Introduction
Rimit is the first payment system developed for financial institutions other than regulated banks. Inspired by UPI.
Last updated
Rimit is the first payment system developed for financial institutions other than regulated banks. Inspired by UPI.
Last updated
IMPORTANT:
We use the POST method for all APIs.
All requests and responses are in JSON format.
We use AES-256-CBC for each request and response to protect the data.
All parameters in the request and response are mandatory.
INFO
UAT
Developer environment for testing - https://uat-dashboard.rimit.in
User mobile application for testing - Android Playstore
PRODUCTION
Live environment - https://dashboard.rimit.in
RECOMMENDED
If you are on a Multi-Tenant platform, it is mandatory to use the unique tenant id in the params
or query
. Learn more.
DANGER
Applying any method other than recommended may affect future upgrades.
INFO
You need to add Webhook URIs to our dashboard to receive requests from us.
WARNING
All request bodies must have a Content-Type of application/json and must be valid JSON.
To validate the request, API_ID
and API_KEY
must be passed through the head
object in the request body. These can be generated from the dashboard.
DANGER
Keep API_KEY safe! API_KEY
is used as a password. So this is sensitive data and it should be kept safe. Do not share it with anyone.
INFO
UAT SERVER
https://uat-gateway.rimit.in/api/client/rimit/v1
PRODUCTION SERVER
https://api-gateway.rimit.in/api/client/rimit/v1
INFO
We use the AES-256-CBC algorithm (Advanced Encryption Standard algorithm
) for encryption to safeguard data over HTTPS.
A unique
key
is required to encrypt and decrypt data for request and response. The entity can generate uniquekey
from the dashboard.
IV (Initialization Vector)
is a random string of 16 characters. BothIV
andkey
are used for encryption and decryption.
IV
should not be static.IV
must be dynamically generated at the time of sending the request or response.The
IV
is indicated in theencrypted_data
object in the request/response body.
The
cipher_text
is a base64-encoded string (case sensitive) generated from the Encrypted data, which is a string converted from plain text using an encryption algorithm.The
cipher_text
is unreadable until it is decoded from base64 to utf8 and converted to plaintext (decrypted) using thekey
andIV
.The
cipher_text
is indicated in theencrypted_data
object in the request/response body.
The
content
object in the plain text will be encrypted usingkey
andIV
and encoded to base64 for request and response from the entity or Rimit.The
encrypted_data
object contains both theIV
and thecipher_text
.The recipient of the request or response will decodes
cipher_text
from base64 to utf8 and decrypt the same using thekey
andIV
and process the data.