When you create an account with Nkwa Pay, you first gain access to the sandbox environment, which is isolated from the production environment.

The base URL differs for each environment, and you can call specific operations by appending the endpoint to the base URL.

EnvironmentBase URL
Sandboxhttps://api.sandbox.nkwapay.com/
Productionhttps://api.nkwapay.com/

Authentication

Nkwa Pay uses API key authentication. You can generate an API key from the portal, and each request must include this key in the X-API-KEY header.

curl https://api.sandbox.nkwapay.com/payments/:id -H "X-API-KEY: key"

If the API key is revoked, the request will return a 401 Unauthorized response.

Additional Security Layers

  1. IP Whitelisting: You can configure a list of allowed IP addresses from which Nkwa Pay will accept API requests.

  2. Request Signatures:

    • The API provides an extra layer of security by returning a signature in the X-Sig response header.
    • The signature is generated using the request body, timestamp, and URL, and is encrypted using the RS256 algorithm.
    • You can find the public key for signature verification in the Nkwa Pay portal.

  3. Request Encryption:

    • You can enable request encryption for further protection.
    • If enabled, you will need to include a signature in the X-Sig request header, generated using the RS256 algorithm and signed with your private key.
    • Additionally, you’ll need to upload your public key to the portal so Nkwa Pay can verify your requests.

Was this page helpful?