Introduction
This document describes the API methods that Merchant uses to interact with the Momo.
- Interaction happens over HTTPS using POST requests.
- Each method accepts a single request stream and returns a single response stream.
- Once decrypted, request and response streams are JSON formatted.
Momo needs to provide Partner with:
- Base URL of the endpoints that Momo will hit
- SSL Certificate
- PGP public key for Merchant to encrypt the message body
- Partner-code
- Password (using in some module)
Merchants needs to provide the following data to Momo:
- PGP public key for Momo to encrypt the message body
- Server IP to add whitelist (in production environment)
Method
All APIs exposed are RESTful API’s with request and response payloads formatted as JSON.
Header
| Name | value |
|---|---|
| Content-Type | application/pgp-encrypted |
| Accept | application/pgp-encrypted |
| partner-code | Momo will provide when integrate |
Payload
Common Request Parameters
| Name | Type | Explanation |
|---|---|---|
| requestId | string | Unique identifier on Momo's side to track each request. |
Common Response Parameters
| Name | Type | Explanation |
|---|---|---|
| requestId | string | Unique identifier for the request generated by Momo. Should match the request_id from the request. For example: req_12345. |
| referenceId | string | Unique identifier for the request on the Provider's side. For example: ref_12345. |
| responseCode | int | response_code tells the status of the request |
| responseMessage | string | response_message returns a human readable string to identify the issue. Momo would only use response_code to distinguish whether this request succeeded or not |
HTTP Status Codes and Response Code
HTTP Status Codes
| Status Code | Description |
|---|---|
| 200 | Success |
| 400 | Malformed request |
| 401 | Unauthorized |
| 404 | Not found |
| 500 | Server error |
Common Response Code
| Response_code | Sample Response_message | Description |
|---|---|---|
| 0 | Success | No error |
| 2 | Decryption Fail | Cannot decrypt the request |
| 4 | Invalid wallet Id | |
| 8 | Duplicate request Id | |
| 9 | Invalid partner code | Fail |
| 10 | Unknown result | Check by hand, or call check status to get the final result |
| 11 | Other error | Fail |
Encryption
- All requests from partner will be encrypted by the Momo's public key and signed with merchant's private key.
- All requests from Momo will be encrypted by the partner's public key and signed with Momo's private key.
- All encrypted messages must be in ASCII-armored format.
Sample public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v1.0.0
xsBNBFlKIp0BCAC4ez6wFnGO8fwGdDQgalpUkA9cx/8tSHSXzV9/nwiI8d2Y/Rj1
KB32aprU4zl65dAJbrUvwDcjUuVaxDDlbe4iGG1cOWJ2CZ5UaT9u+s/vhbD8ihpy
LyUmCE1EMefpS2pt88kOYhlTmBJizAhZ2yvsHqRRaW04t91h96gDP/irTfbvJ2H9
NjCdv6IIUtxLTEEut7R8SOmfHLp7BF5Sj27vY5CLAR3g3pWSSq4C2ZZb9PuyyEZc
eGyNGh8xZfCk9xPub4IGSn3SDs9ICDZzBXHCYJWxXjP3mCjVlcsGzkfaeFEtr3L6
fb1ZIH2Xjw0xHdJYE72GVDhtLXbWwLeg7diNABEBAAHNG01vTW8gPG1haWxAbXNl
cnZpY2UuY29tLnZuPsLAbQQTAQoAFwUCWUoinQIbLwMLCQcDFQoIAh4BAheAAAoJ
EGrg8VBEhjR5p08IALTqffTbmD1n/ih7dSgwLTAxtOVDFsYfvNuACpjoOzpJ9thv
KKzeasVJYk3iFMjl/FeLHqq5oZ2AqZBbdG/i7JMg3gFjt79eI0Zu7bQR7fZtHhon
NLJ+9XAl1lFMINE/5v35tVCz4X7B2C77s+/fABarf/TEiEuH0P+OyLbWy4dUJirw
nT0Z6Zr746ldNTwJ0O/mfhY59gpr8m+xDXbVTzqv+damwDdZuavd/lS6bFU3QEbS
+9MSYH5Zb+VoFHlSEcmMyQfIx1Q+BZJtpdT211jtxfnX3hI3Z+iBVx73DCIV2L6C
72mfm7S3jjpwEMnVD/P01I/LMcpr+wU6j9YUrXrOwE0EWUoinQEIAM/qNOTMcIye
M9PXap8IUg9QDD8S6CcQ5WQoswcs5duXriZjVivzT2Wz3ViFvv4Htl7XeehpYYgT
IhRF2yorSdG0oswl6vyMULL40O22WNtFCbA/78YjxosktjNm8rXTWhQxRD11psdA
Om9Fz9Zc7/Q6kenmMJcmk3e2CrW/AOpBCpgzt8n22n4Fvi+e8Eha4XOLLbMcnJTb
eZ391+eQnuHYnQBeq2X06GttbD7AJOioQkxXl0PDHWZ4AAwHEJYyd+tXR15YWDeR
eRkoLtabfqqVfkGqcqS+HYlE+pSzC6nDaa8hayQ5azvKJ7YVu6PZN49pgZYnG7Qz
cHc6btKqWucAEQEAAcLBhAQYAQoADwUCWUoinQUJDwmcAAIbLgEpCRBq4PFQRIY0
ecBdIAQZAQoABgUCWUoinQAKCRA46sEX7Mu5aAwFB/oCdfhThPL6ADc/QkDbClpe
hSRdNoQy185sbTSIp6ziKQsAb7rNVTqC6/VvxqsOR9g1n2ZqC5Bm+PXa4gque6bv
Sbh5OUOa0631zWOFv7Z6qoEErjAicm59yhbP6Z57ON826PqH0XT3PmuBO8gy1CXz
G6DsurEXCzL+skgpi1orIYB2rFHRQyufhRrhc+CeJpQr0pAS0Jwb6nOWqk92fQAQ
O94Nu7B0r3piuDPLmFFLOUkEzZbBRoThDIRjXE30VHM+MGd0fVpPk7sCcXM+XY1i
KCdNcM11Elhdw+EHzO5WePx39zdyOEIUDq/gDU0IK10O+A7r1feIX7fbDo5XLGv8
qYwIAJXiNDfOK86Z/FFTuT03L084aWdGuaoiOu0ElLq6n6EOKcsQtlpfeTTWU/Mu
AAJShjvqy71raaoBT5lxcDUekCHEFD3Xo5pfSZDDK/1uQ0gvFzMNCQHrY4qfpysG
c1sS/9vXxy4lD4BvdQfjVFHDTPdLCxCh6MYsKJKr1qu4b8dcQetQAT3RDHAJX3Rj
wSEOa1FWFFQQWgRwzSN13ALlmSSDg5BhdBLP06ntfoozjZbe488Zev1kN92TIHjP
Ai/hHnX8HK+mYoXet4x7mNyFEQjP/xIfe23Qpj1I7FYONUruiW8E4f5TQxsIg8mr
E8U5ILE6hOC9LvesawOZ6CLMK7nOwE0EWUoinQEIAKIuc/5ALzTMEur4kCdFz9EK
osLcgW3zlBJQxwCg+2+sid5LS/n0GaPUWFPQ+hou2M7bhkudY9f1Lr5i50ODW+KN
voeAX0/trrin1sQCAZUCn+trhOrQZlKRH0PVCL346eSLovd1u9w01m5ewUy593rk
6Nk57fMgzgKlb52O6ziL0xRpPJCeVTBKqSqXL1x0OIexJnBPB+twekQnGmwT39Lr
Y61jt/PRzZLmUO4ry1P3URb9DIGub2DlUSu5kXzcRXbqHRGT7FjIl2g3sLiYStgT
rgcoSaZE0LwHofm8LuRyiEwXsDJ8FS7shgPZ4IUGTgIuMa5gYUZ6QjtVvNvrjeUA
EQEAAcLBhAQYAQoADwUCWUoinQUJDwmcAAIbLgEpCRBq4PFQRIY0ecBdIAQZAQoA
BgUCWUoinQAKCRDuRCqUJQ3EPRdKB/0bVTAmEFUXLON8mQnN6/jdcSZv4LCpFqOr
WE1T3mwupi3iIfYDWRdQvUs9xQ5+lLOW/gcXCFIJ0vMQgq+D37UE9gnL4tN5nwrS
VewksnYkzxCEWD/YnbsuaRSFf13k29I7F2kaKb4OrPeD+P9jeLhBrSLIrW+WGThx
LPNn+lSHoXZfXm+Fhgr+ELoD32uaFshXax+DAt3ymOGkKTZ7pyBsWfl796pJ6R8o
EWhHUeVrNBY0xwzmUVNo/uGsi/z/c8u39aRa1HYXxLzOQPvA2b8uSONFnAArI511
B0qzuDMRqeP2IpA0v9CxGpKpVs2X2n7GaBERei2QX8raRw/9QNn9clkIAJN5INIW
lerG7MFay31YLNCxz4ffXVcVtv+mSKM33134bUngoUEXbAq7RtTxTqcmIApMU4VG
Yt4NZu8QXAKBX6AYQhw36z2QCJtiEURKtpumXXWh1EOaGUZ2OOGhng1K1FyYqmco
dAtDU52T28KP/uk9oFLlpvcbz/SWt+W0uWvQVjqKfrqTo6k1ux2jE1Twgx+Dh2Uv
/99BjggBJidQulVEjaIaw6sU0M7hF/5Y83eZG/J3UldaEsc/9eXkrooYT9QIgHP0
zvyX9+Y6TcM5YN6nSo8abCICgMMtAofDE77hnH4c9AKxvqRrYfDH7utXrwvQznOa
JyiXQnhrb9VRpig=
=PGIt
-----END PGP PUBLIC KEY BLOCK-----
After both parties exchange the public keys, we will use a special API to test the encryption.
Our test API for encryption is simple. Our raw JSON object would contain fields input1 and input2. We would encrypt the data with the Momo's public key and sign by partner's privateKey (in case Host by Momo). Please use your private key to decrypt it and public key to verifysignature. Then concatenate two strings, encrypt the data with Momo's public key and send it back as response.
Sample request and response (in clear text mode)
// request:
POST /testing/encryption
// request:
BODY
-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v2.0.22 (GNU/Linux)\n\nhQE.../UDg==\n=NEQS\n-----END PGP MESSAGE-----
this message decrypts to
{
"input1": "Mo",
"input2": "mo"
}
// response:
BODY
-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v2.0.22 (GNU/Linux)\n\AaFE...GXg==\n=OX5S\n-----END PGP MESSAGE-----
this message decrypts to
{
"output":"Momo"
}
Sample Codes
- Java: click here
- .Net: click here
- Php: click here
- NodeJs: click here