL specific to your service's geographic region and run IDP discovery. This step will retrieve the authorization and token endpoints, available scopes and other essential components needed for the standard OAuth flow.
MARKUP
1 2 3
EU: https://login.klarna.com NA: https://login.klarna.com/na/lp/idp
To test Sign in with Klarna direct integration on playground, please use the following issuer URLs:
  • EU: https://login.playground.klarna.com
  • NA: https://login.playground.klarna.com/na/lp/idp

3. Authenticate your client at the token endpoint
When calling the token endpoint, you must authenticate your client on every request. The method depends on how your client was registered.
client_secret_basic — Pass your client_id and client_secret as HTTP Basic Auth in the Authorization header. The value must be Base64-encoded and must include the Basic prefix: Authorization: Basic <base64(client_id:client_secret)> Example (before encoding): ca89d7d6-f74e-4c4f-9fa9-a28fd13d4074:your-secret
⚠️ The Basic prefix is required. Sending the raw credentials or API key directly in the Authorization header without this prefix will result in a 400 Invalid authorization header error.
client_secret_post — Pass client_id and client_secret as form fields in the request body (application/x-www-form-urlencoded). Do not set an Authorization header in this case.

4. Follow standard OAuth flow
Follow the rest of the OAuth flow according to the standard RFC 6749.