Environments
Our testing environment, referred to as “sandbox”, is set up to test API calls without affecting production environment data. To use our APIs, you are required to register your sandbox to test transactions for both disbursements (payouts) and collections (accept payments) on our OneKhusa web portal. Click here to sign up. Use the following base URLs when making requests to the API endpoints:When you are satisfied with the test results using the sandbox, you can activate your production environment in the OneKhusa web portal by submitting KYC details for compliance as required by our regulator.
Our Authentication Approach
OneKhusa uses OAuth 2.0 (OIDC) to authenticate your API requests. With OAuth 2.0 you can connect to your applications to OneKhusa without using your keys or sensitive information.Using OAuth2.0(OIDC)
To authenticate an API request with OAuth 2.0 you will need to generate an Access Token by sending a POST request to the OAuth 2.0 token endpoint. The access is token will be valid for 5 minutes within this window you may send multiple API requests before refreshing the access token. In order to generate the access token submit your active Merchant Account’s API keys which come in pair of:| Key Type | Description |
|---|---|
| API Key | Use this to authenticate API requests from your client apps and this can be publicly accessible in your web or mobile app’s client-side code. |
| API Secret | Use this to authenticate API requests from yourc client server. |
Notable Essentials
Most of our APIs require additional parameters associated with your merchant sandbox or production environment as follows:Organisation-id
Organisation-id
This parameter uniquely identifies your organisation, and you can get this value in the OneKhusa web portal under the Settings -> Profile menu.
Merchant Account Number
Merchant Account Number
This parameter uniquely identifies a merchant within your organisation. To get this value, you can find it under the switching merchant or Merchants menu.