Download OpenAPI specification:
This documentation describes the secure API integration between Zindigi (bank) and Vavita (fintech platform).
The integration supports bidirectional data flow:
All API endpoints require authentication and use industry-standard security practices:
https://sandbox-api.zindigi-vavita.example.comhttps://api.zindigi-vavita.example.comExchange credentials for an OAuth 2.0 access token.
Token Lifetime: 3600 seconds (1 hour)
Rate Limit: 10 requests per minute per client
| grant_type required | string Value: "client_credentials" OAuth 2.0 grant type |
| client_id required | string Your application's client ID |
| client_secret required | string <password> Your application's client secret |
| scope | string Space-separated list of scopes |
{- "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token_type": "Bearer",
- "expires_in": 3600,
- "refresh_token": "refresh_abc123xyz789",
- "scope": "accounts:read transactions:write"
}Obtain a new access token using a refresh token
| grant_type required | string Value: "refresh_token" |
| refresh_token required | string Valid refresh token |
{- "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token_type": "Bearer",
- "expires_in": 3600,
- "refresh_token": "refresh_abc123xyz789",
- "scope": "accounts:read transactions:write"
}Retrieve a list of customer accounts
| customer_id | string Filter by customer ID |
| status | string Enum: "active" "suspended" "closed" Filter by account status |
| limit | integer [ 1 .. 100 ] Default: 20 Number of results per page |
| offset | integer >= 0 Default: 0 Pagination offset |
{- "data": [
- {
- "id": "acc_1234567890",
- "customer_id": "cust_abcdef123456",
- "account_number": "1234567890123456",
- "iban": "GB82WEST12345698765432",
- "status": "active",
- "type": "checking",
- "balance": {
- "available": 1250.5,
- "current": 1150.25
}, - "currency": "USD",
- "created_at": "2024-01-15T10:30:00Z",
- "updated_at": "2024-01-20T14:45:00Z"
}
], - "pagination": {
- "limit": 20,
- "offset": 0,
- "total": 150
}
}Retrieve detailed information about a specific account
| account_id required | string Example: acc_1234567890 Unique account identifier |
{- "id": "acc_1234567890",
- "customer_id": "cust_abcdef123456",
- "account_number": "1234567890123456",
- "iban": "GB82WEST12345698765432",
- "status": "active",
- "type": "checking",
- "balance": {
- "available": 1250.5,
- "current": 1150.25
}, - "currency": "USD",
- "created_at": "2024-01-15T10:30:00Z",
- "updated_at": "2024-01-20T14:45:00Z"
}Initiate a new transaction.
Important: This operation requires transaction signing using your private key.
Include the signature in the X-Request-Signature header.
| X-Request-Signature required | string HMAC-SHA256 signature of request body |
| X-Idempotency-Key required | string <uuid> Unique key to prevent duplicate transactions |
| from_account_id required | string Source account ID |
| to_account_id required | string Destination account ID |
| amount required | number <decimal> >= 0.01 Transaction amount |
| currency required | string ISO 4217 currency code |
| description | string <= 255 characters Transaction description |
| reference | string <= 100 characters External reference number |
object Additional metadata |
{- "from_account_id": "acc_1234567890",
- "to_account_id": "acc_0987654321",
- "amount": 100.5,
- "currency": "USD",
- "description": "Invoice payment",
- "reference": "INV-12345",
- "metadata": {
- "invoice_id": "12345",
- "customer_ref": "CUST-001"
}
}{- "from_account_id": "acc_1234567890",
- "to_account_id": "acc_0987654321",
- "amount": 100.5,
- "currency": "USD",
- "description": "Invoice payment",
- "reference": "INV-12345",
- "metadata": {
- "invoice_id": "12345",
- "customer_ref": "CUST-001"
}, - "id": "txn_9876543210",
- "status": "completed",
- "created_at": "2024-01-20T15:30:00Z",
- "completed_at": "2024-01-20T15:30:05Z",
- "error_code": "INSUFFICIENT_FUNDS",
- "error_message": "Insufficient funds in source account"
}Retrieve the current status and details of a transaction
| transaction_id required | string Example: txn_9876543210 Unique transaction identifier |
{- "from_account_id": "acc_1234567890",
- "to_account_id": "acc_0987654321",
- "amount": 100.5,
- "currency": "USD",
- "description": "Invoice payment",
- "reference": "INV-12345",
- "metadata": {
- "invoice_id": "12345",
- "customer_ref": "CUST-001"
}, - "id": "txn_9876543210",
- "status": "completed",
- "created_at": "2024-01-20T15:30:00Z",
- "completed_at": "2024-01-20T15:30:05Z",
- "error_code": "INSUFFICIENT_FUNDS",
- "error_message": "Insufficient funds in source account"
}Sent when a transaction is successfully completed.
Signature Verification:
Verify the X-Webhook-Signature header using HMAC-SHA256 with your webhook secret.
import hmac
import hashlib
signature = hmac.new(
webhook_secret.encode(),
request.body,
hashlib.sha256
).hexdigest()
if signature != request.headers['X-Webhook-Signature']:
raise ValueError('Invalid signature')
| X-Webhook-Signature required | string HMAC-SHA256 signature for verification |
| X-Webhook-ID required | string Unique webhook delivery ID |
| event required | string Value: "transaction.completed" |
required | object (Transaction) |
| timestamp required | string <date-time> |
{- "event": "transaction.completed",
- "data": {
- "from_account_id": "acc_1234567890",
- "to_account_id": "acc_0987654321",
- "amount": 100.5,
- "currency": "USD",
- "description": "Invoice payment",
- "reference": "INV-12345",
- "metadata": {
- "invoice_id": "12345",
- "customer_ref": "CUST-001"
}, - "id": "txn_9876543210",
- "status": "completed",
- "created_at": "2024-01-20T15:30:00Z",
- "completed_at": "2024-01-20T15:30:05Z",
- "error_code": "INSUFFICIENT_FUNDS",
- "error_message": "Insufficient funds in source account"
}, - "timestamp": "2024-01-20T15:30:05Z"
}Sent when a transaction fails
| X-Webhook-Signature required | string |
| X-Webhook-ID required | string |
| event required | string Value: "transaction.failed" |
required | object (Transaction) |
| timestamp required | string <date-time> |
{- "event": "transaction.failed",
- "data": {
- "from_account_id": "acc_1234567890",
- "to_account_id": "acc_0987654321",
- "amount": 100.5,
- "currency": "USD",
- "description": "Invoice payment",
- "reference": "INV-12345",
- "metadata": {
- "invoice_id": "12345",
- "customer_ref": "CUST-001"
}, - "id": "txn_9876543210",
- "status": "completed",
- "created_at": "2024-01-20T15:30:00Z",
- "completed_at": "2024-01-20T15:30:05Z",
- "error_code": "INSUFFICIENT_FUNDS",
- "error_message": "Insufficient funds in source account"
}, - "timestamp": "2019-08-24T14:15:22Z"
}Retrieve all configured webhook endpoints
{- "data": [
- {
- "events": [
- "transaction.completed",
- "transaction.failed"
], - "secret": "whsec_abc123xyz789",
- "description": "Production webhook for transaction notifications",
- "id": "whk_1234567890",
- "status": "active",
- "created_at": "2024-01-15T10:00:00Z",
- "last_triggered_at": "2024-01-20T15:30:00Z"
}
]
}Register a new webhook endpoint to receive event notifications
| url required | string <uri> HTTPS endpoint URL |
| events required | Array of strings Items Enum: "transaction.created" "transaction.completed" "transaction.failed" "account.updated" "account.suspended" Events to subscribe to |
| secret | string Secret for webhook signature verification |
| description | string <= 255 characters Webhook description |
{- "events": [
- "transaction.completed",
- "transaction.failed"
], - "secret": "whsec_abc123xyz789",
- "description": "Production webhook for transaction notifications"
}{- "events": [
- "transaction.completed",
- "transaction.failed"
], - "secret": "whsec_abc123xyz789",
- "description": "Production webhook for transaction notifications",
- "id": "whk_1234567890",
- "status": "active",
- "created_at": "2024-01-15T10:00:00Z",
- "last_triggered_at": "2024-01-20T15:30:00Z"
}Remove a webhook endpoint
| webhook_id required | string Webhook identifier |
{- "error": "INVALID_REQUEST",
- "message": "The request was invalid or malformed",
- "details": [
- {
- "field": "amount",
- "message": "Amount must be greater than 0"
}
], - "request_id": "req_abc123xyz789"
}