OPay Payment Authentication


OPay payment flow was designed to guarantee the security and authenticity of our merchant transactions. OPay APIs use the state of the art cryptographic primitives to maintain the highest level of authentication and fraud prevention. OPay APIs are secured using API keys which will be generated automatically for you upon creation of your merchant account. Depending on the type of your API call, one of the following two authentication schemes MUST be applied:

  1. Public Key Authentication: Used for payment creation API (Cashier Create Payment).
  2. Signature Authentication: used for other payment related APIs (Cashier Payment Status , Cashier Refund, Cashier Payment Close).

API Keys


OPay APIs use API keys to authenticate all API requests. Upon creating your merchant account, your API keys shall auto generated for you. You can find API keys under API Keys & Webhooks section of your OPay merchant's dashboard.


OPay API Keys

Two API Keys are generated:

  1. Secret Key: used to sign the create payment APIs (Cashier Payment , Transaction Payment).
    2. Header: Bearer Signature and merchant ID 
                        
                        Authorization: Bearer {signature}
                        MerchantId   : 256612345678901

  2. Public Key: used as authorization key in the header of your other OPay payment related APIs.
    3. Header: Bearer Public Key and merchant ID 
                            
                            Authorization: Bearer {PublicKey}
                            MerchantId   : 256612345678901

Error

Error

Do not commit your secret keys to git, or use them in client-side code!

Warning

Warning

All API requests made without authentication will fail.

All API requests must be made over https.

Public Key Authentication


Your public key should be used for authorization header of the following API calls:

  1. Cashier Create Payment

The authorization header of these requests should contain your Public Key and merchant ID.

                   
                       Authorization: Bearer {PublicKey}
                       MerchantId   : 256612345678901

Signature Authentication


Signature authentication ensures the highest level of security for your payment creation requests. Not only does it provide a secure authentication mechanism, but also it ensures the integrity of your request payload, that is the content of your request payload has not been altered since it was transmitted from your side. OPay signatures are calculated using HMAC-SH512 applied to payload and signed with your secret key.

Your public key should be used for authorization header of the following API calls:

  1. Cashier Payment Status
  2. Cashier Payment Refund
  3. Cashier Refund Status
  4. Cashier Reversal Status

The authorization header of these requests should contain your HMAC-SHA512 signature of your payload signed using your secret key and merchant ID.

                   
                       Authorization: Bearer {signature}
                       MerchantId   : 256612345678901
Need help?

User Profile 12 messages

James Jones
Application Developer
jm@softplus.com
My Profile
Account settings and more update
My Messages
Inbox and tasks
My Activities
Logs and notifications
My Tasks
latest tasks and projects
Recent Notifications
Another purpose persuade Due in 2 Days
+28%
Would be to people Due in 2 Days
+50%
Purpose would be to persuade Due in 2 Days
-27%
The best product Due in 2 Days
+8%
System Messages
Top Authors Most Successful Fellas
+82$
Popular Authors Most Successful Fellas
+280$
New Users Most Successful Fellas
+4500$
Active Customers Most Successful Fellas
+4500$
Bestseller Theme Most Successful Fellas
+4500$
Notifications
Another purpose persuade Due in 2 Days
+28%
Would be to people Due in 2 Days
+50%
Purpose would be to persuade Due in 2 Days
-27%
The best product Due in 2 Days
+8%
Customer Care
Reports
Memebers