Endpoint

POST https://api.rohopay.com/api/v1/checkout
Content-Type: application/json
Unlike other v1 endpoints, checkout authenticates via api_key in the request body (not the Authorization header). This allows secure checkout from a browser without exposing the key in headers.

Request Body

{
  "api_key": "live_YOUR_KEY",
  "amount": 75000,
  "currency": "UGX",
  "customer_name": "Jane Mukasa",
  "customer_email": "jane@example.com",
  "description": "Premium subscription",
  "return_url": "https://your-app.com/checkout/return",
  "card_number": "4111111111111111",
  "card_expiry": "10/26",
  "card_cvv": "123"
}
FieldTypeRequiredDescription
api_keystringYour RohoPay API key
amountintegerAmount in smallest unit (e.g., 75000 for UGX 75,000)
currencystringUGX, KES, TZS, or RWF
customer_namestringCardholder full name
customer_emailstringCardholder email
descriptionstringPayment description
return_urlstringURL to redirect after 3DS completes
card_numberstring16-digit card number (no spaces)
card_expirystringExpiry in MM/YY format
card_cvvstring3-digit CVV

Response (200 OK)

{
  "success": true,
  "data": {
    "transaction_id": "01j5m6n7p8q9r0s1t2u3vwxy",
    "internal_reference": "RHP-2024-CARD001",
    "payment_url": "https://payments.rohopay.com/3ds/abc123xyz",
    "status": "pending",
    "amount": 75000,
    "currency": "UGX"
  }
}
Immediately redirect the user to payment_url. This is a one-time 3DS session link.

Return URL Parameters

After 3DS completes, the provider redirects to your return_url with: 
?status=success&reference=RHP-2024-CARD001&order_ref=relworx-ref
Do not trust ?status=success alone. Always verify via polling or webhook before fulfilling the order.

Rate Limit

30 requests per minute per IP.

Error Responses

HTTPCodeDescription
400VALIDATION_ERRORInvalid card number, expiry, CVV, or email
400CARD_EXPIREDCard expiry date is in the past
401UNAUTHORIZEDInvalid api_key in body
429RATE_LIMIT_EXCEEDED30 req/min exceeded
503PROVIDER_LINE_DOWNPayment provider unavailable