API Reference

Authentication

To authorise the communication between your applications and Oval Finance, you'll need your API keys which can be generated or retrieved from the API keys tab on the Settings module of your Oval dashboard Here.

Oval authenticates your API requests using your account’s Bearer token and Public key and this should be kept confidential as it can perform any API request to OvalFi without restriction.

If you do not include your key when making an API request or use one that is incorrect, OvalFi will return an appropriate error.

{
    "status": 401,
    "data": null,
    "message": "error has occurred",
    "error": {
        "id": "850df52f-9101-4558-a252-9e80248ea598",
        "details": "token is invalid/expired",
        "message": "token supplied is invalid/expired"
    }
}

The id parameter returned in the response of a failed request is the Error ID and should be utilized for appropriate tracking

📘

Your API Keys

Every OvalFi account has three sets of API keys namely :

  • API Secret : This is a unique value specified by the fintech partner and it's strictly for the purpose of generating the other API keys.
  • Public key : This key is used to encrypt your POST payload before making the request. For step-by-step process on encrypting your payload, kindly check Encryption Guide for details.
  • Bearer Token : This key is meant solely to identify your account in OvalFi. It can safely be published in places like your Frontend or Mobile app.

Authenticating your POST Requests

KeyValue
AuthorizationThe token retrieved from your dashboard would be passed here
SignatureSHA256(Public key+reference)

📘

reference

This is an ID in the request body uniquely identifying each transaction.

curl --location --request POST 'http://ovalfi-dev-env-1621902102.us-east-2.elb.amazonaws.com:4000/api/v1/customer' \
--header 'Authorization: Bearer eyJidXNpbmVzc0lEIjoiOTIzYjJkZjUtNGE4OS00Y2ViLWIxNDgtYzJlNWFjNTJkMDRlIiwidXNlcklEIjoiMjQ4YmFhNDMtYzQ0Yi00ZjYwLWI2MWQtY2VlZjYwOThjNzg1Iiwia2V5Ijoib2xhcHJvZzEifQ==' \
--header 'Signature: a5dd115fb9dcf006972a8138cb715a3744929543808233700f4b72ed448874cd' \
--header 'Content-Type: application/json' \
--data-raw '{}

Authenticating your GET / PUT / DELETE / PATCH Requests

KeyValue
AuthorizationThe token retrieved from your dashboard would be passed here
curl --location --request GET 'http://ovalfi-dev-env-1621902102.us-east-2.elb.amazonaws.com:4000/api/v1/customer/balance/3b142e5f-d123-46a3-8543-f1819701a8a2' \
--header 'Authorization: Bearer eyJidXNpbmVzc0lEIjoiOTIzYjJkZjUtNGE4OS00Y2ViLWIxNDgtYzJlNWFjNTJkMDRlIiwidXNlcklEIjoiMjQ4YmFhNDMtYzQ0Yi00ZjYwLWI2MWQtY2VlZjYwOThjNzg1Iiwia2V5Ijoib2xhcHJvZzEifQ=='