{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"21b4ca73-48d2-41e7-8aee-42c0cd0a71a9","name":"SecurewaveNG","description":"# πŸš€ SecureWaveNG API Documentation\n\n## Overview\n\nSecureWaveNG is a modern payment gateway that enables businesses to collect payments, generate virtual bank accounts, issue USD virtual cards, and receive real-time transaction notifications through secure webhooks.\n\n**Base URL**\n\n```\nhttps://securewaveng.com/api\n\n ```\n\n---\n\n### ✨ Features\n\n- Reliable\n \n- Secure\n \n- Easy to integrate\n \n- Built for Nigerian payment flows\n \n- Developer-friendly\n \n- Production-ready\n \n\nAll API requests and responses are in **JSON format** and must be sent over **HTTPS**.\n\n---\n\n# 🏦 Virtual Accounts\n\n## Overview\n\nSecureWaveNG Virtual Accounts allow merchants to generate dedicated bank account numbers for customers to receive payments seamlessly.\n\nThese accounts automate collections and eliminate manual bank confirmation, enabling instant reconciliation.\n\n### Use Cases\n\n- Wallet funding\n \n- Customer deposits\n \n- Subscription payments\n \n- Invoice payments\n \n- Automated collections\n \n\n---\n\n## Types of Virtual Accounts\n\n### πŸ”Ή Static Virtual Accounts\n\nA permanent account number assigned to a specific customer.\n\n**Best for:**\n\n- Repeat deposits\n \n- Long-term wallet funding\n \n- Ongoing customer accounts\n \n\n**Key Features:**\n\n- Does not expire\n \n- Linked to one customer\n \n- Reusable for multiple transactions\n \n\n---\n\n### πŸ”Ή Dynamic Virtual Accounts\n\nA temporary account number generated for a specific transaction.\n\n**Best for:**\n\n- One-time payments\n \n- Invoice settlement\n \n- Checkout payments\n \n\n**Key Features:**\n\n- Expires after payment or set duration\n \n- Linked to a specific amount\n \n- Single-use\n \n\n---\n\n## πŸ”„ Payment Flow\n\n1. Merchant generates a virtual account via API\n \n2. SecureWaveNG assigns a bank account number\n \n3. Customer transfers funds\n \n4. Payment is automatically confirmed\n \n5. Webhook notification is sent\n \n6. Merchant updates system\n \n\n---\n\n# πŸ’³ Virtual Cards\n\n## Overview\n\nSecureWaveNG Virtual Cards enable merchants to issue USD virtual cards for customers.\n\n### Use Cases\n\n- Online purchases\n \n- SaaS subscriptions\n \n- Hosting services\n \n- Ads payments\n \n- International transactions\n \n\n---\n\n## Capabilities\n\n- Activate customers (KYC)\n \n- Create cards\n \n- Fund cards\n \n- Freeze / Unfreeze\n \n- Refresh balance\n \n- Retrieve card details\n \n- List all cards\n \n\n---\n\n## Lifecycle\n\n1. Activate customer\n \n2. Create card\n \n3. Fund card\n \n4. Monitor usage\n \n5. Freeze/unfreeze\n \n\n# 🧾 BVN VERIFICATION\n\n## Overview\n\nSecureWaveNG BVN Verification API allows merchants to verify customer identity using Nigeria’s Bank Verification Number (BVN) system.\n\n### Use Cases\n\n- KYC verification\n \n- Fraud prevention\n \n- Identity validation\n \n- Regulatory compliance\n \n\n---\n\n# πŸ“¬ Webhooks\n\n## Overview\n\nSecureWaveNG sends **real-time notifications** via webhooks.\n\nEach payload is secured using:\n\n```\nHMAC-SHA256\n\n ```\n\n---\n\n## Headers\n\n| Header | Description |\n| --- | --- |\n| X-Signature | HMAC-SHA256 signature of payload |\n\n---\n\n# 🏦 Virtual Account Webhook\n\n## Example Payload\n\n``` json\n{\n \"notification_status\": \"payment_successful\",\n \"transaction_id\": \"TX123456789\",\n \"provider_reference\": \"PROV12345\",\n \"amount\": 10000,\n \"fees\": 100,\n \"settlement_amount\": 9900,\n \"currency\": \"NGN\",\n \"transaction_type\": \"transfer\",\n \"transaction_status\": \"success\",\n \"sender\": {\n \"name\": \"John Doe\",\n \"account_number\": \"1234567890\",\n \"bank\": \"GTBank\"\n },\n \"receiver\": {\n \"name\": \"Jane Smith\",\n \"account_number\": \"0987654321\",\n \"bank\": \"Access Bank\"\n },\n \"customer\": {\n \"customer_id\": 123,\n \"name\": \"John Doe\",\n \"email\": \"john@example.com\",\n \"phone\": \"+2348012345678\"\n },\n \"description\": \"Payment received\",\n \"provider\": {\n \"name\": \"securewaveng\",\n \"channel\": \"virtual_account\"\n }\n}\n\n ```\n\n---\n\n# πŸ’³ Virtual Card Webhook\n\n## Example Payload\n\n``` json\n{\n \"card\": {\n \"type\": \"virtual\",\n \"brand\": \"MASTERCARD\",\n \"balance\": \"2.00\",\n \"card_id\": \"bec4db6c-54e1-4de9-b3f1-a471df81c82b\",\n \"first_six\": \"517746\",\n \"last_four\": \"0154\",\n \"previous_balance\": \"2.00\"\n },\n \"meta\": {\n \"reason\": null,\n \"provider_event\": \"cards.auth.verified\"\n },\n \"amount\": 0,\n \"currency\": \"USD\",\n \"customer\": {\n \"customer_id\": \"47a801f6-57c9-4330-9e88-4e14b8efe202\"\n },\n \"merchant\": {\n \"name\": \"NAME-CHEAP.COM PHOENIX AZUS\",\n \"country\": null\n },\n \"provider\": \"securewaveng\",\n \"created_at\": \"2026-03-23 19:00:12\",\n \"event_type\": \"card.transaction\",\n \"event_action\": \"mcc_decline\",\n \"transaction_status\": \"failed\"\n}\n\n ```\n\n---\n\n# πŸ” Signature Verification\n\n## Formula\n\n```\nHMAC_SHA256(secret, raw_payload)\n\n ```\n\n---\n\n## Security Rules\n\n- Reject invalid signatures\n \n- Always verify payload\n \n- Optional: prevent replay attacks\n \n\n---\n\n## PHP (Laravel)\n\n``` php\npublic function securewaveWebhook(Request $request)\n{\n $raw = $request->getContent();\n $signature = $request->header('X-Signature');\n $secret = config('services.securewave.webhook_secret');\n if (!$signature) {\n return response()->json(['error' => 'Missing signature'], 400);\n }\n $expected = hash_hmac('sha256', $raw, $secret);\n if (!hash_equals($expected, $signature)) {\n return response()->json(['error' => 'Invalid signature'], 401);\n }\n $payload = json_decode($raw, true);\n return response()->json(['status' => 'ok']);\n}\n\n ```\n\n---\n\n## Node.js\n\n``` js\nconst crypto = require('crypto');\nconst expected = crypto\n .createHmac('sha256', WEBHOOK_SECRET)\n .update(raw)\n .digest('hex');\n\n ```\n\n---\n\n## Python\n\n``` python\nexpected = hmac.new(\n WEBHOOK_SECRET.encode(),\n raw,\n hashlib.sha256\n).hexdigest()\n\n ```","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"50357536","team":11796556,"collectionId":"21b4ca73-48d2-41e7-8aee-42c0cd0a71a9","publishedId":"2sB3dWs7HT","public":true,"publicUrl":"https://documenter-api.postman.tech/view/50357536/2sB3dWs7HT","privateUrl":"https://go.postman.co/documentation/50357536-21b4ca73-48d2-41e7-8aee-42c0cd0a71a9","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.11.6","publishDate":"2025-12-22T07:07:28.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/128639d051e1872e46efe8c39f6ebbfe5600711238190cafbb0ac6e2a6acd0d1","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2sB3dWs7HT"}