API Documentation
Activate Afrigo Card
Copy
curl --request POST \
--url https://waas-card-middleware-api-staging.embedly.ng/api/v1/cards/afrigo/activate \
--header 'Content-Type: application/json' \
--header 'x-api-key: <api-key>' \
--data '
{
"accountNumber": "<string>",
"cardNumber": "<string>",
"pin": "<string>"
}
'Copy
{
"statusCode": 200,
"message": "Checkout wallet reactivated successfully",
"data": {
"id": "bfce68af-4b43-4827-abb8-985a2d3b8a79",
"walletNumber": "2225657965",
"organizationId": "02600494-1a3c-11f0-a818-6045bd97b81d",
"walletName": "Embedly Check Demo",
"status": "Reactivated",
"createdAt": "2025-07-14T16:47:32.297357Z",
"expiresAt": "2025-07-24T14:28:01.1254478Z",
"reactivatedAt": "2025-07-24T13:58:01.1254127Z",
"expectedAmount": 20000,
"checkoutRef": "CHK202507241358013544205"
}
}
Card
Activate Afrigo Card
This endpoint is to be used in activating an afrigo card issued to a customer.
POST
https://waas-card-middleware-api-staging.embedly.ng
/
api
/
v1
/
cards
/
afrigo
/
activate
Activate Afrigo Card
Copy
curl --request POST \
--url https://waas-card-middleware-api-staging.embedly.ng/api/v1/cards/afrigo/activate \
--header 'Content-Type: application/json' \
--header 'x-api-key: <api-key>' \
--data '
{
"accountNumber": "<string>",
"cardNumber": "<string>",
"pin": "<string>"
}
'Copy
{
"statusCode": 200,
"message": "Checkout wallet reactivated successfully",
"data": {
"id": "bfce68af-4b43-4827-abb8-985a2d3b8a79",
"walletNumber": "2225657965",
"organizationId": "02600494-1a3c-11f0-a818-6045bd97b81d",
"walletName": "Embedly Check Demo",
"status": "Reactivated",
"createdAt": "2025-07-14T16:47:32.297357Z",
"expiresAt": "2025-07-24T14:28:01.1254478Z",
"reactivatedAt": "2025-07-24T13:58:01.1254127Z",
"expectedAmount": 20000,
"checkoutRef": "CHK202507241358013544205"
}
}
When activating cards on behalf of your customers, you must follow the rules below to ensure data security and compliance.Card Number Format
- Always pass the card number in a partially masked format:
First 6 digits + 8 asterisks (**) + last 4 digits
Example:
123456********7890
- Algorithm: RSA
- Key: Contact the admin to obtain the RSA public key for production use
- Padding: PKCS#1 v1.5
- Encoding: UTF-8 for input, Base64 for output
- Only send the masked card number — never transmit the full card number.
- The PIN must always be encrypted using the platform’s RSA public key before sending via API.
- Do not attempt to decrypt the PIN — decryption is performed only by the platform using its private key.
- Always ensure you are using the latest RSA public key provided by the platform.
Copy
public static string Encrypt(string userPin, string publicKeyContent)
{
using var rsa = RSA.Create();
// Try PEM format first, then raw base64
try
{
rsa.ImportFromPem(publicKeyContent);
}
catch
{
// Handle raw base64 key
var keyBytes = Convert.FromBase64String(publicKeyContent);
rsa.ImportRSAPublicKey(keyBytes, out _);
}
var dataBytes = Encoding.UTF8.GetBytes(userPin);
var encrypted = rsa.Encrypt(dataBytes, RSAEncryptionPadding.Pkcs1);
return Convert.ToBase64String(encrypted);
}
This is the account number mapped to a customer’s embedly wallet. Example:
`1234561234
This is the card number issued to the customer and mapped to the account
number above. Example:
123456********7890This is the random pin choosen by the customer. Example:
encrypted stringCopy
{
"statusCode": 200,
"message": "Checkout wallet reactivated successfully",
"data": {
"id": "bfce68af-4b43-4827-abb8-985a2d3b8a79",
"walletNumber": "2225657965",
"organizationId": "02600494-1a3c-11f0-a818-6045bd97b81d",
"walletName": "Embedly Check Demo",
"status": "Reactivated",
"createdAt": "2025-07-14T16:47:32.297357Z",
"expiresAt": "2025-07-24T14:28:01.1254478Z",
"reactivatedAt": "2025-07-24T13:58:01.1254127Z",
"expectedAmount": 20000,
"checkoutRef": "CHK202507241358013544205"
}
}
⌘I