General API information

Details that apply to all the Cards API


The Cards APIs are REST based, hence all responses are returned using JSON.



HTTPS Required

All requests must use HTTPS

The Cards API uses username, password and requestId in headers to validate incoming requests. These credentials are provided during the onboarding process.

You must supply the username and hashed password(SHA-256) when consuming all the services. The requestId also is mandatory which needs to be unique for each API call. The hashed password is calculated using a combination of your clear password and requestId, all hashed under the SHA-256 algorithm. See example:

clear_password = MyPassword123
requestId = 98765
password = SHA256(MyPassword12398765) = f345f53983af87953471f1ffc829f3b2b316f4cb5e77fde04883217825ce8cc9

Since the requestId is unique, the hashed password value will also be unique in each API call. Below table shows the headers description.

usernameStringUsername for each unique registered partnerYes
passwordStringHashed password for the registered partner using the clear password and requestIdYes
requestIdIntegerUnique value for each request sent by partner. This is to ensure that no duplicate requests are processed
1 to 8 digits


The Cards API are offered on two different environments:

  1. Sandbox - Over internet. You can use either the direct URL or use the adaptor Swagger UI link for self-testing. The Swagger UI also contains the necessary documentation.

  2. Production โ€“ Over Internet. You need to initiate connectivity to our Cards API server and your IP address will be whitelisted.



Note that production environment is only available once all integration and testing are completed. All sandbox parametrisation are then promoted to the production setup.