{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"1c42610b-0d19-4a9a-b074-c6cf0a8f3219","name":"Checkout with Cenoa","description":"# Integration Guide\n\nCheckout with Cenoa allows you to track each transfers your customers have made.\n\n## Overview\n\nYou can use the REST APIs to integrate Checkout with Cenoa into your platform.  \nComplete the integration by following the [Step By Step Guide](#step-by-step-guide) below.\n\n1. Map Cenoa user to your internal customer ID\n    \n2. By using REST APIs, track each transfer transaction your customers have made to your Cenoa account\n    \n3. Validate a user's order for checkout, or top up your internally managed wallet/account\n    \n\n> Before you begin, please get in touch with us on partnerships@cenoa.com for enabling Checkout with Cenoa for your platform. \n  \n\n## Step By Step Guide\n\n### Mapping Cenoa User\n\n1- On your checkout experience, display Cenoa as a payment option to the user. e.g;\n\n<img src=\"https://content.pstmn.io/850ad0dc-463e-47bd-b383-44f9ce9bcf22/NmUyMDc1MGQtY2FkNC00ODc2LTk2ZTgtNmUxYWVkYmUzYjFjLnBuZw==\" width=\"479\" height=\"481\">\n\n2- Ask the user if they already have an existing Cenoa account.\n\n3- If the answer is yes, then collect the phone number that is registered with their Cenoa account.\n\n> Optional: Some developers who integrated Checkout with Cenoa into their platform, have implemented an extra validation step by sending an OTP SMS to ensure the added Cenoa account is authorized by the user. It is up to you to mimic the same approach or skip OTP SMS validation. \n  \n\n4- Call `Get User Account` REST API to check if the phone number was already registered with a Cenoa user. See [details](#09817467-f8f2-40b8-836f-c0498c514e1d).\n\n4a- If an existing Cenoa User; then store the Cenoa `userId` with your platform's user identifier.\n\n4b- If NOT an existing Cenoa User; then display the following QR code or a link in order for user to download Cenoa mobile app and create a new Cenoa user account.\n\n> **Tips** \n  \n\nFor _Step 4a_. Response body also has masked email address of the user. You may display the masked email and have the user recognize and verify it before completing the step.\n\nFor _Step 4b_. Once the new Cenoa user account creation is completed, the user may be prompted to restart from the beginning step.\n\n### Transactions\n\nEach transfer can be retrieved by using `Get All Transactions` REST API. See [details](#1fe8bc94-a927-4cba-9ddb-a2d0d1b54b19).\n\n#### Webhooks\n\nWe haven't implemented webhook functionality yet for Checkout with Cenoa, but you can call the `Get All Transactions` REST API as required.\n\nNote that the REST APIs' rate limiting adequately meet your requirements regarding both frequency and delivery time.\n\n## Setting Up Environment\n\nPlease set up your environment with following variables:\n\n`url=https://api.cenoa.com`\n\n`apikey=[YOUR API KEY]`\n\n`apisecret=[YOUR API SECRET]`\n\n## Authorization\n\nCheck out `Scripts` tab in each folder to learn how to send your `apikey` and sign each REST API request with your `apisecret.`\n\nEach request must include `apikey`, `payload`, and `signature` headers. The `payload` is a base64-encoded JSON string, and that JSON must contain a `timestamp` field in milliseconds. The `signature` is the HMAC-SHA512 hex digest of the base64 `payload`, signed with the API secret.\n\nThe server validates requests in this order:\n\n1. It finds the matching key pair using `apikey`.\n    \n2. It recalculates the HMAC signature from the raw `payload` header and compares it with `signature`.\n    \n3. It decodes `payload`, parses the JSON, and reads `timestamp`.\n    \n4. It rejects the request unless the timestamp is no older than 5 minutes and not in the future.\n    \n\n#### Example client logic:\n\n``` typescript\nconst obj = { timestamp: Date.now().toString()};\nconst payload = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(JSON.stringify(obj)));\nconst signature = CryptoJS.enc.Hex.stringify( CryptoJS.HmacSHA512(payload, apisecret));\n\n ```\n\n##### Headers:\n\n``` markdown\napikey: <api-key>\npayload: <base64-encoded-json>\nsignature: <hmac-sha512-hex>\n\n ```\n\n**Important note:** if the client machine clock is too far behind or ahead, the request will be rejected with `401`, so client/server time should be reasonably in sync.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"21291635","team":3507532,"collectionId":"1c42610b-0d19-4a9a-b074-c6cf0a8f3219","publishedId":"2sBXikpXNQ","public":true,"publicUrl":"https://docs.cenoa.com","privateUrl":"https://go.postman.co/documentation/21291635-1c42610b-0d19-4a9a-b074-c6cf0a8f3219","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-single-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.11.4","publishDate":"2026-03-27T23:06:58.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/598232c93b544cda032fb8122083138a639bd3c1d38fd7548125d2ad6643342e","favicon":"https://cenoa.com/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://docs.cenoa.com/view/metadata/2sBXikpXNQ"}