API docs by Redocly

Payment API Gateway (template version) (5.7.3)

Download OpenAPI specification:

This API enables integration with the Payment Gateway to initiate transactions, monitor their statuses, and interact with various payment providers.

Intro

This API is part of the our ecosystem. It allows you to make payments, find out the status of transactions and much more. Here you will find the latest documentation on setting up your solution.

Important: all Mobile Money C2B/B2C payments must be processed only with verified phone numbers.

Before proceeding with the request, please confirm that the phone number:

  • has been previously verified by the customer;
  • matches the number stored in your database.

This requirement is essential for minimizing fraud risk.

Available Payment Providers (Test Environment)

Use the test provider below during sandbox integration. Note that responses from the simulator do not include a callback — transactions remain in the "in progress" state.

ID Name Country Description
14 Simulator ANY For testing purposes

Example response from test provider (ID: 14)

When using the simulator provider, a successful request returns the following structure. Note that status: 1 means "in progress" — use the /status method to poll for updates.

{
  "order_id": "54321",
  "transaction_id": "12345",
  "transaction_ref": "",
  "status": 1,
  "result": {
    "code": 0,
    "message": "OK"
  },
  "provider_result": {
    "code": -8888,
    "message": "Good"
  },
  "service_id": 1,
  "service_version": "1.03/1.14|1.0/1.26|1.0/1.0|1.01/1.01|1.01/1.01||1.01/1.27",
  "service_date_time": "2023-05-15 10:00:00.000000",
  "confirm_type": 0
}

Generating Signature

To generate a correct signature, use your secretKey and apply recursive HMAC SHA-512 hashing on all request fields, excluding the signature field itself.

Example in PHP:

function calculateSignature(array $data, string $secretKey, string $prefix = '', int $depth = 16, int $level = 0): string {
    if ($level >= $depth) {
        throw new Exception('Too deep');
    }

    $result = '';
    foreach ($data as $key => $value) {
        if ($key === 'signature') continue;
        $fullKey = $prefix . $key;
        if (is_array($value)) {
            $result .= calculateSignature($value, $secretKey, $fullKey . '.', $depth, $level + 1);
        } else {
            $result .= $fullKey . $value;
        }
    }

    return $level === 0
        ? strtolower(hash_hmac('sha512', $result, $secretKey))
        : $result;
}

$postData = [
    'merchant_id' => 'fffed61b...',
    'provider_id' => 10,
    'client_id' => '254000000000',
    'country' => 'KE',
    'order_id' => 'order_3444298767545',
    'amount' => 1000,
    'currency' => 'KES',
    'callback_url' => 'https://my.callback.url'
];

$secretKey = 'cf11635572...';
$postData['signature'] = calculateSignature($postData, $secretKey);

Status Codes

Code Name Description
-1 undefined Unknown or error state
0 initiated Operation is initiated
1 in progress Operation is in progress
2 success Operation completed successfully
3 failed Operation failed
4 cancelled Operation was cancelled

Operation Types

Operation type codes visible in callbacks:

Code Type
16 payment_b2c
17 payment_c2b
32 paybill

Available Currencies

Code Note
KES Example for test requests
MWK Malawian kwacha
UGX Ugandan shilling
TZS Tanzanian shilling
ZMW Zambian kwacha
XOF West African CFA franc
XAF CFA franc BEAC

Callbacks

Transaction status is sent via callback because it requires asynchronous confirmation from the client system. Usually the callback should arrive within 2–3 minutes.

If no callback is received, use the status API method to check transaction result. Successful callback = HTTP 200 from merchant'

Payment Methods

Congo-Brazzaville

Provider ID Provider Name Notes
9525 MTN Check provider id with your manager

242000000000 - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids that do not require OTP or Redirect: 9525

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id No Extra Required customer_email customer_name return_url
9525 * *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id No Extra Required customer_email customer_name return_url
9525 * *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Congo-Brazzaville limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9525 XAF 100.00 XAF 100.00 XAF 2'000'000.00

Kenya

Provider ID Provider Name Notes
9515, 9574 M-Pesa Safaricom Check provider id with your manager

254000000000 - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids that do not require OTP or Redirect: 9515, 9574

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id No Extra Required customer_email customer_name return_url
9515 *
9574 *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id No Extra Required customer_email customer_name return_url
9515 *
9574 *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Kenya limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9515 KES 100.00 KES 50.00 KES 250'000.00
9574 KES 10.00 KES 10.00 KES 85'000.00

Senegal

Provider ID Provider Name Notes
9259 Wave Check with your manager
9322 Orange Chack with your manager

221000000000 - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids redirecting to Provider payment pages: 9259, 9322

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name customer_ip return_url
9322 *
9259 *
  1. Merchant gets the status of the operation and extra data customer_redirect
    Example of a user redirect link:
"extra": 
{
"customer_redirect": "https://checkout.provider.com/202511131111MqKRft39377/pay"
},
  1. Merchant redirect Customer to provider page
  2. Customer confirms the payment on the provider page
  3. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9259 *
9322 *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Senegal Limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9322, 9269 XOF 200.00 XOF 200.00 XOF 2'000'000.00

Tanzania

Provider ID Provider Name Notes
9370 Airtel Check provider id with your manager
HaloPesa Check provider id with your manager
9369 Vodacom Check provider id with your manager
9376 Tigo Check provider id with your manager

255000000000 - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids that do not require OTP or Redirect: 9369, 9370, 9376

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9369, 9370, 9376 * *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9369, 9370, 9376 * *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Tanzania Limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9369, 9370, 9376 TZS 1'000.00 TZS 1'000.00 TZS 5'000'000.00

Togo

Provider ID Provider Name Notes
9527 TOGOCOM Check provider id with your manager
9526 Moov Check provider id with your manager

The phone number must consist of exactly 8 numeric digits in the following format: 228XXXXXXXX (3-digit country code 228 + 8-digit local phone number). Example: 22890123456 No spaces, plus signs, separators, or other characters are permitted.

C2B for Provider_ids that do not require OTP or Redirect: 9526, 9527

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id No Extra Required customer_email customer_name return_url
9526, 9527 *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id No Extra Required customer_email customer_name return_url
9526, 9527 *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Note deposits and withdrawals are made in multiples of 5.

Togo limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9526, 9527 XOF 100.00 XOF 100.00 XOF 2'000'000.00

Ivory Coast

Provider ID Provider Name Notes
9262, 9519 Wave Check with your manager
9260 Moov Check with your manager
9261, 9516 MTN Check with your manager
9324 Orange Check with your manager

2250XXXXXXXXX - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids that do not require OTP or Redirect: 9260, 9261, 9516

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9260, 9261 *
9516 *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

C2B for Provider_ids that require a OTP: 9324

  1. Customer create OTP code on ussd_code #144*82#
  2. Customer initiates the payment on Merchant side
  3. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url otp
9324 *

Example Request:

  {
  "merchant_id": "your merchant id",
  "customer_id": "2250705145655",
  "order_id": "test_161225_01_1",
  "amount": "1111",
  "currency": "XOF",
  "country": "BF",
  "callback_url": "your callback url",
  "provider_id": "9324",
  "signature": "1c594d338bc3f413bd61cb97d697e98ad5772071da533",
  "extra": {
    "otp": "7777"
  },
  }
  1. Operator debits funds from customer mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

C2B for Provider_ids redirecting to Provider payment pages: 9262, 9519

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name customer_ip return_url
9262 *
9519 * *
  1. Merchant gets the status of the operation and extra data customer_redirect
    Example of a user redirect link:
"extra": 
{
"customer_redirect": "https://checkout.provider.com/202511131111MqKRft39377/pay"
},
  1. Merchant redirect Customer to provider page
  2. Customer confirms the payment on the provider page
  3. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9260, 9261, 9262, 9324, 9516 *
9519 * *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Ivory Coast Limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9262, 9324, 9261, 9260 XOF 200.00 XOF 200.00 XOF 2'000'000.00
9516, 9519 XOF 100.00 XOF 100.00 XOF 2'000'000.00

Ghana

Provider ID Provider Name Notes
9343 MTN Check provider id with your manager
9344 Vodafone Check provider id with your manager

233000000000 - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids that do not require OTP or Redirect: 9343, 9344

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9343, 9344 * *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9343, 9344 * *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Ghana limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9343, 9344 GHS 10.00 GHS 10.00 GHS no limit

Zambia

Provider ID Provider Name Notes
9341 MTN Check provider id with your manager
9342 Airtel Check provider id with your manager

260000000000 - This is the format of the phone number you have to send in the payment requests.

C2B for Provider_ids that do not require OTP or Redirect: 9341, 9342

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST C2B request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9341, 9342 * *
  1. Customer gets push from operator and confirm the operation
  2. Merchant gets a callback (or requests the status) with the final state of the operation

B2C flow is the same for everyone, please specify the required extra parameters

  1. Customer initiates the payment on Merchant side
  2. Merchant sends request to the platform (POST B2C request) and set extra data depending on the provider_id:
Provider_id Empty customer_email customer_name return_url
9341, 9342 * *
  1. Customer receives funds to their mobile number
  2. Merchant gets a callback (or requests the status) with the final state of the operation

Zambia limits

Provider_id c2b minimum b2c minimum Maximum transaction limit
9341, 9342 ZMW 1.00 ZMW 1.00 ZMW 20'000.00

Online Payments

Cashless payment from the customer to the merchant

path Parameters
public_id
required
string
Example: f54ec96649be11ebb3780242ac130002

Merchant public ID

Request Body schema: application/json
required

Parameters to initiate a customer to the merchant payment

merchant_id
required
string (merchantIdDef)

Unique Merchant ID received during the merchant registration

customer_id
required
string (customerIdDef)

Customer ID (usually mobile phone number of the customer)

customer_user_id
required
string (customerUserIdDef) <= 200 characters

Unique customer identifier on the merchant’s side (e.g., internal user ID, CRM ID)

order_id
required
string (orderIdDef)

The unique value is generated by the transaction initiator for each Operation. Max length is 128 symbols. Allowed symbols: [a-z], [A-Z], [0-9], “_” (underscore character), “-” (hyphen), “:” (colon), “.” (dot). For example, GUID or TIMESTAMP can be used as an order_id. This parameter provides API idempotency. It means that requests with identical nonce from the same transaction initiator will have identical responses and The corresponding operation won’t be repeated.

amount
required
string

Amount to pay, should be in format with two digits after point

currency
required
string (currencyDef)

Currency code in ISO 4217 format from the list of availabe currencies

country
string (countryDef)

Country code in ISO 3166-1 alpha-2 format as defined in the payment providers

callback_url
string

URL to notify the merchant via callback. Recommended

provider_id
required
integer (providerDef)
Enum: 14 40

Provider ID. Can be one of the option from this list.

signature
required
string (signatureDef)

Merchant’s request and callback have to be signed to verify sent data. To generate the signature all sent parameters are included in the order they were sent. The parameter signature should be excluded, of course. Example can be found here

Responses

Callbacks

Request samples

Content type
application/json
{
  • "merchant_id": "e0fecd91fcb24f348048193b3fb34875ba3722b4",
  • "customer_id": 900000001,
  • "customer_user_id": "user-123456",
  • "order_id": "16280954971628095497",
  • "amount": "100.00",
  • "currency": "KES",
  • "country": "KE",
  • "callback_url": "https://example.com/callback",
  • "provider_id": 14,
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Response samples

Content type
application/json
{
  • "order_id": "16280954971628095497",
  • "transaction_id": "732007046722",
  • "transaction_ref": "MP.33234.342.CP33",
  • "status": 2,
  • "result": {
    },
  • "provider_result": {
    },
  • "service_id": 1,
  • "service_version": 11.1,
  • "service_date_time": "2020-11-25 10:08:32.832969"
}

Callback payload samples

Callback
POST: Asynchronous notification of the merchant about the last performed transaction
Content type
application/json
{
  • "transaction_id": "1234567",
  • "order_id": "16280954971628095497",
  • "service_id": 12345,
  • "service_version": "5.2.0",
  • "service_date_time": "2020-11-25 10:08:32.832969",
  • "result": {
    },
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Cashless payment from the merchant to the customer.

Cashless payment from the merchant to the customer. If the confirm_type response parameter is a non-zero merchant, send the second payment_b2c request with confirmation data according to the section Confirmation Types.

path Parameters
public_id
required
string
Example: f54ec96649be11ebb3780242ac130002

Merchant public ID

Request Body schema: application/json
required

Parameters to initiate the merchant to the customer payment

merchant_id
required
string (merchantIdDef)

Unique Merchant ID received during the merchant registration

customer_id
required
string (customerIdDef)

Customer ID (usually mobile phone number of the customer)

customer_user_id
required
string (customerUserIdDef) <= 200 characters

Unique customer identifier on the merchant’s side (e.g., internal user ID, CRM ID)

order_id
required
string (orderIdDef)

The unique value is generated by the transaction initiator for each Operation. Max length is 128 symbols. Allowed symbols: [a-z], [A-Z], [0-9], “_” (underscore character), “-” (hyphen), “:” (colon), “.” (dot). For example, GUID or TIMESTAMP can be used as an order_id. This parameter provides API idempotency. It means that requests with identical nonce from the same transaction initiator will have identical responses and The corresponding operation won’t be repeated.

amount
required
string

Amount to pay, with two digits after point

currency
required
string (currencyDef)

Currency code in ISO 4217 format from the list of availabe currencies

country
string (countryDef)

Country code in ISO 3166-1 alpha-2 format as defined in the payment providers

callback_url
string

URL to notify the merchant via callback

provider_id
required
integer (providerDef)
Enum: 14 40

Provider ID. Can be one of the option from this list.

signature
required
string (signatureDef)

Merchant’s request and callback have to be signed to verify sent data. To generate the signature all sent parameters are included in the order they were sent. The parameter signature should be excluded, of course. Example can be found here

Responses

Request samples

Content type
application/json
{
  • "merchant_id": "e0fecd91fcb24f348048193b3fb34875ba3722b4",
  • "customer_id": 900000001,
  • "customer_user_id": "user-123456",
  • "order_id": "16280954971628095497",
  • "amount": "100.00",
  • "currency": "KES",
  • "country": "KE",
  • "callback_url": "https://example.com/callback",
  • "provider_id": 14,
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Response samples

Content type
application/json
{
  • "order_id": "16280954971628095497",
  • "transaction_id": "532007056722",
  • "transaction_ref": "",
  • "status": 2,
  • "result": {
    },
  • "provider_result": {
    },
  • "service_id": 11,
  • "service_version": 11.1,
  • "service_date_time": "2020-11-25 10:08:32.832969",
  • "confirm_type": 0
}

Request a status of the transaction performed earlier

path Parameters
public_id
required
string
Example: f54ec96649be11ebb3780242ac130002

Merchant public ID

Request Body schema: application/json
required

Get the status of the performed transaction

merchant_id
required
string (merchantIdDef)

Unique Merchant ID received during the merchant registration

order_id
required
string (orderIdDef)

The unique value is generated by the transaction initiator for each Operation. Max length is 128 symbols. Allowed symbols: [a-z], [A-Z], [0-9], “_” (underscore character), “-” (hyphen), “:” (colon), “.” (dot). For example, GUID or TIMESTAMP can be used as an order_id. This parameter provides API idempotency. It means that requests with identical nonce from the same transaction initiator will have identical responses and The corresponding operation won’t be repeated.

signature
required
string (signatureDef)

Merchant’s request and callback have to be signed to verify sent data. To generate the signature all sent parameters are included in the order they were sent. The parameter signature should be excluded, of course. Example can be found here

Responses

Request samples

Content type
application/json
{
  • "merchant_id": "e0fecd91fcb24f348048193b3fb34875ba3722b4",
  • "order_id": "16280954971628095497",
  • "signature": "d7d6d76b0e22c6f9d369fa6c24f107053d12bfd24d3b154f2deb6676bf179c123134e1f20879c803be455d81cfe792f00cd8892c26ce7cf5a05beebb9c80843e"
}

Response samples

Content type
application/json
{
  • "order_id": "16280954971628095497",
  • "transaction_id": "732007046722",
  • "transaction_ref": "MP.33234.342.CP33",
  • "status": 2,
  • "result": {
    },
  • "provider_result": {
    },
  • "service_id": 1,
  • "service_version": 11.1,
  • "service_date_time": "2020-11-25 10:08:32.832969"
}