Overview

RohoPay supports Visa and Mastercard payments. All card transactions go through 3D Secure (3DS) authentication — the bank’s hosted verification page — for maximum approval rates and chargeback protection.

How Card Payments Work

1. Your app calls POST /api/v1/checkout with card details + return_url
2. RohoPay creates a card order → returns payment_url
3. Your app redirects the user to the 3DS authentication page
4. User enters their 3DS OTP/PIN on their bank's page
5. Provider redirects the user back to your return_url
6. Provider webhook confirms status (HMAC-verified)
7. RohoPay confirms status and credits the wallet

Endpoint

POST /api/v1/checkout
Content-Type: application/json
Unlike mobile money endpoints, the card checkout endpoint authenticates via api_key in the request body rather than the Authorization header. This allows client-side checkout flows.

Request Body

api_key
string
required
Your RohoPay API key (test or live). Provided in the body to support browser-side checkout forms.
amount
integer
required
Amount in smallest currency unit (e.g., 10000 for UGX 10,000).
currency
string
required
Currency code. Accepted: UGX, KES, TZS, RWF.
customer_name
string
required
Cardholder’s full name.
customer_email
string
required
Cardholder’s email address.
description
string
Payment description for the merchant dashboard.
return_url
string
required
URL the user is redirected to after 3DS completes (success or failure).
card_number
string
required
16-digit card number without spaces or dashes.
card_expiry
string
required
Card expiry in MM/YY format (e.g., 10/26).
card_cvv
string
required
3-digit CVV / security code on the back of the card.

Example Request

curl -X POST https://api.rohopay.com/api/v1/checkout \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "live_YOUR_KEY",
    "amount": 75000,
    "currency": "UGX",
    "customer_name": "Jane Mukasa",
    "customer_email": "jane@example.com",
    "description": "Premium subscription",
    "return_url": "https://your-app.com/payment/return",
    "card_number": "4111111111111111",
    "card_expiry": "10/26",
    "card_cvv": "123"
  }'

Successful Response

{
  "success": true,
  "data": {
    "transaction_id": "01j5m6n7p8q9r0s1t2u3vwxy",
    "internal_reference": "RHP-2024-CARD001",
    "payment_url": "https://payments.rohopay.com/3ds/abc123xyz",
    "status": "pending",
    "amount": 75000,
    "currency": "UGX"
  }
}
Redirect the user to payment_url immediately. Do not store or display this URL — it is a one-time-use 3DS session link.

Supported Card Brands

BrandPrefixNotes
Visa4Visa Verified (3DS)
Mastercard51–55 / 2221–2720Mastercard SecureCode (3DS)

Next Steps

3D Secure Flow

Understand the full redirect flow and how to handle the return URL.

Test Cards

Use test card numbers to simulate approvals and declines.