All requests must use HTTPS
The Cards API uses username, password and requestId in headers to validate incoming requests. These credentials are provided during the onboarding process.
You must supply the username and hashed password(SHA-256) when consuming all the services. The requestId also is mandatory which needs to be unique for each API call. The hashed password is calculated using a combination of your clear password and requestId, all hashed under the SHA-256 algorithm. See example:
clear_password = MyPassword123
requestId = 98765
password = SHA256(MyPassword12398765) = f345f53983af87953471f1ffc829f3b2b316f4cb5e77fde04883217825ce8cc9
Since the requestId is unique, the hashed password value will also be unique in each API call. Below table shows the headers description.
Username for each unique registered partner
Hashed password for the registered partner using the clear password and requestId
Unique value for each request sent by partner. This is to ensure that no duplicate requests are processed
The Cards API are offered on two different environments:
Sandbox - Over internet. You can use either the direct URL or use the adaptor Swagger UI link for self-testing. The Swagger UI also contains the necessary documentation.
Production – Over Internet. You need to initiate connectivity to our Cards API server and your IP address will be whitelisted.
Note that production environment is only available once all integration and testing are completed. All sandbox parametrisation are then promoted to the production setup.
Updated 2 months ago