Bank Account payments

This page shows you how to charge bank accounts on Quidpay.

Quidpay allows you charge local bank accounts in Nigeria, your customer's can input their account number, an OTP is sent to their phone and the charge is authorised.

The guide below would show you how to charge cards on quidpay using our APIs.

Pre-requisites for accepting account payments on quidpay.

  1. Sign-up for a test account here, and for a live account here .

  2. You can use webhooks to get notified on transactions using the webhook guide, or use the response returned by the endpoint.

  3. For all account payments you would need to implement three steps to the transactions, Initiate payment , Validate payment, Verify completed payment.

Step 1: Collect the bank details from the customer

You can use a custom form to collect the bank account details from the customer including extra information needed, see a sample of the bank account details to collect from the customer.

{
  "PBFPubKey": "FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X",
  "accountbank": "232",// get the bank code from the bank list endpoint.
  "accountnumber": "0061333471",
  "currency": "NGN",
  "payment_type": "account",
  "country": "NG",
  "amount": "10",
  "email": "[email protected]",
  "passcode": "09101989",//customer Date of birth this is required for Zenith bank account payment.
  "bvn": "12345678901",
  "phonenumber": "0902620185",
  "firstname": "temi",
  "lastname": "desola",
  "IP": "355426087298442",
  "txRef": "MC-0292920", // merchant unique reference
  "device_fingerprint": "69e6b7f0b72037aa8428b70fbe03986c"
}
{
  "PBFPubKey": "FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X",
  "accountbank": "232",// get the bank code from the bank list endpoint.
  "accountnumber": "0061333471",
  "currency": "NGN",
  "payment_type": "account",
  "country": "NG",
  "amount": "10",
  "email": "[email protected]",
  "passcode": "09101989",//customer Date of birth this is required for Zenith bank account payment.
  "phonenumber": "0902620185",
  "firstname": "temi",
  "lastname": "desola",
  "subaccount": [
    {
      "id": "RS_D87A9EE339AE28BFA2AE86041C6DE70E",
      "transaction_split_ratio": "2"
    },
    {
      "id": "RS_344DD49DB5D471EF565C897ECD67CD95",
      "transaction_split_ratio": "3"
    },
    {
      "id": "RS_839AC07C3450A65004A0E11B83E22CA9",
      "transaction_split_ratio": "5"
    }
  ],
  "IP": "355426087298442",
  "txRef": "MC-0292920", // merchant unique reference
  "device_fingerprint": "69e6b7f0b72037aa8428b70fbe03986c"
}
  • passcode: This is required for Zenith bank account payments, you are required to collect the customer's date of birth and pass it in this format DDMMYYYY.

Parameter Description

ParametersRequiredDescription
PBFPubKeyTrueThis is a unique key generated for each button created on Quidpay’s dashboard. It starts with a prefix FLWPUBK and ends with suffix X.
accountbankTrueThis represents the bank to be debited. To get a list of banks in Nigeria, call the List of Banks API
accountnumberTrueThis is the account number of the customer associated with a valid bank account.
currencyFalse
(Defaults to NGN)
This is the specified currency to charge the account in.
countryFalse
(Defaults to NG)
This is the pair country for the transaction with respect to the currency. See a list of Multicurrency support here Multicurrency Payments ]
amountTrueThis is the amount to be charged from the account it is passed as - (“amount”:10).
emailTrueThis is the email address of the customer.
passcodeFalse
(Required for Zenith bank)
This is required for Zenith bank account payments, you are required to collect the customer's date of birth and pass it in this format DDMMYYYY.
phonenumberTrueThis is the phone number of the customer.
firstnameFalseThis is the first name of the account holder or the customer.
lastnameFalseThis is the last name of the account holder or the customer.
IPTrueIP - Internet Protocol. This represents the current IP address of the customer carrying out the transaction.
txRefTrueThis is the unique reference, unique to the particular transaction being carried out. It is generated by the merchant for every transaction.
payment_typeTrue
(Expected value: account)
This specifies that the payment method being used is for account payments
bvnTrue
(Required for UBA account payment option)
This is the customer's bvn number.
device_fingerprintFalseThis is the fingerpringt for the device being used. It can be generated using a library on whatever platform is being used.
redirect_urlfalse
(Required for GTB & First bank account payments.)
This is a url you provide, we redirect to it after the customer completes payment and append the response to it as query parameters.

📘

Get a list of available banks to show to your customers

Make use of the List of Banks API to show your customers what banks are available for this payment method.

Step 2: Encrypt your request

To see how to encrypt using any of our encryption function copy the sample request below and visit the Quidpay Encryption section.

Step 3: Initiate your payment.

After encryption the next step is to initiate your payment using the encrypted string by sending a request to the /charge endpoint. See how to do that below.

Sandbox Endpoint: https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/charge

Live Endpoint: https://api.ravepay.co/flwv3-pug/getpaidx/api/charge

Sample Request:

curl --request POST \
  --url https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/charge \
  --data '{"PBFPubKey":"FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X","client":"VodhvFFsni0CBeieHPq9HTuG5lbNPgmD5rbEw6Uxb0TD9eD9B3VM5uZ1B5lC3thQMbPypNBCAYwSybPo9pNJUIXSNhgdzsqG8eEggSJhWYv+4HToZxWamqsWrUqNUgvaCws3iPTAJOy0fPuHI53dSaMbq/EeHnGrdosfSuAGvm/L6joVVb6e7vyZ4bJl9bJyT73INhSN5glUAvHElup+AOYVoyQiQ1gN7PmW6I0DrUiiC1GSq87zk8rt7Xv31OBja7Ib+znEHBfcI/Ii36HbQF2MunOy2oAteyWIbr3cTyUuyERroRKL769f3NMxUQw5iQ39LU0KgmP2XvgMQONcuiPJWlJ9LzG8ngqCZNFGQ5yIvYrUiiufPowa7A8sAgaoIQQMt0OWGijfpJ4CeAA9/s1Bv03ZhhX2","alg":"3DES-24"}'
{
  "PBFPubKey": "FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X",
  "client": "VodhvFFsni0CBeieHPq9HTuG5lbNPgmD5rbEw6Uxb0TD9eD9B3VM5uZ1B5lC3thQMbPypNBCAYwSybPo9pNJUIXSNhgdzsqG8eEggSJhWYv+4HToZxWamqsWrUqNUgvaCws3iPTAJOy0fPuHI53dSaMbq/EeHnGrdosfSuAGvm/L6joVVb6e7vyZ4bJl9bJyT73INhSN5glUAvHElup+AOYVoyQiQ1gN7PmW6I0DrUiiC1GSq87zk8rt7Xv31OBja7Ib+znEHBfcI/Ii36HbQF2MunOy2oAteyWIbr3cTyUuyERroRKL769f3NMxUQw5iQ39LU0KgmP2XvgMQONcuiPJWlJ9LzG8ngqCZNFGQ5yIvYrUiiufPowa7A8sAgaoIQQMt0OWGijfpJ4CeAA9/s1Bv03ZhhX2",
  "alg": "3DES-24"
}
  • client: This is the encrypted request parameters.

  • PBFPubKey: This is your merchant public key.

  • alg: must always be passed as 3DES-24

When you initiate the payment you would get a response that looks like responses below:

{
  "status": "success",
  "message": "V-COMP",
  "data": {
    "id": 13644,
    "txRef": "MC-7663-YU",
    "orderRef": null,
    "flwRef": "ACHG-1501266637278",
    "redirectUrl": "http://127.0.0",
    "device_fingerprint": "N/A",
    "settlement_token": null,
    "cycle": "one-time",
    "amount": 1000,
    "charged_amount": 1000,
    "appfee": 0,
    "merchantfee": 0,
    "merchantbearsfee": 0,
    "chargeResponseCode": "02",
    "chargeResponseMessage": "Pending OTP validation",
    "authModelUsed": "AUTH",
    "currency": "NGN",
    "IP": "::ffff:127.0.0.1",
    "narration": "Synergy Group",
    "status": "success-pending-validation",
    "vbvrespmessage": "N/A",
    "authurl": "NO-URL",
    "vbvrespcode": "N/A",
    "acctvalrespmsg": null,
    "acctvalrespcode": null,
    "paymentType": "account",
    "paymentId": "16",
    "fraud_status": "ok",
    "charge_type": "normal",
    "is_live": 0,
    "createdAt": "2017-07-28T18:30:37.000Z",
    "updatedAt": "2017-07-28T18:30:48.000Z",
    "deletedAt": null,
    "customerId": 85,
    "AccountId": 134,
    "customer": {
      "id": 85,
      "phone": null,
      "fullName": "Anonymous customer",
      "customertoken": null,
      "email": "[email protected]",
      "createdAt": "2017-01-24T08:09:05.000Z",
      "updatedAt": "2017-01-24T08:09:05.000Z",
      "deletedAt": null,
      "AccountId": 134
    },
    "validateInstructions": {
      "valparams": [
        "OTP"
      ],
      "instruction": "Please validate with the OTP sent to your mobile or email"
    }
  }
}

Some of the important responses you need to check are broken down below:

  • data.status: The status object inside the data object is the right status to check for, possible values are successful, failed, pending, success-pending-validation and pending-validation.

  • data.chargeResponseCode: This is the response code of the transaction, it typically tells you when a transaction is successful with a response code 00 or when the transaction requires validation 02.

  • data.validateInstructions: This object contains the instructions you are meant to show to the customer so they know the next step to take, it typically tells them how to validate the transaction.

  • data.paymentType: This shows you the payment instrument used i.e. if the customer used a card, account or ussd to complete the payment.

Collecting account payments using GTB & First Bank account payment.

When using GTB or First Bank for account payment collection, you would need to redirect the user to a new window for them to log in to their internet banking profile and complete the transaction.

After the transaction is completed we would redirect back to the redirect_url you provided in the initial charge request. Below is a sample of the initial charge request to send for GTB account payments.

📘

When using the GTB account payment option the amount passed needs to be greater than NGN 100.

{
  "PBFPubKey": "FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X",
  "accountbank": "058",// get the bank code from the bank list endpoint.
  "accountnumber": "0000000",
  "currency": "NGN",
  "payment_type": "account",
  "country": "NG",
  "amount": "100", // amount must be greater than NGN100
  "email": "[email protected]",
  "phonenumber": "0902620185",
  "firstname": "temi",
  "lastname": "desola",
  "IP": "355426087298442",
  "redirect_url": "https://quidpay-webhook.herokuapp.com/receivepayment",
  "txRef": "MC-0292920", // merchant unique reference
  "device_fingerprint": "69e6b7f0b72037aa8428b70fbe03986c"
}

When using GTB or First Bank account payment the validate payment step happens on the Internet banking page of the customer.

After the initial charge request, the response would contain an authUrl, this is the link to redirect the customer too so they can complete their payment.

Step 4: Validate the payment.

After initiating the payment you would need to validate the transaction, validation is like authentication, essentially the customer is required to validate that he is the customer with the correct permissions to carry out the payment.

To Validate a transaction, see how below:

Sandbox Endpoint: https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/validate

Sample Request:

url --request POST \
  --url https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/validate \
  --data '{"PBFPubKey":"FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X","transactionreference":"ACHG-1501266637278","otp":"12345"}'
{
  "PBFPubKey": "FLWPUBK-7adb6177bd71dd43c2efa3f1229e3b7f-X",
  "transactionreference": "ACHG-1501266637278", 
  "otp": "12345"
}
  • PBFPubKey: This is your merchant public key.

  • transactionreference: This is the flwRef returned in the Initiate payment response.

  • otp: This is the one time pin inputed by the customer.

When you validate a payment you would get a response that looks like response below:

{
  "status": "success",
  "message": "Charge Complete",
  "data": {
    "id": 13644,
    "txRef": "MC-7663-YU",
    "orderRef": null,
    "flwRef": "ACHG-1501266637278",
    "redirectUrl": "http://127.0.0",
    "device_fingerprint": "N/A",
    "settlement_token": null,
    "cycle": "one-time",
    "amount": 1000,
    "charged_amount": 1000,
    "appfee": 0,
    "merchantfee": 0,
    "merchantbearsfee": 0,
    "chargeResponseCode": "00",
    "chargeResponseMessage": "Pending OTP validation",
    "authModelUsed": "AUTH",
    "currency": "NGN",
    "IP": "::ffff:127.0.0.1",
    "narration": "Synergy Group",
    "status": "successful",
    "vbvrespmessage": "N/A",
    "authurl": "NO-URL",
    "vbvrespcode": "N/A",
    "acctvalrespmsg": "Approved Or Completed Successfully",
    "acctvalrespcode": "00",
    "paymentType": "account",
    "paymentId": "16",
    "fraud_status": "ok",
    "charge_type": "normal",
    "is_live": 0,
    "createdAt": "2017-07-28T18:30:37.000Z",
    "updatedAt": "2017-07-28T18:33:10.000Z",
    "deletedAt": null,
    "customerId": 85,
    "AccountId": 134,
    "customer": {
      "id": 85,
      "phone": null,
      "fullName": "Anonymous customer",
      "customertoken": null,
      "email": "[email protected]",
      "createdAt": "2017-01-24T08:09:05.000Z",
      "updatedAt": "2017-01-24T08:09:05.000Z",
      "deletedAt": null,
      "AccountId": 134
    }
  }
}
{
  "status": "error",
  "message": "Transaction already complete",
  "data": {
    "code": "SYSERR",
    "message": "Transaction already complete"
  }
}
{
  "status": "error",
  "message": "otp is required",
  "data": {}
}

Implement Webhooks

It is advised all merchants use webhooks to get automatic updates on their transactions. To set up webhooks please visit the Webhooks section.

Step 5: Verify the payment.

After charging an account successfully, you need to verify that the payment was successful with Quidpay before giving value to your customer on your website.

Although the Quidpay inline already verifies the payment from the client side, we strongly recommend you still do a server side verification to be double sure no foul play occurred during the payment flow.

Below are the important things to check for when validating the payment:

Verify the transaction reference.

Verify the data.status of the transaction to be successful.

Verify the chargecode returned in the response to be 00.

Verify the currency to be the expected currency

Most importantly validate the amount paid to be equal to or at least greater than the amount of the value to be given.

Below is sample code of how to implement server side validation in different programming languages

curl --request POST \
  --url https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/v2/verify \
  --header 'content-type: application/json' \
  --data '{"txref":"MC-09182829","SECKEY":"FLWSECK-e6db11d1f8a6208de8cb2f94e293450e-X"}'
<?php 

$result = array();

$postdata =  array( 
  'txref' => 'MC-09182829',
  'SECKEY' => 'FLWSECK-bb971402072265fb156e90a3578fe5e6-X'
  );

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/v2/verify");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,json_encode($postdata));  //Post Fields
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$headers = [
  'Content-Type: application/json',
];

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$request = curl_exec ($ch);
$err = curl_error($ch);

if($err){
	// there was an error contacting quidpay
  die('Curl returned error: ' . $err);
}


curl_close ($ch);

$result = json_decode($request, true);

if('error' == $result->status){
  // there was an error from the API
  die('API returned error: ' . $result->message);
}

if('successful' == $result->data->status && '00' == $result->data->chargecode){
  // transaction was successful...
  // please check other things like whether you already gave value for this ref
  // If the amount and currency matches the expected amount and currency etc.
  // if the email matches the customer who owns the product etc
  // Give value
}
//Endpoint to verify transaction
    private final String VERIFY_ENDPOINT = "https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/v2/verify"; 
    
    /**
     * 
     * Method to 
     * 
     * @param paymententity - <b>paymententity - set as a constant with default value as 1</b>
     * @param txref - <b>txref - is the unique payment reference generated by the merchant.</b>
     * @param secret - <b>secret - is the merchant secret key</b>
     * @return
     * @throws UnirestException 
     */
    public JSONObject verify(String flwRef, String secret, double amount, int paymententity) throws UnirestException, Exception {
        
        // This packages the payload
        JSONObject data = new JSONObject();
        data.put("txref", txref);
        data.put("SECKEY", secret)
        
        // end of payload
        
        // This sends the request to server with payload
        HttpResponse<JsonNode> response = Unirest.post(VERIFY_ENDPOINT)
                .header("Content-Type", "application/json")
                .body(data)
                .asJson();
        
        // This get the response from payload
        JsonNode jsonNode = response.getBody();
        
        // This get the json object from payload
        JSONObject responseObject = jsonNode.getObject();
        
        // check of no object is returned
        if(responseObject == null)
            throw new Exception("No response from server");
        
        // This get status from returned payload
        String status = responseObject.optString("status", null);
        
        // this ensures that status is not null
        if(status == null)
            throw new Exception("Transaction status unknown");
        
        // This confirms the transaction exist on quidpay
        if(!"success".equalsIgnoreCase(status)){
            
            String message = responseObject.optString("message", null);
            
            throw new Exception(message);
        }
        
        data = responseObject.getJSONObject("data");
        
        // This get the amount stored on server
        double actualAmount = data.getDouble("amount");
        
        // This validates that the amount stored on client is same returned
        if(actualAmount != amount)
            throw new Exception("Amount does not match");
        
        
        // now you can give value for payment.
       
    }
var data = new {txref = "OH-AAED44", SECKEY = "FLWSECK-e6db11d1f8a6208de8cb2f94e293450e-X"};
            var client = new HttpClient();
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            var responseMessage = client.PostAsJsonAsync("https://ravesandboxapi.flutterwave.com/flwv3-pug/getpaidx/api/v2/verify", data).Result;
            var responseStr = responseMessage.Content.ReadAsStringAsync().Result;
            var response = Newtonsoft.Json.JsonConvert.DeserializeObject<ResponseData>(responseStr);
            if (response.data.status == "successful" && response.data.amount == amount && response.data.chargecode == "00")
            {
              
              System.Console.WriteLine("Payment Successful then give value");
               
            }

When you successfully verify a completed payment see sample response below:

{
  "status": "success",
  "message": "Tx Fetched",
  "data": {
    "txid": 144534,
    "txref": "MC-09182829",
    "flwref": "ACHG-1525942912853",
    "devicefingerprint": "N/A",
    "cycle": "one-time",
    "amount": 100,
    "currency": "NGN",
    "chargedamount": 100,
    "appfee": 0,
    "merchantfee": 0,
    "merchantbearsfee": 1,
    "chargecode": "02",
    "chargemessage": "Pending OTP validation",
    "authmodel": "AUTH",
    "ip": "::ffff:10.102.148.117",
    "narration": "Synergy Group",
    "status": "success-pending-validation",
    "vbvcode": "N/A",
    "vbvmessage": "N/A",
    "authurl": "NO-URL",
    "acctcode": null,
    "acctmessage": null,
    "paymenttype": "account",
    "paymentid": "2",
    "fraudstatus": "ok",
    "chargetype": "normal",
    "createdday": 4,
    "createddayname": "THURSDAY",
    "createdweek": 19,
    "createdmonth": 4,
    "createdmonthname": "MAY",
    "createdquarter": 2,
    "createdyear": 2018,
    "createdyearisleap": false,
    "createddayispublicholiday": 0,
    "createdhour": 9,
    "createdminute": 1,
    "createdpmam": "am",
    "created": "2018-05-10T09:01:52.000Z",
    "customerid": 24728,
    "custphone": "09090838390",
    "custnetworkprovider": "ETISALAT",
    "custname": "yemi alade",
    "custemail": "[email protected]",
    "custemailprovider": "COMPANY EMAIL",
    "custcreated": "2018-04-21T11:37:43.000Z",
    "accountid": 134,
    "acctbusinessname": "Synergy Group",
    "acctcontactperson": "Desola Ade",
    "acctcountry": "NG",
    "acctbearsfeeattransactiontime": 1,
    "acctparent": 1,
    "acctvpcmerchant": "N/A",
    "acctalias": "temi",
    "acctisliveapproved": 0,
    "orderref": "URF_1525942912124_3844735",
    "paymentplan": null,
    "paymentpage": null,
    "raveref": "RV31525942911654CA881BAE82",
    "account": {
      "id": 2,
      "account_number": "0690000031",
      "account_bank": "044",
      "first_name": "NO-NAME",
      "last_name": "NO-LNAME",
      "account_is_blacklisted": 0,
      "createdAt": "2016-12-31T04:09:24.000Z",
      "updatedAt": "2018-06-04T09:20:10.000Z",
      "deletedAt": null,
      "account_token": {
        "token": "flw-t0e1bb79f967612fc1-k3n-mock"
      }
    },
    "meta": []
  }
}

Save an account after charging so user's don't have to enter account details again

🚧

Accounts that can be saved

Only Access bank and Sterling bank accounts can be saved, support for more banks are coming soon.

Awesome now you are done charging an account, you can always save the account for future charges using our Save account APIs.