Picture

IMTO's Remittances

This is the technical specification for the Restful APIs for IMTO remittances.

Introduction

This document is to afford the IMTO’s to be able to carry out remittances in USD via the Application Programming Interface (API) that will be exposed by the Bank.

The service is a Restful service, and this is to be consumed by prospective IMTO’s in line with CBN guidelines regarding remittances in US Dollars,

Specification Details

This service supports only REST requests.

Go to API Reference.

Security Header

Below are the security headers to be used for authorize API call.

Header Name

Description

Value

Header

VendorId

As assigned by the bank, e.g. smallworld

Authorization

Bearer Token

Token generated when authentication method is called.

Authentication

Every request to the API must come with a Token in the authorization header. In view of this you are expected to generate a token by parsing the below JSON into body of the authentication endpoint

{baseUrl}/api/Authentication/authenticate

{
   "id": 9,
   "firstName": null, 
   "lastName": null,
   "username": "smallworld",
   "password": null,
   "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfbmFtZSI6IjkiLCJuYmYiOjE2MDc3MDk1MTQsImV4cCI6MTYwNzc5NTkxNCwiaWF0IjoxNjA3NzA5NTE0fQ.DaRnbL4nrFayyVxIjrdNn02qoEvm_TzZW9PQcRM0bUg",
   "refreshToken": "2EeYyuJa3FkRGiS6JGnQsBgnKdd9INg6JpSsQK/+VbPGA9i/GdTrGdvAX4LhDAPzuL7M9cDtDVil3pFrkpyEGudeDoCBUiQPLldyoZyPyHtu2GI6EXaZZ9h72MX0d4zsjM6G6HnWRuusUzXd8CHPyQct5wB3PWYsA58OLbg rY7wXK8IPBmuZ4pOQtcMXvd/+Q/TK7AdsICAACUdXX3tvGuc3hso4VbsErF8MV8Yti0ryW6e8SJLQjrVD88dl2bSkA7aV9 L/yJf2ueIGyxJjjGmvJDrfqVRP4k7qJZKBXG3npwHF1PiZk4xrgiy4E2ZNITuqozHrkB42cW01lGzHVzQ==",
   "refreshTokenExpires": "12/18/2020 5:58:34 PM"
}

Refresh Token

The token generated has an expiry of 24hours. If the token has expired, you are meant to generate a new token by calling the “RefreshToken” endpoint. So, at this point you will parse the refresh token gotten when the authentication endpoint was called. This is to enable you to get a new token to be used for the next 24 hours

{baseUrl}/api/Authentication/RefreshToken

{
   "refreshToken": "LJY34Fnyd/H5ssh7hY20QE3RjIDoVlbzAfy0BGhOGUo7ruVvF8FMX3sc HeHCcSMiuYCH13fjx3TOlyaHdcDCBrfsGWBly1YXXGDbWssVF9laYHdWWzpPTb5fZ/8qC3kmce8ca 3zHcrmzAVyqMdmtusjg7Vz8q5L8mJIDIjVH7XKF4hdCf+EsrEyGGXbaees9KzelHO/jeF2pQ2RH53 EqSdRMvSoqMUVTi3NSarSgzpatCu0bUzDCuzQWcGkhcWW9P945iGhIz7oOQUYy91rhFvfK3S0RnmO 0xV7m2nV8dL3mUWTZLqjUW2ztyFIzOSrfOwW3Zj3PX7Ss4WW9w6DTxg=="
}

IMTO's NameInquiry

This method is expected to be called in order to validate the beneficiary to receive fund. The output of this is an input into the remittance endpoint.

{ 
   "RequestID": "123456890", 
   "AccountNumber": "0637567567" 
}

But the sample request becomes:

{baseUrl}/api/IMTOsNameEnquiry

{ 
   "imtonameEnquiryRequest":"9TDEKYXOqDHUHeH1pS+k+6PgxLhsmZQyuALV41R/a xTl2cwBdcM7IyWH0sN4wUNPmZ3bMLZglZQPcNNbrzyBnQ==" 
}

The response to this call we return the name and account number;
e.g. “SUCCESS|0642341235|OLAYIDE ADERIBIGBE”

Note:

  1. If a naira account (01XXXXXXX,02XXXXXXX) is parsed, a DOM account is automatically created and same is communicated in the above sample response given.

  2. This request is expected to be encrypted using AES encryption. Detail about this will be discussed under security.

IMTO's Remittance

This endpoint does the debit of the IMTO and credit of the beneficiary. Below is the payload to be parsed:

{ 
   "TransactionReference":"1234567890", 
   "SenderID":"K12345", 
   "SenderName":"1234567890", 
   "CreditAccountNo":"1234567890", 
   "AccountCreditName":"Muritala Salami", 
   "TransactionNarration":"Test Narration", 
   "Amount":"500", 
   "SourceAccountNo":"0987654321" 
}

Sample Request:

{baseUrl}/api/IMTOsRemitance

{
  "imtoremitanceRequest":"Rmh9wwgrQNp9zVp7s+1fHnMRCR3Pp9gsJ+vxFhN4jfYB2BvrdofwZJQkxFF5DBgGCiMyi4I09cFebki3OcnPoWt2oZTPVm7ueWuvweJ8uo0dtInEiW9hGIMg7ItEVCh3ROz28+Q8Y/ZRh8Onoix+nUoAwdFOUmGebUZ4FATaKgSNSdhAm3CxppePHvxkaqwS4cC1rn5MuFPlkjbRNoIUFs/Y7bxuPxjxo/IsgjrKgTWXFvo+YpsgsHyIMkd1NBdOq+p+BS3/ocaCPJSeWbmL3mYJ/+ISt14XpvUgcyTXx1KIPTR0qZ8Tr4DIPRZuKY6DymeFHtnwDHyXb8pdjL1DvzLJA4o9rkRWMuC4yOTHv801RKQg3HuX0kQKF+UKRh5r" 
}

The response to this call we return
e.g. SUCCESS/M12345

Note: This request is expected to be encrypted using AES encryption. Detail about this will be discussed under security.

Transaction Status

This method is used to query the status of remittance request transaction. Encrypted Transaction Reference is parsed into the IMTOsTransactionStatus method.

For example,

{baseUrl}/api/IMTOsTransactionStatus?TransactionReference=e7kut80+e60SsshrTDLOPA==

An encrypted response is provided. When this is decrypted, it will return a string as
“SUCCESS|MXXX|234567”.

Validate BVN

This method is used to validate supplied BVN with NIBSS. OTP is sent to customer email and phone number if the BVN validation is successful. The sent OTP will have a validity of 15 minutes.

The BVN will be encrypted and will be formatted as below:

Unencrypyted Request: 
{
 "BVN": "22XXXXXXX",
 "DOB": "21-Apr-98"
 }

Sample encrypted payload:

{baseUrl}/api/IMTOsValidateBVN

{
 "imtosvalidatebvnRequest": "ARMmHYJMoQ+6bmPcygvtEa+EGJ8MiATjwd/Qouc1Q3gGUj9iv/0neaJRgcB5Fd6g"
}

The response will be formatted as below as JSON string;

{
 "ResponseCode":"00",
 "ResponseMessage":"Successful",
 "DOMAccountNo":""
 } 

Encrypted Response: wT2NIs+6uQTEgGIXpD7VDGTFR+vgkgL78pSA9K685QQCDAmSl4QI0v5EpU+igohpT idIupokRYD2JCWAXXP79p1UygXwKgWVYjM4dmQ9RcA=

Open Domiciliary Account

This method is used to open domiciliary account for an existing Wema and non-existing customer using BVN.

Unencrypted Request:
 {
 "BVN": "22XXXXXXX",
 "OTP": "546365"
 }

Sample Encrypted request:

{baseUrl}/api/IMTOsOpenDomAccount

{
 "imtobvndomRequest": "ARMmHYJMoQ+6bmPcygvtERdLtXLj6iF/AHG4G0zXDyJhh9bKJ1QZPGV3ZSzXNaHM" 
}

The response will be formatted as below as JSON string.

{
 "ResponseCode":"00",
 "ResponseMessage":"Successful",
 "DOMAccountNo":"0625656646"
 } 
Encrypted Response: wT2NIs+6uQTEgGIXpD7VDGTFR+vgkgL78pSA9K685QQCDAmSl4QI0v5EpU+igohpT idIupokRYD2JCWAXXP79p1UygXwKgWVYjM4dmQ9RcA=

Picture

Dom Account Process Flow

Picture

Security

The requests and responses are encrypted with AES(AES/CBC/PKCS5Padding) algorithm. The connecting IMTO is expected encrypt their request and decrypt response from our end. The below keys should be used in encrypting and decrypting subsequent requests and responses on a test environment.

EncryptionKey = ")KCSWITHC%^$$%@H"; 
EncrytionIV = "#$%#^%KCSWITC945"; 
cipherMode = "CBC";

HTTP Response Code

Find in the table below the response codes and their respective descriptions: This API conforms to Standard HTTP Response Code. As such if anything goes wrong the response will be depicted as below:

S/N

Code

Message

1

200

Request successfully executed

2

400

Bad Request.

3

401

Unauthorized

4

417

Expectation Failed

5

102

BVN Validation failed

6

106

SMS not Delivered

7

110

Error occured validation BVN

8

103

Data Access Error

9

109

OTP is already used

10

107

Invalid OTP

11

108

OTP Expired

12

104

CIF Creation Failed

13

105

Dom Account Creation Failed

14

111

Error occurred while Creating DOM Account

15

112

Invalid Data

16

00

Successful

NIP Response Codes

Find in the table below the response codes and their respective descriptions:

Code

Description

00

Approved or completed successfully.

01

Status unknown. Please wait for settlement report.

03

Invalid sender.

05

Do not honor.

06

Dormant Account

07

Invalid Account

08

Account Name Mismatch

09

Request processing in progress

12

Invalid Transaction

13

Invalid Amount

14

Invalid Batch Number

15

Invalid Session or Record ID

16

Unknown Bank Code

17

Invalid Channel

18

Wrong Method Called

21

No Action Taken

25

Unable to locate record

26

Duplicate Record

30

Format Error

34

Suspected Fraud

35

Contact sending bank

51

No sufficient funds

57

Transaction not permitted to sender

58

Transaction not permitted on channel

61

Transfer limit exceeded

63

Security Violation

65

Exceeds withdrawal frequency

68

Response received too late

69

Unsuccessful Account/Amount block

70

Unsuccessful Account/Amount unblock

71

Empty Mandate Reference Number

91

Beneficiary Bank not available

92

Routing Error

94

Duplicate Transaction

96

System Malfunction

97

Timeout waiting for response from destination

31

Unable to do TSQ

32

Transaction Failed. Resend with new Payment Reference No

19

Payment Reference cannot be found

20

Transaction in progress. Awaits confirmation from NIBSS

22

Error Occurred Getting Transaction Status

23

Payment Reference Exists. Transaction under Investigation

33

Exceptions raised during Name Enquiry

36

Unable to call main Fund Transfer Service

37

Unable to call main Transaction Status Service

38

Unable to call main Name Enquiry Service

39

Unable to call main Bank List Service

Exceptions:

  • Requested Service not found.

  • Unauthorized access to this service

  • Invalid Account Number

  • Source account cannot be validated.

  • Transaction Reference already exist.

  • Expectation Failed