API docs by Redocly

Payment API Gateway (template version) (5.7.3)

Download OpenAPI specification:

This API enables integration with the Payment Gateway to initiate transactions, monitor their statuses, and interact with various payment providers.

Intro

This API is part of the our ecosystem. It allows you to make payments, find out the status of transactions and much more. Here you will find the latest documentation on setting up your solution.

Important: all Mobile Money C2B/B2C payments must be processed only with verified phone numbers.

Before proceeding with the request, please confirm that the phone number:

  • has been previously verified by the customer;
  • matches the number stored in your database.

This requirement is essential for minimizing fraud risk.

Available Payment Providers (Test Environment)

Use the test provider below during sandbox integration. Note that responses from the simulator do not include a callback — transactions remain in the "in progress" state.

ID Name Country Description
14 Simulator ANY For testing purposes

Example response from test provider (ID: 14)

When using the simulator provider, a successful request returns the following structure. Note that status: 1 means "in progress" — use the /status method to poll for updates.

{
  "order_id": "54321",
  "transaction_id": "12345",
  "transaction_ref": "",
  "status": 1,
  "result": {
    "code": 0,
    "message": "OK"
  },
  "provider_result": {
    "code": -8888,
    "message": "Good"
  },
  "service_id": 1,
  "service_version": "1.03/1.14|1.0/1.26|1.0/1.0|1.01/1.01|1.01/1.01||1.01/1.27",
  "service_date_time": "2023-05-15 10:00:00.000000",
  "confirm_type": 0
}

Generating Signature

To generate a correct signature, use your secretKey and apply recursive HMAC SHA-512 hashing on all request fields, excluding the signature field itself.

Example in PHP:

function calculateSignature(array $data, string $secretKey, string $prefix = '', int $depth = 16, int $level = 0): string {
    if ($level >= $depth) {
        throw new Exception('Too deep');
    }

    $result = '';
    foreach ($data as $key => $value) {
        if ($key === 'signature') continue;
        $fullKey = $prefix . $key;
        if (is_array($value)) {
            $result .= calculateSignature($value, $secretKey, $fullKey . '.', $depth, $level + 1);
        } else {
            $result .= $fullKey . $value;
        }
    }

    return $level === 0
        ? strtolower(hash_hmac('sha512', $result, $secretKey))
        : $result;
}

$postData = [
    'merchant_id' => 'fffed61b...',
    'provider_id' => 10,
    'client_id' => '254000000000',
    'country' => 'KE',
    'order_id' => 'order_3444298767545',
    'amount' => 1000,
    'currency' => 'KES',
    'callback_url' => 'https://my.callback.url'
];

$secretKey = 'cf11635572...';
$postData['signature'] = calculateSignature($postData, $secretKey);

Status Codes

Code Name Description
-1 undefined Unknown or error state
0 initiated Operation is initiated
1 in progress Operation is in progress
2 success Operation completed successfully
3 failed Operation failed
4 cancelled Operation was cancelled

Operation Types

Operation type codes visible in callbacks:

Code Type
16 payment_b2c
17 payment_c2b
32 paybill

Available Currencies

Code Note
KES Example for test requests
MWK Malawian kwacha
UGX Ugandan shilling
TZS Tanzanian shilling
ZMW Zambian kwacha
XOF West African CFA franc

Callbacks

Transaction status is sent via callback because it requires asynchronous confirmation from the client system. Usually the callback should arrive within 2–3 minutes.

If no callback is received, use the status API method to check transaction result. Successful callback = HTTP 200 from merchant'

Payment Methods

Senegal

Provider ID Provider Name Notes
9259 Wave Check with your manager
9322 Orange Chack with your manager

221000000000 - This is the format of the phone number you have to send in the payment requests.

For 9259:

C2B

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_c2b) and set extra data:
  • return_url
  1. Merchant requests the transaction status (POST payment_status)
  2. Merchant gets a customer_redirect in the status response
  3. Merchant redirects a customer to provider payment page
  4. Customer makes a payment on the page
  5. Merchant gets a callback (or requests the status) with the final state of the operation

B2C

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_b2c)
  3. Customer receives funds to their mobile number
  4. Merchant gets a callback (or requests the status) with the final state of the operation
c2b minimum b2c minimum c2b maximum b2c maximum
XOF 200.00 XOF 200.00 XOF 2 000 000.00 XOF 2 000 000.00

For 9322:

C2B

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_c2b)
  3. Merchant requests the transaction status (POST payment_status)
  4. Merchant gets a customer_redirect in the status response
  5. Merchant redirects a customer to provider payment page
  6. Customer makes a payment on the page
  7. Merchant gets a callback (or requests the status) with the final state of the operation

B2C

  1. Customer initiates the payment on Merchant side and set extra data:
    • return_url
  2. Merchant sends request to the platform (POST payment_b2c)
  3. Customer receives funds to their mobile number
  4. Merchant gets a callback (or requests the status) with the final state of the operation
c2b minimum b2c minimum c2b maximum b2c maximum
XOF 200.00 XOF 200.00 XOF 2 000 000.00 XOF 2 000 000.00

Ivory Coast

Provider ID Provider Name Notes
9262 Wave Check with your manager
9260 Moov Check with your manager
9261 MTN Check with your manager

2250XXXXXXXXX - This is the format of the phone number you have to send in the payment requests.

For 9260:

C2B

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_c2b) and set extra data:
    • return_url
  3. Customer gets push from operator and confirms the operation
  4. Merchant gets a callback (or requests the status) with the final state of the operation

B2C

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_b2c)
  3. Customer receives funds to their mobile wallet
  4. Merchant gets a callback (or requests the status) with the final state of the operation
c2b minimum b2c minimum c2b maximum b2c maximum
XOF 200.00 XOF 200.00 XOF 2 000 000.00 XOF 2 000 000.00

For 9261:

C2B

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_c2b) and set extra data:
  3. Customer gets push from operator and confirms the operation
  4. Merchant gets a callback (or requests the status) with the final state of the operation

B2C

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_b2c)
  3. Customer receives funds to their mobile wallet
  4. Merchant gets a callback (or requests the status) with the final state of the operation
c2b minimum b2c minimum c2b maximum b2c maximum
XOF 200.00 XOF 200.00 XOF 2 000 000.00 XOF 2 000 000.00

For 9262:

C2B

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_c2b)
  3. Merchant requests the transaction status (POST status)
  4. Merchant gets a customer_redirect in the status response
  5. Merchant redirects a customer to provider payment page
  6. Customer makes a payment on the page
  7. Merchant gets a callback (or requests the status) with the final state of the operation

B2C

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST payment_b2c)
  3. Customer receives funds to their mobile number
  4. Merchant gets a callback (or requests the status) with the final state of the operation
c2b minimum b2c minimum c2b maximum b2c maximum
XOF 200.00 XOF 200.00 XOF 2 000 000.00 XOF 2 000 000.00

Online Payments

Cashless payment from the customer to the merchant

path Parameters
public_id
required
string
Example: f54ec96649be11ebb3780242ac130002

Merchant public ID

Request Body schema: application/json
required

Parameters to initiate a customer to the merchant payment

merchant_id
required
string (merchantIdDef)

Unique Merchant ID received during the merchant registration

customer_id
required
string (customerIdDef)

Customer ID (usually mobile phone number of the customer)

customer_user_id
required
string (customerUserIdDef) <= 200 characters

Unique customer identifier on the merchant’s side (e.g., internal user ID, CRM ID)

order_id
required
string (orderIdDef)

The unique value is generated by the transaction initiator for each Operation. Max length is 128 symbols. Allowed symbols: [a-z], [A-Z], [0-9], “_” (underscore character), “-” (hyphen), “:” (colon), “.” (dot). For example, GUID or TIMESTAMP can be used as an order_id. This parameter provides API idempotency. It means that requests with identical nonce from the same transaction initiator will have identical responses and The corresponding operation won’t be repeated.

amount
required
string

Amount to pay, should be in format with two digits after point

currency
required
string (currencyDef)

Currency code in ISO 4217 format from the list of availabe currencies

country
string (countryDef)

Country code in ISO 3166-1 alpha-2 format as defined in the payment providers

callback_url
string

URL to notify the merchant via callback. Recommended

provider_id
required
integer (providerDef)
Enum: 14 40

Provider ID. Can be one of the option from this list.

signature
required
string (signatureDef)

Merchant’s request and callback have to be signed to verify sent data. To generate the signature all sent parameters are included in the order they were sent. The parameter signature should be excluded, of course. Example can be found here

Responses

Callbacks

Request samples

Content type
application/json
{
  • "merchant_id": "e0fecd91fcb24f348048193b3fb34875ba3722b4",
  • "customer_id": 900000001,
  • "customer_user_id": "user-123456",
  • "order_id": "16280954971628095497",
  • "amount": "100.00",
  • "currency": "KES",
  • "country": "KE",
  • "callback_url": "https://example.com/callback",
  • "provider_id": 14,
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Response samples

Content type
application/json
{
  • "order_id": "16280954971628095497",
  • "transaction_id": "732007046722",
  • "transaction_ref": "MP.33234.342.CP33",
  • "status": 2,
  • "result": {
    },
  • "provider_result": {
    },
  • "service_id": 1,
  • "service_version": 11.1,
  • "service_date_time": "2020-11-25 10:08:32.832969"
}

Callback payload samples

Callback
POST: Asynchronous notification of the merchant about the last performed transaction
Content type
application/json
{
  • "transaction_id": "1234567",
  • "order_id": "16280954971628095497",
  • "service_id": 12345,
  • "service_version": "5.2.0",
  • "service_date_time": "2020-11-25 10:08:32.832969",
  • "result": {
    },
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Cashless payment from the merchant to the customer.

Cashless payment from the merchant to the customer. If the confirm_type response parameter is a non-zero merchant, send the second payment_b2c request with confirmation data according to the section Confirmation Types.

path Parameters
public_id
required
string
Example: f54ec96649be11ebb3780242ac130002

Merchant public ID

Request Body schema: application/json
required

Parameters to initiate the merchant to the customer payment

merchant_id
required
string (merchantIdDef)

Unique Merchant ID received during the merchant registration

customer_id
required
string (customerIdDef)

Customer ID (usually mobile phone number of the customer)

customer_user_id
required
string (customerUserIdDef) <= 200 characters

Unique customer identifier on the merchant’s side (e.g., internal user ID, CRM ID)

order_id
required
string (orderIdDef)

The unique value is generated by the transaction initiator for each Operation. Max length is 128 symbols. Allowed symbols: [a-z], [A-Z], [0-9], “_” (underscore character), “-” (hyphen), “:” (colon), “.” (dot). For example, GUID or TIMESTAMP can be used as an order_id. This parameter provides API idempotency. It means that requests with identical nonce from the same transaction initiator will have identical responses and The corresponding operation won’t be repeated.

amount
required
string

Amount to pay, with two digits after point

currency
required
string (currencyDef)

Currency code in ISO 4217 format from the list of availabe currencies

country
string (countryDef)

Country code in ISO 3166-1 alpha-2 format as defined in the payment providers

callback_url
string

URL to notify the merchant via callback

provider_id
required
integer (providerDef)
Enum: 14 40

Provider ID. Can be one of the option from this list.

signature
required
string (signatureDef)

Merchant’s request and callback have to be signed to verify sent data. To generate the signature all sent parameters are included in the order they were sent. The parameter signature should be excluded, of course. Example can be found here

Responses

Request samples

Content type
application/json
{
  • "merchant_id": "e0fecd91fcb24f348048193b3fb34875ba3722b4",
  • "customer_id": 900000001,
  • "customer_user_id": "user-123456",
  • "order_id": "16280954971628095497",
  • "amount": "100.00",
  • "currency": "KES",
  • "country": "KE",
  • "callback_url": "https://example.com/callback",
  • "provider_id": 14,
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Response samples

Content type
application/json
{
  • "order_id": "16280954971628095497",
  • "transaction_id": "532007056722",
  • "transaction_ref": "",
  • "status": 2,
  • "result": {
    },
  • "provider_result": {
    },
  • "service_id": 11,
  • "service_version": 11.1,
  • "service_date_time": "2020-11-25 10:08:32.832969",
  • "confirm_type": 0
}

Request a status of the transaction performed earlier

path Parameters
public_id
required
string
Example: f54ec96649be11ebb3780242ac130002

Merchant public ID

Request Body schema: application/json
required

Get the status of the performed transaction

merchant_id
required
string (merchantIdDef)

Unique Merchant ID received during the merchant registration

order_id
required
string (orderIdDef)

The unique value is generated by the transaction initiator for each Operation. Max length is 128 symbols. Allowed symbols: [a-z], [A-Z], [0-9], “_” (underscore character), “-” (hyphen), “:” (colon), “.” (dot). For example, GUID or TIMESTAMP can be used as an order_id. This parameter provides API idempotency. It means that requests with identical nonce from the same transaction initiator will have identical responses and The corresponding operation won’t be repeated.

signature
required
string (signatureDef)

Merchant’s request and callback have to be signed to verify sent data. To generate the signature all sent parameters are included in the order they were sent. The parameter signature should be excluded, of course. Example can be found here

Responses

Request samples

Content type
application/json
{
  • "merchant_id": "e0fecd91fcb24f348048193b3fb34875ba3722b4",
  • "order_id": "16280954971628095497",
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Response samples

Content type
application/json
{
  • "order_id": "16280954971628095497",
  • "transaction_id": "732007046722",
  • "transaction_ref": "MP.33234.342.CP33",
  • "status": 2,
  • "result": {
    },
  • "provider_result": {
    },
  • "service_id": 1,
  • "service_version": 11.1,
  • "service_date_time": "2020-11-25 10:08:32.832969"
}