Skip to main content

Introduction

Overview

Wallet-as-a-Service (WaaS) is a financial wallet integration API that enables businesses to create, manage, and process transactions for customer wallets. The service provides comprehensive wallet management capabilities including creation, balance checking, transaction processing, and real-time notifications.

Environment: Production and Sandbox endpoints provided during integration

Protocol: HTTPS only

Format: RESTful API with JSON request/response format

Key Features:

  • Customer wallet creation and management
  • Real-time balance enquiries
  • Secure debit transactions
  • Transaction status tracking
  • Transaction reversal (within 1 hour)
  • Real-time webhook notifications
  • Name verification services

Authentication & Security

Required Headers All POST requests require the following headers:

POST
curl -X POST
  -H "x-Client-Id: [Your unique client identifier]"
  -H "x-hash-key: [Generated security hash]"
  -H "Content-Type: application/json"
'

Hash Key Generation Algorithm

The security model uses different hash calculations based on the endpoint:

Endpoint TypeHash FormulaNotes
Wallet Creationsha256(clientSecret + payload)Initial setup
Wallet Debitsha256(CustomerMAC + clientSecret + payload)Requires CustomerMAC
Other POST Requestssha256(clientSecret + payload)Standard operations
GET Requestssha256(clientSecret + payload)Empty payload strings

Components

  • clientSecret: Provided during integration (keep secure)
  • ayload: Complete JSON request body as string
  • CustomerMAC: macchecksum from wallet creation response

Important Security Notes:

  1. Never expose clientSecret in client-side code
  2. Store macchecksum securely (encrypted database)
  3. Regenerate hashes for each request
  4. Validate all incoming webhook signatures (if implemented)
  5. Use environment variables for sensitive data
  6. Implement request logging without sensitive info
  7. Validate all inputs
  8. Use HTTPS for all communications

Implementation Checklist

  1. Obtain the following from WaaS provider:

    • clientId
    • clientSecret
    • schemeId
    • walletShemeTierId
    • baseUrl

  2. Set up your environments

  3. Configure secure credential storage

  4. Set up logging and monitoring systems

  5. Develop webhook endpoint (HTTPS)

  6. Create error handling framework

  7. Test with sample payloads

  8. Deploy to staging environment

  9. Perform UAT with test wallets

  10. Register production webhook URL

  11. Go-live with monitoring