Introduction

Rimit is the first payment system developed for financial institutions other than regulated banks. Inspired by UPI.

Developer documents to help financial institutions integrate with Rimit.

To get started, please ensure that you have read the entire document.

Definitions

RIMIT
Rimit is an intermediary that helps entities and users to make payments. Rimit offers the tech stack, reconciliation, and settlements required by all stakeholders for payments.
USER
The user is the person who registers at Rimit to use the Rimit's mobile application.
ENTITY
Entity is a financial institution that collaborates with Rimit to enable the payment ecosystem for its customers.
WEBHOOK
Webhook is a callback URI provided by ENTITY to accept requests from Rimit when a USER tries to access their account.
REST
Rest APIs are built for transaction confirmation with multiple authentications.

APIs

IMPORTANT:
We use the POST method for all APIs.
All requests and responses are in JSON format.
We use AES-256-CBC for each request and response to protect the data.
All parameters in the request and response are mandatory.

Environment

INFO
UAT
Developer environment for testing - https://uat-dashboard.rimit.in
User mobile application for testing - Android Playstore
PRODUCTION
Live environment - https://dashboard.rimit.in

Multi-Tenant

RECOMMENDED
If you are on a Multi-Tenant platform, it is mandatory to use the unique tenant id in the params or query. Learn more.
DANGER
Applying any method other than recommended may affect future upgrades.

Webhook

INFO
You need to add Webhook URIs to our dashboard to receive requests from us.

REST

WARNING
  • All request bodies must have a Content-Type of application/json and must be valid JSON.
  • To validate the request, API_ID and API_KEY must be passed through the head object in the request body. These can be generated from the dashboard.
DANGER
Keep API_KEY safe! API_KEY is used as a password. So this is sensitive data and it should be kept safe. Do not share it with anyone.

Base URL

INFO
UAT SERVER
https://uat-gateway.rimit.in/api/rimit/v1
PRODUCTION SERVER
https://api-gateway.rimit.in/api/rimit/v1

Security

INFO
We use the AES-256-CBC algorithm (Advanced Encryption Standard algorithm) for encryption to safeguard data over HTTPS.

Key

A unique key is required to encrypt and decrypt data for request and response. The entity can generate unique key from the dashboard.

IV

  • IV (Initialization Vector) is a random string of 16 characters. Both IV and key are used for encryption and decryption.
  • IV should not be static. IV must be dynamically generated at the time of sending the request or response.
  • The IV is indicated in the encrypted_data object in the request/response body.

Ciphertext

  • The cipher_text is a base64-encoded string (case sensitive) generated from the Encrypted data, which is a string converted from plain text using an encryption algorithm.
  • The cipher_text is unreadable until it is decoded from base64 to utf8 and converted to plaintext (decrypted) using the key and IV.
  • The cipher_text is indicated in the encrypted_data object in the request/response body.

Process

  • The content object in the plain text will be encrypted using key and IV and encoded to base64 for request and response from the entity or Rimit.
  • The encrypted_data object contains both the IV and the cipher_text.
  • The recipient of the request or response will decodes cipher_text from base64 to utf8 and decrypt the same using the key and IV and process the data.

Error response

Hash Error
Decryption Error
Field Validation Error
{
"head": {
"api": "confirmDebit",
"apiVersion": "V1",
"timeStamp": "2022-11-12 01:50:44 PM",
"HTTP_CODE": 400
},
"content": {
"result": {
"code": 2009,
"status": "ERROR",
"message": "Hash validation failed"
},
"errors": []
}
}
{
"head": {
"api": "confirmDebit",
"apiVersion": "V1",
"timeStamp": "2022-11-12 01:48:16 PM",
"HTTP_CODE": 400
},
"content": {
"result": {
"code": 2008,
"status": "ERROR",
"message": "Decryption failed"
},
"errors": []
}
}
{
"head": {
"api": "addAccount",
"apiVersion": "V1",
"timeStamp": "2022-11-12 01:50:44 PM",
"HTTP_CODE": 406
},
"content": {
"result": {
"code": 2006,
"status": "ERROR",
"message": "Field validation failed"
},
"errors": [
{
"type": "stringEnum",
"message": "The 'accounts[0].account_type' field does not match any of the allowed values.",
"field": "accounts[0].account_type",
"expected": "SA, CA, TL, OD",
"actual": "SAVING"
}
]
}
}