Paywize Connected-Banking API Documentation

Version: 1.0.0
Release Date: Feb 02, 2026

Overview

This guide helps you integrate Paywize's Connected Banking services into your application securely and seamlessly. Using our RESTful APIs, you can connect bank accounts, fetch real-time balances, and enable automated fund disbursements with high reliability and speed. This documentation covers API endpoints, security and consent mechanisms, webhook/callback formats, and detailed request and response samples.

Base URL

https://merchant.paywize.in

Security Measures

• Authentication: All requests require a Bearer token in the Authorization header
• IP Whitelisting: Only approved merchant IPs can access APIs and receive callbacks
• Webhook HMAC: Every webhook payload is signed using a shared secret for integrity verification
• TLS Enforcement: All endpoints are accessible only over HTTPS
• Rate Limiting: Transactions are controlled by both TPS and daily limits
• Input Validation: Every request payload is strictly validated before processing

Encryption and Decryption

Encryption Process:

• Encrypt the data using AES-256-CBC encryption
• Use the provided API Key as the encryption key
• Use the provided Secret Key as the Initialization Vector (IV)
• Base64 encode encrypted data to prepare it for transmission

JavaScript Encryption Code

import crypto from 'crypto';

export function encrypt(data, key, iv) {
  if (typeof data === 'object') {
    data = JSON.stringify(data);
  }
  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
  const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
  return encrypted.toString('base64');
}

JavaScript Decryption Code

import crypto from 'crypto';

export function decrypt(data, key, iv) {
  const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
  const decrypted = Buffer.concat([
    decipher.update(Buffer.from(data, 'base64')),
    decipher.final()
  ]);
  return decrypted.toString('utf8');
}