Pesamonie Pay Public API
Welcome to the Pesamoni Pay API documentation!
Pesamoni Pay is a secure and reliable payment gateway that allows merchants to accept payments online from their customers. Our API enables merchants to integrate Pesamoni Pay into their websites and applications, making it easy for their customers to pay for goods and services.
In this documentation, you will find all the information you need to get started with the Pesamoni Pay API. You will learn about the different API endpoints, how to make requests and handle responses, and any additional notes or requirements for using the API.
We hope that this documentation will help you to easily and quickly integrate Pesamoni Pay into your business. If you have any questions or need further assistance, please don't hesitate to contact us.
Important Things to Note:
API Credentials
Before you begin, please note that you will be provided with a vendor code and vendor secret key which you will need to include in all of your API requests. These codes are unique to your account and will be used to authenticate your requests.
To make an API request, you will need to include the vendor code and vendor secret key in the request header as follows:
Please keep your vendor code and vendor secret key confidential and do not share them with anyone. If you believe that your vendor code and vendor secret key have been compromised, please contact us immediately so that we can issue you with new ones.
If you have any questions or need further assistance, please don't hesitate to contact us. We are here to help you get the most out of our API.
Request Integrity
In order to ensure the integrity of API requests, all requests made to the Pesamoni Pay API must be digitally signed using your private key. The signature will then be validated against your public key on the server to verify the authenticity of the request.
To sign your API requests, you will need to include an "X-Integrity-Signature" header in your requests. The value of this header should be the base64-encoded signature of the request payload, using your private key.
You will need to provide us with your public key so that we can validate the signatures of your API requests. Please make sure to keep your private key confidential and do not share it with anyone.
Click here to see how to generate private / public key pairs
If you have any questions or need further assistance, please don't hesitate to contact us. We are here to help you get the most out of our API.
To generate the signature, you will need to follow these steps:
- Hash the request payload using SHA256.
- Sign the hash using your private key.
- Base64-encode the signature.
Sample Code with Javascript:
If you're having problems generating a digital signature with private key in your Language, please make a google search for "How to generate a base64 digital signature with private key in YOUR-LANGUAGE " or check the documentation for your programming language.
To ensure the integrity and authenticity of all digital signatures, a nonce (number used once) will be included in the generation of digital signature. The nonce is a unique, randomly generated number that is used only once, and it helps to prevent replay attacks and other types of tampering. Set the nonce as the current timestamp digits in seconds or milliseconds e.g 1672391524647 as it will keep changing.
The server will verify the nonce as part of the signature verification process to ensure that the message has not been tampered with.
To sum it up, the following 4 Headers should be on each request sent to the API.
Throughout the documentatiom, you can click the Language Dropdown in the top navigation bar to change the language in the examples e.g to cURL, Javascript, php, Ruby etc
Each Endpoint documentation will clearly state where and how the request will be made. You are now ready to start the integration process