Using the api
When creating an account with nkwaPay, you will first receive access to our sandbox environemnt. The sandbox environment is completely isloated from our production environment.
The base URL for the nkwaPay is different between our sandbox and production environments. The specific operation can be called by appending the endpoint to the base URL.
Environment Base URL
Environment | Base URL |
---|---|
Sandbox | https://api.sandbox.nkwapay.com/ |
Production | https://api.nkwapay.com/ |
Authentication
The nkwaPay API uses API key authentication. You can create an API key from our portal.
Every request has to include this API key in the X-API-KEY
header. e.g
curl https://api.sandbox.nkwapay.com/payments/:id -H "X-API-KEY: key"
If the API key has been revoked, you’ll reveive a 401 Unauthorized
response.
Signatures
The nkwaPay API is secured by the API key as explained above.
To add a 2nd layer of security, you can specify a whiltelist of IP addresses from which we will accept requsts.
To add a 3rd layer of security, the API will return a signature of the request in a X-Sig
response header.
The request signature if generated from the request body, timestamp and url. It uses RS256
encryption algorithm.
The public key of the API can be found in our portal.
To add a 4th layer of security, you can turn on request encryption from the portal.
If request encryption is set, you will have to provide a signature of the request in an X-Sig
request header. The encryption algorithm should be RS256 and signed with your private key.
You will then provide your public key in our portal so that we can verify that the requests are coming from you.