When creating an account with nkwaPay, you will first receive access to our sandbox environemnt. The sandbox environment is completely isloated from our production environment.

The base URL for the nkwaPay is different between our sandbox and production environments. The specific operation can be called by appending the endpoint to the base URL.

Environment Base URL

EnvironmentBase URL
Sandboxhttps://api.sandbox.nkwapay.com/
Productionhttps://api.nkwapay.com/

Authentication

The nkwaPay API uses API key authentication. You can create an API key from our portal. Every request has to include this API key in the X-API-KEY header. e.g

curl https://api.sandbox.nkwapay.com/payments/:id -H "X-API-KEY: key"

If the API key has been revoked, you’ll reveive a 401 Unauthorized response.

Signatures

The nkwaPay API is secured by the API key as explained above.

To add a 2nd layer of security, you can specify a whiltelist of IP addresses from which we will accept requsts.

To add a 3rd layer of security, the API will return a signature of the request in a X-Sig response header. The request signature if generated from the request body, timestamp and url. It uses RS256 encryption algorithm. The public key of the API can be found in our portal.

To add a 4th layer of security, you can turn on request encryption from the portal. If request encryption is set, you will have to provide a signature of the request in an X-Sig request header. The encryption algorithm should be RS256 and signed with your private key. You will then provide your public key in our portal so that we can verify that the requests are coming from you.

ImplementationCollection and disbursement