Introduction
Rimit is the first payment system developed for financial institutions other than regulated banks. Inspired by UPI.

IMPORTANT:
We use the POST method for all APIs.
All requests and responses are in JSON format.
We use AES-256-CBC for each request and response to protect the data.
All parameters in the request and response are mandatory.
INFO
UAT
PRODUCTION
RECOMMENDED
If you are on a Multi-Tenant platform, it is mandatory to use the unique tenant id in the
params
or query
. Learn more.DANGER
Applying any method other than recommended may affect future upgrades.
INFO
You need to add Webhook URIs to our dashboard to receive requests from us.
WARNING
- All request bodies must have a Content-Type of application/json and must be valid JSON.
- To validate the request,
API_ID
andAPI_KEY
must be passed through thehead
object in the request body. These can be generated from the dashboard.
DANGER
Keep API_KEY safe!
API_KEY
is used as a password. So this is sensitive data and it should be kept safe. Do not share it with anyone.INFO
UAT
PRODUCTION
Base URL for the production server -
https://api.rimit.co/api/rimit/v1
INFO
We use the AES-256-CBC algorithm (
Advanced Encryption Standard algorithm
) for encryption to safeguard data over HTTPS.A uniquekey
is required to encrypt and decrypt data for request and response. The entity can generate uniquekey
from the dashboard.
IV (Initialization Vector)
is a random string of 16 characters. BothIV
andkey
are used for encryption and decryption.IV
should not be static.IV
must be dynamically generated at the time of sending the request or response. TheIV
is indicated in theencrypted_data
object in the request/response body.
Thecipher_text
is a base64-encoded string (case sensitive) generated from the Encrypted data, which is a string converted from plain text using an encryption algorithm. Thecipher_text
is unreadable until it is decoded from base64 to utf8 and converted to plaintext (decrypted) using thekey
andIV
. Thecipher_text
is indicated in theencrypted_data
object in the request/response body.
Thecontent
object in the plain text will be encrypted usingkey
andIV
and encoded to base64 for request and response from the entity or Rimit. Theencrypted_data
object contains both theIV
and thecipher_text
. The recipient of the request or response will decodescipher_text
from base64 to utf8 and decrypt the same using thekey
andIV
and process the data.
Hash Error
Decryption Error
Field Validation Error
{
"head": {
"api": "confirmDebit",
"apiVersion": "V1",
"timeStamp": "2022-11-12 01:50:44 PM",
"HTTP_CODE": 400
},
"content": {
"result": {
"code": 2009,
"status": "ERROR",
"message": "Hash validation failed"
},
"errors": []
}
}
{
"head": {
"api": "confirmDebit",
"apiVersion": "V1",
"timeStamp": "2022-11-12 01:48:16 PM",
"HTTP_CODE": 400
},
"content": {
"result": {
"code": 2008,
"status": "ERROR",
"message": "Decryption failed"
},
"errors": []
}
}
{
"head": {
"api": "addAccount",
"apiVersion": "V1",
"timeStamp": "2022-11-12 01:50:44 PM",
"HTTP_CODE": 406
},
"content": {
"result": {
"code": 2006,
"status": "ERROR",
"message": "Field validation failed"
},
"errors": [
{
"type": "stringEnum",
"message": "The 'accounts[0].account_type' field does not match any of the allowed values.",
"field": "accounts[0].account_type",
"expected": "SA, CA, TL, OD",
"actual": "SAVING"
}
]
}
}
Last modified 2mo ago