Skip to content

Introduction

Brief Description

  • This section describes how to obtain Account API Credentials and handle signature verification before integration.

Sandbox Account API Credentials

  • API Base Url๏ผšhttps://sandbox-api.vexora.com/nigeria
  • Merchant Number๏ผˆMID๏ผ‰: 3060414594
  • Secret key: dbecac55466b4958a2d06069fcf49e18

Prod Account API Credentials

Once the sandbox integration testing is passed, 
please contact your business or operations manager to apply for access to the production environment. 
The API credentials can then be obtained from your merchant admin portal.

Signature Generation Logic

To ensure request security, all API calls must include the signature parameter sign. The generation rules are as follows:

1. Signature Generation Steps

Step 1: Assemble the String to Sign - Obtain all request parameters to be sent (excluding the sign parameter itself). - Sort the parameters in ascending order by their names based on ASCII values (A-Z). - Concatenate the sorted parameters in the format key=value into a single string, without any separators between parameters. - Example format: amount=100currency=USDto=john.doe@email.com

Step 2: Generate the Signature - Append your App Secret (i.e., the private key obtained from the Merchant Admin Portal) to the end of the string from Step 1, forming the final string to be encrypted. - Compute the MD5 hash of this combined string. - Convert the MD5 result into a lowercase hexadecimal string. This is the final value for the sign parameter.

List<String> keys = Lists.newArrayList(map.keySet());
Collections.sort(keys);
StringBuilder request = new StringBuilder();
for (String key : keys) {
  String value = String.valueOf(map.get(key));
  if (StrUtil.isNotEmpty(value) && !"sign".equals(key)) {
    request.append(key).append("=").append(value);
  }
}
log.error("encrypt string : {}", request);

2. Core Parameter Specifications

Item Value Description
Signature Type (SIGN_TYPE) MD5 The MD5 algorithm is mandatory.
Character Set (CHARSET_NAME) UTF-8 UTF-8 encoding is mandatory.
Salt (salt) Your App Secret Serves as the secret key, obtained from the Merchant Admin Portal. Keep it secure. 
try {
  MessageDigest md5 = MessageDigest.getInstance(SIGN_TYPE);
  md5.update((str + salt).getBytes(CHARSET_NAME));
  return byte2hex(md5.digest());
} catch (Exception e) {
  if (log.isDebugEnabled()) {
    log.debug("md5 Encryption error", e);
  }
}
return "";

public static String byte2hex(byte\[\] bytes) {  
  StringBuilder sign = new StringBuilder();  
  for (int i = 0; i < bytes.length; i++) {  
    String hex = Integer.toHexString(bytes\[i\] & 0xFF);  
    if (hex.length() == 1) {  
      sign.append("0");  
    }  
    sign.append(hex.toLowerCase());  
  }  
  return sign.toString();  
}

3. Additional Request Requirements

  1. Merchant ID (MID): Must be submitted in the HTTP Header, typically under merchantNo.
  2. IP Whitelist: Before making API calls in testing or production environments, you must contact the platform operations team to add your serverโ€™s outbound IP address to the whitelist. Requests from unauthorized IPs will be blocked.

Request Parameter Acquisition

public static Long getMilliByTime(LocalDateTime time) {
  return time.atZone(ZoneId.systemDefault()).toInstant().toEpochMilli();
}

Request method

  • All requests are Post requests, and the data format is json