1. Get your API keys

Send an email to [email protected]

2. Create an app

An app is a representation of your mobile bank/wallet app where users will be redirected to. Use your API keys to invoke the create app endpoint.

3. Configure your app

1

Setup scheme name

To setup your scheme name on android and iOS add the following code snippets to your AndroidManifest.xml and info.plist respectively. Replace mainbanc with the scheme name you selected from step 2 above. Also replace com.mainbanc.app with your actual iOS bundle URL.

2

Verify payload

To make sure the intent is from a trusted source it’ll contain data of the QR code and a signature attached to it. The signature is signed using RSASSA-PKCS1-v1_5. Use the public key gotten from the create app response as the signature key.

  import { Base64 } from 'js-base64';

  function getParamsFromUrl(url: string) {
    const urlObject = new URL(url);
    const qr = urlObject.searchParams.get('qr');
    const signature = urlObject.searchParams.get('signature');

    return { qr, signature };
  }

  function verifyIntentPayload() {
    const publicKey = "APP_PUBLIC_KEY"; // it's safe to fetch from keychain or hardcode it
    const { qr, signature } = getParamsFromUrl(url);
    if( !qr || !signature){
        return null;
    }

    // Convert the public key from base64 to ArrayBuffer
    const publicKeyArrayBuffer = Base64.toUint8Array(publicKey);
    const qrDataArrayBuffer = new TextEncoder().encode(qr);
    const signatureArrayBuffer = Base64.toUint8Array(signature); // Convert signature from base64 to ArrayBuffer

    // Import the public key
    const importedKey = await crypto.subtle.importKey(
      'spki',
      publicKeyArrayBuffer, 
      { 
        name: 'RSASSA-PKCS1-v1_5',
        hash: 'SHA-256' 
      }, 
      false, 
      ['verify']
    );

    // Verify the signature
    const isSignatureValid = await crypto.subtle.verify(
      'RSASSA-PKCS1-v1_5',
      importedKey, 
      signatureArrayBuffer, 
      qrDataArrayBuffer
    );
    if (!isSignatureValid) {
      console.log("signature not valid--->", isSignatureValid)
      return null;
    }

    return {
      qr
    };
  }

4. Initiate payment

Once your have verified the payload, invoke the initiate intent endpoint with the following parameters

{
    "app": "app_zyv1aabk89193sjrkzx0ilm70oskm1qv", // ID of the app you are sending request from
    "qrData": "00020101021136440210021967068804030580019org.paycashless.qpi520441115802NG5908GRUBWAYS6005ABUJA61069002315406275.005303566627403030550615umar.ab@hey.com0702000512pay_8wbEy3mL0815EAT/DRINK LAGOS110352180630136tok_dgw24skjdws9d6u7x7mxm15b9ihbta6k0019org.paycashless.qpi6304180B",
    "initiationMethod": "handoff",
    "reference": "payc_YkMoo13796xe804v5ew", // unique reference for the payment
    "confirmAuth": true,
    "ipAddress": "105.112.28.61",
    "deviceType": "ios",
    "authMethod": "credentials",
    "accountName": "Mansa Musa",
    "accountType": "personal",
    "accountEmail": "[email protected]"
}

5. Send payment status

When payment is concluded update the status using the update intent API.

{
  "status": "successful",
  "sessionId": "9900247210411803024900726751361",
  "channel": "nip",
  "chargeId": "charge_sk1nas33qqgu1yqpc4587ujypan7m7pb",
  "amount": 27500,
  "accountNumber": "2221890000"
}