Introduction
Welcome to the Novasend Merchant API documentation
Objectives
The Merchant API allows partners to integrate payment and transfer functionalities into their applications or internal systems.
It offers the following capabilities:
- Trigger customer payments requiring confirmation.
- Perform internal transfers (wallet) or external transfers (Mobile Money).
- Query the status of a transaction at any time.
- Receive real-time notifications (Webhook, email, SMS).
- Refund transactions
Overview
The API is built on a cloud-native modular architecture compliant with secure payment standards.
The main interactions follow this pattern:
- Payment, Transfer or Refund: call to a secure endpoint (
/v1/payin,/v1/payout,/v1/payin/{reference}/refund). - Update: status synchronization after confirmation or rejection.
- Supervision: monitoring via the Merchant Portal (web console).
- Notification: automatic sending of a webhook or SMS/email alert.
Security & Compliance
| Element | Detail |
|---|---|
| Authentication | Basic Authentication |
| Network Security | IP whitelisting, TLS 1.3, anti-DDoS |
| Application Security | AES-256, integrity controls (integration in progress) |
| Logging | Centralized logs with ms timestamps, audit trail |
| Regulatory Compliance | PCI-DSS, GDPR, KYC/AML |
| Versioning | /v1/ prefix, backward compatibility ensured |
Idempotency Management
For critical operations (POST /v1/payin/sessions, POST /v1/payout, POST /v1/payin/{reference}/refund), each request must include:
| Key | Description | Required |
|---|---|---|
| X-Idempotency-Key | UUID to ensure request uniqueness | ✅ |
- Generated by the merchant (e.g., UUID v4).
- Associated with a unique transaction per merchant.
- If the request is replayed with the same key: the same response will be returned, no recreation.
Availability
GET /health- Auth: No
- Payload: None
- Description: Checks service availability.