OPay Payment Authentication

OPay payment flow was designed to guarantee the security and authenticity of our merchant transactions. OPay APIs use the state of the art cryptographic primitives to maintain the highest level of authentication and fraud prevention. OPay APIs are secured using API keys which will be generated automatically for you upon creation of your merchant account. Depending on the type of your API call, one of the following two authentication schemes MUST be applied:

  1. Public Key Authentication: Used for payment creation API (Cashier Create Payment).
  2. Signature Authentication: used for other payment related APIs (Cashier Payment Status , Cashier Refund, Cashier Payment Close).

API Keys

OPay APIs use API keys to authenticate all API requests. Upon creating your merchant account, your API keys shall auto generated for you. You can find API keys under API Keys & Webhooks section of your OPay merchant's dashboard.

OPay API Keys

Two API Keys are generated:

  1. Secret Key: used to sign the create payment APIs (Cashier Payment , Transaction Payment).
  2. Header: Bearer Signature and merchant ID
                            
                                Authorization: Bearer {signature}
                                MerchantId   : 256612345678901
                            
                        
  3. Public Key: used as authorization key in the header of your other OPay payment related APIs.
  4. Header: Bearer Public Key and merchant ID
                            
                                Authorization: Bearer {PublicKey}
                                MerchantId   : 256612345678901
                            
                        

Public Key Authentication

Your public key should be used for authorization header of the following API calls:

  1. Cashier Create Payment

The authorization header of these requests should contain your Public Key and merchant ID.

                   
                       Authorization: Bearer {PublicKey}
                       MerchantId   : 256612345678901
                   
                

Signature Authentication

Signature authentication ensures the highest level of security for your payment creation requests. Not only does it provide a secure authentication mechanism, but also it ensures the integrity of your request payload, that is the content of your request payload has not been altered since it was transmitted from your side. OPay signatures are calculated using HMAC-SH512 applied to payload and signed with your secret key.

Your public key should be used for authorization header of the following API calls:

  1. Cashier Payment Status
  2. Cashier Payment Refund
  3. Cashier Refund Status
  4. Cashier Reversal Status

The authorization header of these requests should contain your HMAC-SHA512 signature of your payload signed using your secret key and merchant ID.

                   
                       Authorization: Bearer {signature}
                       MerchantId   : 256612345678901
                   
                

User Profile 12 messages

James Jones
Application Developer
Recent Notifications
Another purpose persuade Due in 2 Days
+28%
Would be to people Due in 2 Days
+50%
-27%
The best product Due in 2 Days
+8%