Connected Banking Overview

Paywize Connected Banking API enables multi-bank integration.

Last updated: 2026-02-21

Paywize Connected-Banking API Documentation

Version: 1.0.0
Release Date: Feb 02, 2026

Overview

This guide helps you integrate Paywize's Connected Banking services into your application securely and seamlessly. Using our RESTful APIs, you can connect bank accounts, fetch real-time balances, and enable automated fund disbursements with high reliability and speed. This documentation covers API endpoints, security and consent mechanisms, webhook/callback formats, and detailed request and response samples.

Base URL

https://merchant.paywize.in

Security Measures

Authentication: All requests require a Bearer token in the Authorization header
IP Whitelisting: Only approved merchant IPs can access APIs and receive callbacks
Webhook HMAC: Every webhook payload is signed using a shared secret for integrity verification
TLS Enforcement: All endpoints are accessible only over HTTPS
Rate Limiting: Transactions are controlled by both TPS and daily limits
Input Validation: Every request payload is strictly validated before processing

Encryption and Decryption

Encryption Process:

Encrypt the data using AES-256-CBC encryption
Use the provided API Key as the encryption key
Use the provided Secret Key as the Initialization Vector (IV)
Base64 encode encrypted data to prepare it for transmission

JavaScript Encryption Code

import crypto from 'crypto';

export function encrypt(data, key, iv) {
  if (typeof data === 'object') {
    data = JSON.stringify(data);
  }
  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
  const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
  return encrypted.toString('base64');
}

JavaScript Decryption Code

import crypto from 'crypto';

export function decrypt(data, key, iv) {
  const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
  const decrypted = Buffer.concat([
    decipher.update(Buffer.from(data, 'base64')),
    decipher.final()
  ]);
  return decrypted.toString('utf8');
}

PreviousWebhooks

NextGenerate Access Token

Overview

Security Measures

Authentication: All requests require a Bearer token in the Authorization header

IP Whitelisting: Only approved merchant IPs can access APIs and receive callbacks

Webhook HMAC: Every webhook payload is signed using a shared secret for integrity verification

TLS Enforcement: All endpoints are accessible only over HTTPS

Rate Limiting: Transactions are controlled by both TPS and daily limits

Input Validation: Every request payload is strictly validated before processing

Encryption and Decryption

Encryption Process:

Encrypt the data using AES-256-CBC encryption

Use the provided API Key as the encryption key

Use the provided Secret Key as the Initialization Vector (IV)

Base64 encode encrypted data to prepare it for transmission

JavaScript Encryption Code

import crypto from 'crypto';

export function encrypt(data, key, iv) {
  if (typeof data === 'object') {
    data = JSON.stringify(data);
  }
  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
  const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
  return encrypted.toString('base64');
}

JavaScript Decryption Code

import crypto from 'crypto';

export function decrypt(data, key, iv) {
  const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
  const decrypted = Buffer.concat([
    decipher.update(Buffer.from(data, 'base64')),
    decipher.final()
  ]);
  return decrypted.toString('utf8');
}