To maintain the Niobi payment system security and integrity, the api authentication used is generating a unique signature for each request. This signature is generated by using the unique secret key generated by a user in their Niobi App. Once sent, the signature is verified by Niobi upon receipt and then subsequently the payment request is approved.

Signing Requests

To ensure the security and integrity of your communication with the Niobi API, it’s essential to sign each request. The complete step by step process for doing this is as follows:
  1. Create a request payload for a specific endpoint (for this example, we’ll use the unified collections api).
{
  "client_id": "<string>",
  "sender": "<string>",
  "timestamp": 123,
  "salt": "<string>",
  "signature": "<string>",
  "params": {
    "amount": 123,
    "mobile": "<string>",
    "country_id": 123,
    "currency": "<string>",
    "payment_method_type": "<string>",
    "callback_url": "<string>",
    "third_party_reference_1": "<string>",
    "third_party_reference_2": "<string>"
  }
}
  1. Pass the parameters section under the request payload for the signature generation api.
{
    "params":{
        "amount": 123,
        "mobile": "<string>",
        "country_id": 123,
        "currency": "<string>",
        "payment_method_type": "<string>",
        "callback_url": "<string>",
        "third_party_reference_1": "<string>",
        "third_party_reference_2": "<string>"
    }
}
  1. Add the salt value, sender name (the name of your integration) and your client_id.
{
  "sender": "Integration_title",
  "salt": "random_salt_value",
  "client_id": "your_client_key_here",
  "params":{
        "amount": 123,
        "mobile": "<string>",
        "country_id": 123,
        "currency": "<string>",
        "payment_method_type": "<string>",
        "callback_url": "<string>",
        "third_party_reference_1": "<string>",
        "third_party_reference_2": "<string>"
    }
}
  1. Generate the signature by calling the endpoint. The new request payload will be shared within the response including the signature.
{
  "success": true,
  "message": "Signature was generated successfully.",
  "data": {
    "client_id": "<client_id>",
   "params":{
        "amount": 123,
        "mobile": "<string>",
        "country_id": 123,
        "currency": "<string>",
        "payment_method_type": "<string>",
        "callback_url": "<string>",
        "third_party_reference_1": "<string>",
        "third_party_reference_2": "<string>"
    },
    "salt": "<salt>",
    "sender": "<sender>",
    "timestamp": "<timestamp>",
    "signature": "<signature>"
  }
}
  1. Pass the obtained request payload within the specific endpoint.

Verifying the Signature

To verify the signature, you can pass the payload obtained from the generate signatre response and pass through the verify signature api endpoint. The expected response is as shown below: 
{
  "success": true,
  "message": "Request verified successfully."
}

Generating Signatures using Code

Alternatively, if you prefer generating the signature using code, please read more under the Generating and Verifying Signatures Section