API Documentation
Complete reference for Chari Money's Banking-as-a-Service API. Integrate financial services into your applications with our robust and secure endpoints.
Getting Started
Version 1.9 · Last updated 14 avril 2026
Welcome to the official documentation for Chari Money's Banking-as-a-Service (BAAS) API. This RESTful API empowers fintechs, platforms, and developers to integrate a complete financial infrastructure into their applications: account opening with KYC verification, wallet-to-wallet transactions, card deposits (3D Secure), bank wire transfers via RIB, multi-channel merchant payments (phone, QR Code, card), beneficiary management, retail agents, and real-time webhooks. All endpoints follow a preview/execute model with asynchronous webhook confirmation.
Authentication Headers
Include the following headers with all API requests:
| Header | Type | Required | Description |
|---|---|---|---|
Chari-Api-Key | string | Required | API key for authentication. Provided by Chari for each environment (sandbox / production). |
C-Request-Id | string | Optional | Unique ID per request for tracing. Echoed back in the response. Recommended format: UUID v4. Ex: 69906411-0aa24a89-ab2005ca-9d18dc15 |
Test Credit Card (Sandbox)
PAN
4918914107195005CVV
123Expiry
08/26 (or any future date)3DS Code
555LLM & AI Pack
Complete pack optimized for LLMs and AI assistants: Markdown documentation, JSON Schemas, Mermaid diagrams, OpenAPI 3.0 spec, cURL examples and validation rules. Ideal for RAG, code generation and integration with Cursor, Copilot or Claude.
Postman Collection
Download the full Postman collection to test all API endpoints.
Changelog
2025-11-05
Initial documentation. Full API v1.8 coverage.
2025-12-01
Added merchant-kyc-upload endpoint. Enriched reference tables (docTypes, customerStatuses, accountLevels). Detailed error codes with endpoint mapping. autoActivate parameter on confirm. Fixed confirm route.
2026-04-14
Added Simulation (Sandbox) section. New Operation Types: 10=RECHARGE, 25=BILL_PAYMENT; renamed 5→MOBILE_PAYMENT, 24→CARD_PAYMENT. Transaction Status standardized: OPEN/COMPLETED/FAILED/CANCELED. Webhooks simplified: added payment.received, removed operation.created/operation.updated/customer.kyc/bank-transfer.failed. CashIn/CashOut reference format is now numeric (e.g. 1122334455).
Overview — M-Wallet in Morocco
What is an M-Wallet?
An M-Wallet (Mobile Wallet) is a regulated electronic money account that allows individuals and merchants to perform financial transactions using a mobile number as an identifier. It is part of the Bank Al-Maghrib (BAM) national framework for financial inclusion and digital payments. Each wallet is linked to a verified user identity (KYC) and stored under our Payment Institution license (CHARI MONEY) supervised by Bank Al-Maghrib.
Core Principles
Unique Wallet ID
The user's MSISDN (Mobile Number) serves as the wallet identifier.
Interoperable Network
All M-Wallets can exchange money between different providers through the national switch.
KYC Levels
Account permissions and limits depend on the user's verification (CIN, selfie, proof of address, etc.).
Real-Time Operations
Transfers, cash-in/out, merchant payments, and bill payments are executed instantly with confirmation.
Account Types
| Type | Owner | Description | Operations |
|---|---|---|---|
| Consumer (Particulier) | Individuals | Personal wallet linked to one mobile number and national ID. | Cash-in/out, P2P transfers, merchant payments, other payment services. |
| Merchant (Commerçant) | Small business, shop, or service provider | Business wallet linked to a merchant account or store. | Receive payments, transfer to bank, refund customer, other payment services. |
| Agent Retail | Authorized agent network/partner | Used by distribution agents to facilitate cash-in/out for users. | Load/unload customer wallets. |
| Agent Principal | Partner / EDP | Dedicated wallet for enterprises with higher limits and integration solutions. | Mass payouts, salary disbursements, collections, multiple other operations. |
Account Levels
| Level | KYC Requirement | Balance Limit |
|---|---|---|
| Level 1 | Name + valid phone + CIN number | 1 000 MAD |
| Level 2 | Full KYC (CIN + selfie or document scan) | 4 000 MAD |
| Level 3 | Verified ID (KYC), Interview, Digital customer record | 20 000 MAD |
| Level 4 | Full KYC, Interview, Digital customer record, Proof of income, Proof of address | 100 000 MAD |
| Merchant | Full KYB + Business registration (IF/RC) | Negotiated |
Glossary
| Term | Definition |
|---|---|
| M-Wallet | A regulated electronic money account linked to a mobile number, allowing users to perform financial transactions such as transfers, payments, and cash operations. |
| Wallet | A user account within the system that stores electronic money and is associated with a unique identifier (MSISDN). |
| MSISDN | Mobile phone number used as the primary identifier of a wallet. |
| KYC (Know Your Customer) | Verification process used to identify and validate a user's identity according to regulatory requirements. |
| KYC Level | Regulatory level assigned to a wallet based on verification status, defining transaction and balance limits. |
| Operation | A high-level business action initiated by a user or partner (e.g., cash-in, transfer, payment). |
| Transaction | A financial movement (debit, credit, fees, adjustment) generated as part of an operation. |
| Operation Type | Category of business action (e.g., CASHIN, TRANSFER, PAYMENT). |
| Transaction Type | Type of financial movement associated with an operation (e.g., debit, credit, fees). |
| Operation Status | Current lifecycle state of an operation (e.g., OPEN, COMPLETED, FAILED). |
| Transaction Status | Processing state of a transaction (e.g., COMPLETED, FAILED). |
| Reference | A unique identifier generated for a pending operation (e.g., cash-in/out), used to complete the transaction through an external network. |
| Agent / Network | Authorized third-party entity or distribution channel used to execute cash-in and cash-out operations. |
| API Key | Secure token used to authenticate partner requests to the BAAS API. |
| Webhook | Automated HTTP callback sent by the system to notify partners about operation or transaction updates. |
Customer Registration
Full customer lifecycle management: status check, registration, OTP confirmation, PIN management, balance and info retrieval, and unregistration.
{host}/api/customers/statusCheck Status with Chari
Retrieve the current registration status of a customer with Chari only.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
Notes
- •0 : Not exists — The number does not exist with ChariMoney.
- •1 : Not confirmed — The number exists with ChariMoney but is not yet enrolled with Switch (OTP not entered).
- •2 : Confirmed — The number exists and is registered with Switch.
- •3 : Active — Registered with Switch and active with ChariMoney (PIN created).
- •4 : Locked temporary — The number is temporarily blocked (max attempts exceeded).
- •5 : Locked — The number is blocked.
{host}/api/customers/defaultCheck Status with Switch
Retrieve whether Chari is the default wallet for the customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
Notes
- •true : Chari is the default wallet for the customer.
- •false : Chari is NOT the default wallet for the customer.
{host}/api/customers/register202Register
Initiate a new customer registration process. An OTP will be sent via SMS.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | body | Required | The customer's phone number. Format: +212********* |
firstName | string | body | Required | Minimum 2 letters (latin characters only) |
lastName | string | body | Required | Minimum 2 letters (latin characters only) |
cin | string | body | Required | Minimum 5 characters |
walletType | string | body | Required | "P": Particular (Particulier) / "C": Merchant (Commerçant) |
closeLoopOnly | boolean | body | Optional | If true, enroll the customer in CloseLoop mode only. In that case, the OTP is sent directly by CHARI. |
{host}/api/customers/confirm200Confirm
Confirm a registration using OTP as a verification method.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | body | Required | The customer's phone number. Format: +212********* |
code | string | body | Required | The received OTP code with format: xxx-xxx |
walletType | string | body | Required | 2 accepted types: "P": Particular (Particulier), "C": Merchant (Commerçant). |
autoActivate | boolean | body | Optional | Default value: false. Indicates whether the wallet should be activated automatically after OTP validation. If false, the user must complete activation by setting or entering a PIN. If true, the wallet is activated automatically, without requiring a PIN. |
{host}/api/customers/confirm/resend-otpResend OTP
Resend the One-Time Password for registration or confirmation.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
{host}/api/customers/loginLogin with PIN
Authenticate an existing customer using their PIN.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | body | Required | The customer's phone number. Format: +212********* |
pin | string | body | Required | PIN of the customer. |
Notes
- •logged : true if authentication succeeded, false otherwise.
- •remainingAttempts : number of remaining attempts before account lockout.
{host}/api/customers/pinCreate PIN
Set up a secure PIN for a registered customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | body | Required | The customer's phone number. Format: +212********* |
pin | string | body | Required | PIN of the customer. (4 numbers required) |
{host}/api/customers/pinUpdate PIN
Change an existing PIN for security or user preference.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | body | Required | The customer's phone number. Format: +212********* |
oldPin | string | body | Required | Existing PIN of the customer. |
newPin | string | body | Required | New PIN of the customer. |
{host}/api/customers/pin/resetComing SoonReset PIN
Reset customer PIN. To be delivered in the next version.
No parameters required.
{host}/api/customers/balanceGet Customer Balance
Retrieve the balance of a registered customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
{host}/api/customers/infoGet Customer Info
Retrieve detailed profile data for a registered customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
Notes
- •accountLevel : account level (1 = basic, 2-4 = higher KYC levels).
- •customerStatus : customer status (see "Check Status with Chari" endpoint).
- •rib : Bank Account Identifier (RIB) associated with the wallet.
{host}/api/customers/unregisterUnregister
Deactivate or remove a customer from the platform.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | body | Required | The customer's phone number. Format: +212********* |
Reason | int | body | Required | Closure reason code (see notes). |
Notes
- •1 : Closure at the initiative of the EDP — Unspecified reason
- •2 : Closure at the initiative of the EDP — Suspicion of fraud
- •3 : Closure at the initiative of the client — Contract closure
- •4 : Closure at the initiative of the client — Lost or stolen phone
- •5 : Closure at the initiative of the client — Unspecified reason
KYC
Mobile KYC flow (iOS/Android) powered by ShareID. Your app launches the ShareID SDK for document scan and selfie capture; ShareID performs quality, authenticity, and face-to-document matching.
Integration Flow
- 1Your app calls "/kyc/shareid/auth" to obtain a short-lived KYC token.
- 2The app opens the ShareID SDK with that token.
- 3The user scans their ID and completes a guided selfie.
- 4ShareID runs the checks.
- 5Your app calls "/kyc/session/complete" to signal the flow has finished on-device.
- 6A callback is sent to our API with status and documents.
{host}/api/kyc/shareid/authAuthentication
Obtain a short-lived KYC token to launch ShareID SDK.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
Notes
- •baseUrl : Base URL of the ShareID SDK to use.
- •applicant_id : unique identifier of the KYC request.
- •token : temporary JWT token for SDK-side authentication.
{host}/api/customers/upgrade/requestConfirmation
Signal the KYC flow has finished on-device and request account upgrade.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
AccountLevel | int | query | Required | The account level to upgrade to (2, 3, or 4). |
{host}/api/merchant/kyc/requestMerchant KYC Upload
Upload merchant KYC documents to request an account upgrade (multipart/form-data).
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Merchant phone number. Format: +212********* |
KycDocuments | multipart form | body | Required | Array of KYC document objects. Multiple documents can be sent in a single request by repeating the indexed fields (e.g. kycDocuments[0], kycDocuments[1], ...). |
KycDocuments[n].DocType | int | body | Required | Document type (see Document Types table). |
KycDocuments[n].DocFront | file | body | Required | Front image of the document. Accepted formats: PNG, JPG/JPEG, PDF. |
KycDocuments[n].DocBack | file | body | Optional | Back image (required for IdentityCard, DrivingLicense, ResidencePermit). |
Operations
All financial operations: card deposits, wallet-to-wallet transfers, bank transfers, merchant payments, chargebacks, refunds, and reference-based requests.
CashIn Card
Test Credit Card
Valid credit card numbers to add funds in sandbox environment.
PAN
4918914107195005CVV
123Expiry
08/26 (or any future date)3DS Code
555{host}/api/operations/cashin/card/previewPreview (by Phone)
Check feasibility of depositing funds into a customer's wallet from a card.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. Format : +212********* |
Amount | decimal | body | Required | Montant à déposer. Doit être un nombre positif. |
{host}/api/operations/cashin/cardExecute (by Phone)
Add funds to a customer's wallet from a payment card. Triggers 3D Secure authentication.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
FirstName | string | body | Required | Prénom du titulaire de la carte. |
LastName | string | body | Required | Nom du titulaire de la carte. |
Cvv | string | body | Required | Code de sécurité à 3 chiffres (CVV). |
Amount | decimal | body | Required | Montant à déposer. |
Currency | string | body | Optional | Code devise ISO 3 lettres (ex : MAD). |
Pan | string | body | Required | Numéro complet de la carte (PAN). |
ExpiryDate | string | body | Required | Date d'expiration au format YYMM. |
KeepAlive | bool | body | Required | true : sauvegarder la carte pour usage futur / false : usage unique. |
CardName | string | body | Optional | Nom choisi par l'utilisateur pour sauvegarder la carte. |
Notes
- •After 3D Secure authentication, the user is redirected to acceptURL or declineURL.
- •RESPONSE_CODE in the redirect URL: 0 = success, any other value = failure.
- •REASON_CODE : human-readable reason for the result (e.g., SUCCESS, DECLINED).
- •Validate RESPONSE_CODE and REASON_CODE to determine the next action in your application.
{host}/api/operations/cashin/card/{cardId}Execute with Saved Card
Add funds from a saved tokenized card.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
CardId | int | route | Required | Identifiant de la carte sauvegardée. |
Cvv | string | body | Required | Code de sécurité à 3 chiffres. |
Amount | decimal | body | Required | Montant à déposer. |
Notes
- •After 3D Secure authentication, the user is redirected to acceptURL or declineURL depending on the outcome.
- •The redirect URL includes parameters: RESPONSE_CODE (0 = success, any other = failure), REASON_CODE (human-readable reason: SUCCESS, DECLINED…) and OPERATION (operation type, e.g. PAYMENT).
- •Validate RESPONSE_CODE and REASON_CODE upon receiving the redirect to determine the next action in your application.
{host}/api/operations/cashin/card/agent/previewPreview (by Agent)
Check feasibility of depositing funds via agent code.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
code | string | query | Required | Code de l'agent. |
Amount | decimal | body | Required | Montant à déposer. |
{host}/api/operations/cashin/card/agentExecute (by Agent)
Add funds to a customer's wallet via agent.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
agent | string | query | Required | Code de l'agent. |
FirstName | string | body | Required | Prénom du titulaire de la carte. |
LastName | string | body | Required | Nom du titulaire de la carte. |
Cvv | string | body | Required | Code de sécurité à 3 chiffres. |
Amount | decimal | body | Required | Montant à déposer. |
Pan | string | body | Required | Numéro complet de la carte. |
ExpiryDate | string | body | Required | Date d'expiration au format YYMM. |
KeepAlive | bool | body | Required | Sauvegarder la carte pour usage futur. |
Currency | string | body | Optional | The 3-letter ISO currency code (e.g., MAD). |
CardName | string | body | Optional | Name chosen by the user to save the card. |
Notes
- •After 3D Secure authentication, the user is redirected to acceptURL or declineURL depending on the outcome.
- •The redirect URL includes parameters: RESPONSE_CODE (0 = success, any other = failure), REASON_CODE (human-readable reason: SUCCESS, DECLINED…) and OPERATION (operation type, e.g. PAYMENT).
- •Validate RESPONSE_CODE and REASON_CODE upon receiving the redirect to determine the next action in your application.
Transfer
{host}/api/operations/transfer/previewPreview
Check feasibility of moving funds between customers' wallets internally.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Required | Numéro de l'émetteur. Format : +212********* |
Amount | decimal | body | Required | Montant à transférer. |
Reason | string | body | Required | Motif du transfert. |
RecipientPhoneNumber | string | body | Required | Numéro du bénéficiaire. Format : +212********* |
BeneficiaryId | int | body | Optional | Référence à un bénéficiaire existant (optionnel). |
{host}/api/operations/transferExecute
Move funds between customers' wallets internally.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Required | Numéro de l'émetteur. |
Amount | decimal | body | Required | Montant à transférer. |
Reason | string | body | Required | Motif du transfert. |
RecipientPhoneNumber | string | body | Required | Numéro du bénéficiaire. |
BeneficiaryId | int | body | Optional | Reference to an existing beneficiary (optional). |
Bank Transfer
{host}/api/operations/bank-transfer/previewPreview
Check feasibility of sending money from a wallet to an external bank account.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Optional | Required if AgentCode is empty. Mutually exclusive with AgentCode (one OR the other). |
AgentCode | string | body | Optional | Required if CustomerPhoneNumber is empty. Agent Code (Principal or Retail). Mutually exclusive with CustomerPhoneNumber. |
Amount | decimal | body | Required | Amount to transfer. |
Reason | string | body | Required | Transfer reason (latin characters only, max 35 chars). |
BeneficiaryId | int | body | Optional | Optional if rib + beneficiaryName are provided. |
BeneficiaryName | string | body | Optional | Optional if beneficiaryId is provided. |
Rib | string | body | Optional | RIB: 24-digit numeric string. Optional if beneficiaryId is provided. |
Notes
- •Au moins un identifiant parmi beneficiaryId ou (rib + beneficiaryName) doit être fourni.
{host}/api/operations/bank-transferExecute
Send money from a wallet to an external bank account.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Optional | Required if AgentCode is empty. Mutually exclusive with AgentCode (one OR the other). |
AgentCode | string | body | Optional | Required if CustomerPhoneNumber is empty. Mutually exclusive with CustomerPhoneNumber. |
Amount | decimal | body | Required | Amount to transfer. |
Reason | string | body | Optional | Transfer reason (optional at execute step). |
BeneficiaryId | int | body | Optional | Optional if rib + beneficiaryName are provided. |
BeneficiaryName | string | body | Optional | Optional if beneficiaryId is provided. |
Rib | string | body | Optional | RIB: 24 digits. Required if no beneficiaryId. |
Merchant Payment
{host}/api/operations/merchant/payment/push/manual/previewBy Phone — Preview
Check Pay Merchant by PhoneNumber.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Required | Numéro du client payeur. |
Amount | decimal | body | Required | Montant du paiement. |
Reason | string | body | Required | Motif du paiement. |
RecipientPhoneNumber | string | body | Required | Numéro du marchand. |
BeneficiaryId | int | body | Optional | Reference to an existing beneficiary (optional). |
{host}/api/operations/merchant/payment/push/manualBy Phone — Execute
Pay Merchant by PhoneNumber.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Required | Numéro du client payeur. |
Amount | decimal | body | Required | Montant du paiement. |
Reason | string | body | Required | Motif du paiement. |
RecipientPhoneNumber | string | body | Required | Numéro du marchand. |
BeneficiaryId | int | body | Optional | Reference to an existing beneficiary (optional). |
{host}/api/operations/merchant/payment/push/qrcode/previewBy QR Code — Preview
Check Pay Merchant by QR Code.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Required | Numéro du client payeur. |
QrCodeContent | string | body | Required | Contenu du QR Code scanné. |
Amount | decimal | body | Required | Montant du paiement. |
{host}/api/operations/merchant/payment/push/qrcodeBy QR Code — Execute
Pay Merchant by QR Code.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
CustomerPhoneNumber | string | body | Required | Numéro du client payeur. |
QrCodeContent | string | body | Required | Contenu du QR Code. |
Amount | decimal | body | Required | Montant du paiement. |
{host}/api/operations/merchant/payment/push/card/previewBy Card — Preview
Check Pay Merchant by card (Card to Wallet).
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro du marchand. |
Amount | decimal | body | Required | Montant du paiement. |
{host}/api/operations/merchant/payment/cardBy Card — Execute
Pay Merchant by card (Card to Wallet). 3DS flow: the response provides `redirectionURL` to open.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro du marchand. Format : +212********* |
FirstName | string | body | Required | Prénom du titulaire. |
LastName | string | body | Required | Nom du titulaire. |
Cvv | string | body | Required | CVV (3 chiffres). |
Amount | decimal | body | Required | Montant du paiement. |
Pan | string | body | Required | Numéro de carte (PAN). |
ExpiryDate | string | body | Required | Date d'expiration au format `YYMM`. Ex : `2608`. |
KeepAlive | bool | body | Required | Tokenizer la carte pour réutilisation via l'endpoint Tokenized Card. |
Currency | string | body | Optional | Devise. Par défaut : MAD. |
3dSecure | bool | body | Optional | Activer 3D Secure. Par défaut : true. |
FeesPercent | decimal | body | Optional | Pourcentage de frais appliqués au payeur. |
AllowInternationalCards | bool | body | Optional | Accepter les cartes internationales. |
InternationalFeesPercent | decimal | body | Optional | Frais % spécifiques aux cartes internationales. |
AutoCapture | bool | body | Optional | Capture automatique du paiement. |
NotificationUrl | string | body | Optional | URL notifiée après fin de transaction (succès/échec). |
AcceptUrl | string | body | Optional | URL de redirection en cas de succès 3DS. |
CardName | string | body | Optional | Libellé de la carte (pour tokenisation). |
ExternalReference | string | body | Optional | Référence externe du marchand. |
Notes
- •After 3D Secure authentication, the user is redirected to acceptURL or declineURL depending on the outcome.
- •The redirect URL includes parameters: RESPONSE_CODE (0 = success, any other = failure), REASON_CODE (human-readable reason: SUCCESS, DECLINED…) and OPERATION (operation type, e.g. PAYMENT).
- •Validate RESPONSE_CODE and REASON_CODE upon receiving the redirect to determine the next action in your application.
{host}/api/operations/merchant/payment/tokenized/card/{cardId}By Tokenized Card — Execute
Pay Merchant via a previously tokenized card (`KeepAlive = true`). Only the CVV is required.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
cardId | int | path | Required | ID de la carte tokenisée. |
PhoneNumber | string | query | Required | Numéro du marchand. Format : +212********* |
Cvv | string | body | Required | CVV (3 chiffres). |
Amount | decimal | body | Required | Montant du paiement. |
Notes
- •Same response structure as "Merchant Payment By Card — Execute".
- •After 3D Secure authentication, the user is redirected to acceptURL or declineURL depending on the outcome.
- •The redirect URL includes parameters: RESPONSE_CODE (0 = success, any other = failure), REASON_CODE (human-readable reason) and OPERATION.
{host}/api/operations/merchant/qrcode/staticStatic QR Generation
Generate a static QR Code for a merchant (no amount embedded). The customer enters the amount at payment time.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro du marchand. |
MaskedNumber | bool | query | Optional | Masquer le numéro du marchand dans le contenu QR. Ex : +2126######74 |
{host}/api/operations/merchant/qrcodeDynamic QR Generation
Generate a dynamic QR Code with a fixed amount and a unique reference.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro du marchand. |
MaskedNumber | bool | query | Optional | Masquer le numéro du marchand. |
Amount | decimal | body | Required | Montant fixe du QR Code. |
Notes
- •QR statique (GET) : aucun montant intégré, le client saisit le montant au paiement.
- •QR dynamique (POST) : montant fixe intégré, référence unique `qrCodeReference`.
ChargeBack
{host}/api/operations/chargeback/previewPreview
Check the feasibility of performing a chargeback.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
SourcePhoneNumber | string | body | Required | Numéro du client à l'origine. Format : +212********* |
Amount | decimal | body | Required | Montant du chargeback. |
Description | string | body | Required | Motif du chargeback. |
DestinationPhoneNumber | string | body | Required | Numéro du destinataire. Format : +212********* |
OriginalOperationId | int | body | Required | ID de l'opération d'origine qui a déclenché le chargeback. |
{host}/api/operations/chargebackExecute
Execute a chargeback operation.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
SourcePhoneNumber | string | body | Required | Numéro du client à l'origine. |
Amount | decimal | body | Required | Montant du chargeback. |
Description | string | body | Required | Motif du chargeback. |
DestinationPhoneNumber | string | body | Required | Numéro du destinataire. |
OriginalOperationId | int | body | Required | ID de l'opération d'origine. |
Request Operations
{host}/api/operations/cashin/requestRequest CashIn
Request a CashIn operation. Generates a unique reference that expires over time.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | body | Required | Numéro de téléphone du client. |
Amount | decimal | body | Required | Montant du CashIn. |
Notes
- •operationType : 1 = CashIn, 2 = CashOut
- •operationStatus : 1 = open, 2 = completed, 3 = failed, 4 = canceled
{host}/api/operations/cashout/requestRequest CashOut
Request a CashOut operation. Generates a unique reference that expires over time.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | body | Required | Numéro de téléphone du client. |
Amount | decimal | body | Required | Montant du CashOut. |
Get Operations
{host}/api/operationsBy Customer
Get a list of operations for a specific customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
PageSize | int | query | Optional | Résultats par page. Par défaut : 10 |
PageNumber | int | query | Optional | Numéro de page. Par défaut : 1 |
OperationType | list int | query | Optional | 1=CASHIN, 2=CASHOUT, 3=TRANSFER, 5=MOBILE_PAYMENT, 7=PAYMENT_REFUND, 9=BANK_TRANSFER, 10=RECHARGE, 12=CHARGEBACK, 24=CARD_PAYMENT, 25=BILL_PAYMENT |
TransactionStatus | int | query | Optional | 1=OPEN, 2=COMPLETED, 3=FAILED, 4=CANCELED |
Sens | int | query | Optional | 1=CREDIT, 2=DEBIT |
From | datetime | query | Optional | Date/heure de début du filtre. |
To | datetime | query | Optional | Date/heure de fin du filtre. |
Notes
- •collection : liste paginée des opérations.
- •count : nombre total d'opérations correspondant aux filtres.
- •accountNumber : peut être un numéro de téléphone, un RIB ou un accountId.
{host}/api/operations/{id}By ID
Get a specific operation by its ID.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
Id | int | route | Required | ID de l'opération. |
Notes
- •operationId : identifiant de l'opération globale.
- •transactionId : identifiant de la transaction principale (une opération peut générer plusieurs transactions : débit émetteur, crédit destinataire, frais, etc.).
- •transactionReference : référence de la transaction principale.
- •amount : montant initial.
- •totalAmount : montant après application des frais et commissions.
{host}/api/operations/allAll (by Partner)
Get a list of all operations by partner.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | The customer's phone number. Format: +212********* |
PageSize | int | query | Optional | Results per page. Default: 10. |
PageNumber | int | query | Optional | Page number (starts at 1). Default: 1. |
OperationType | list int | query | Optional | Filter by operation type. |
TransactionStatus | int | query | Optional | Filter by transaction status. |
Sens | int | query | Optional | 1 = CREDIT, 2 = DEBIT. |
From | datetime | query | Optional | Operations from datetime. |
To | datetime | query | Optional | Operations until datetime. |
{host}/api/operations/c-request-idComing SoonGet Operation By C-Request-Id
Get an operation by its C-Request-Id. To be delivered in the next version.
No parameters required.
Refund
{host}/api/operations/refund/previewPreview
Check refund feasibility after merchant payment.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | body | Required | Numéro du client à rembourser. |
OperationId | int | body | Required | ID de l'opération à rembourser. |
RefundAmount | decimal | body | Required | Montant du remboursement. |
OrderId | string | body | Required | OrderId original du paymentGateway. |
TransactionTrackId | string | body | Required | TransactionTrackId original du paymentGateway. |
{host}/api/operations/refundExecute
Refund customers after merchant payment.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
phoneNumber | string | body | Required | Numéro du client. |
OperationId | int | body | Required | ID de l'opération à rembourser. |
RefundAmount | decimal | body | Required | Montant du remboursement. |
OrderId | string | body | Required | OrderId original. |
TransactionTrackId | string | body | Required | TransactionTrackId original. |
Beneficiary
Manage a customer's beneficiaries: list, add, update, and delete. Beneficiaries can be identified by phone number and/or RIB.
{host}/api/customer/beneficiariesGet Beneficiaries
Get a list of beneficiaries for a customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
PageSize | int | query | Optional | Résultats par page. Par défaut : 10 |
PageNumber | int | query | Optional | Numéro de page. Par défaut : 1 |
Search | string | query | Optional | Filtrer par mot-clé. |
From | datetime | query | Optional | Date de création — début. |
To | datetime | query | Optional | Date de création — fin. |
{host}/api/customer/beneficiariesAdd Beneficiary
Add a new beneficiary. At least PhoneNumber or RIB must be provided.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber (query) | string | query | Required | Numéro de téléphone du client (propriétaire). |
Name | string | body | Required | Nom du bénéficiaire. Minimum 2 lettres. |
PhoneNumber | string | body | Optional | Numéro du bénéficiaire. Format : +212********* |
Rib | string | body | Optional | RIB du bénéficiaire. 24 chiffres. |
Email | string | body | Optional | Email du bénéficiaire. |
Notes
- •PhoneNumber ou RIB : au moins l'un des deux doit être fourni.
{host}/api/customer/beneficiaries/{id}Update Beneficiary
Update an existing beneficiary.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber (query) | string | query | Required | Customer (owner) phone number. |
Id | int | route | Required | Beneficiary ID to update. |
Name | string | body | Required | Beneficiary name. Minimum 2 letters. |
PhoneNumber (body) | string | body | Optional | Beneficiary phone number. |
Rib | string | body | Optional | Beneficiary RIB. 24 digits. |
Email | string | body | Optional | Beneficiary email. |
{host}/api/customer/beneficiaries/{Id}Delete Beneficiary
Delete an existing beneficiary.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
Id | int | route | Required | ID du bénéficiaire à supprimer. |
Tokenized Cards
View and manage saved (tokenized) bank cards of a customer.
{host}/api/customers/tokenized/cardsGet Cards by Customer
Retrieve all tokenized cards for a customer.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
PageSize | int | query | Optional | Résultats par page. Par défaut : 10 |
PageNumber | int | query | Optional | Numéro de page. Par défaut : 1 |
Notes
- •customerBankCardId: unique identifier for the saved card.
- •maskedPan: masked card number (last 4 digits).
- •issuer: name of the issuing bank.
- •scheme: card network (Visa, Mastercard, etc.).
- •cardName: optional label chosen by the customer at tokenization.
{host}/api/customers/tokenized/cards/{id}Get Card by ID
Retrieve a specific tokenized card by its ID.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | query | Required | Numéro de téléphone du client. |
Id | int | route | Required | ID de la carte. |
{host}/api/customers/tokenized/cards/{id}Coming SoonDelete Tokenized Card
Delete a tokenized card. To be delivered in the next version.
No parameters required.
Retail Agents
Manage retail agents: list, add, and execute CashIn/CashOut operations by reference.
{host}/api/agents/retailGet Retail Agents
List all retail agents.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Code | string | query | Required | Code de l'agent. |
PageSize | int | query | Optional | Résultats par page. Par défaut : 10 |
PageNumber | int | query | Optional | Numéro de page. Par défaut : 1 |
From | datetime | query | Optional | Création de l'agent — date début. |
To | datetime | query | Optional | Création de l'agent — date fin. |
{host}/api/agents/retail/{code}Get Agent by Code
Get a specific retail agent by code.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Code | string | route | Required | Code de l'agent. |
{host}/api/agents/retailAdd Retail Agent
Add a new retail agent.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
PhoneNumber | string | body | Required | Numéro de téléphone de l'agent. Format : +212********* |
Name | string | body | Required | Nom commercial de l'agent. |
FirstName | string | body | Required | Prénom. Minimum 2 lettres. |
LastName | string | body | Required | Nom de famille. Minimum 2 lettres. |
Cin | string | body | Required | Numéro de pièce d'identité. |
Address | string | body | Optional | Adresse de l'agent. |
Email | string | body | Optional | Email de l'agent. |
{host}/api/agents/retail/{code}Coming SoonUpdate Retail Agent
Update a retail agent. To be delivered in the next version.
No parameters required.
{host}/api/operations/cashin/requestGet CashIn by Reference
Retrieve requested operation details using a unique reference ID.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Reference | string | query | Required | Référence unique de l'opération. |
Notes
- •type : 1 = CashIn, 2 = CashOut
- •status : 1 = open, 2 = completed, 3 = failed
{host}/api/operations/cashin/agentExecute CashIn by Reference
Execute a CashIn operation by the agent.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Code | string | body | Required | The code of the Agent performing the operation. |
Reference | string | body | Required | The reference ID of the operation to retrieve. |
{host}/api/operations/cashout/requestGet CashOut by Reference
Retrieve CashOut operation details by reference.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Reference | string | query | Required | Référence unique de l'opération. |
{host}/api/operations/cashout/agentExecute CashOut by Reference
Execute a CashOut operation by the agent.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Code | string | body | Required | The code of the Agent performing the operation. |
Reference | string | body | Required | The reference ID of the operation to retrieve. |
Principal Agents
View information about a principal agent.
{host}/api/agents/principalGet Principal Agent by Code
Get the account info of a principal agent.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
Code | string | query | Required | The code of the principal agent. |
Notes
- •Response: Agent object + Account object (balance, RIB, level, etc.).
Simulation (Sandbox)
Sandbox-only simulation endpoints to complete CashIn/CashOut reference operations without interacting with a real agent network. Combine with the test card below to run an end-to-end flow.
Test Credit Card
Use this test card data for card deposit testing in sandbox environment.
PAN
4918914107195005CVV
123Expiry
08/26 (or any future date)3DS Code
555{host}/api/simulate/network/operations/cashin200Simulate Network CashIn
Simulates execution of a CashIn by reference (network agent step). Triggers the `cashin.network.executed` webhook.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
reference | string | body | Required | Numeric reference returned when the CashIn request was created. |
{host}/api/simulate/network/operations/cashout200Simulate Network CashOut
Simulates execution of a CashOut by reference (network agent step). Triggers the `cashout.network.executed` webhook.
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
reference | string | body | Required | Numeric reference returned when the CashOut request was created. |
Webhooks
Webhooks let Chari BAAS notify your system about events (operation completed, KYC updates, etc.) in near-real time. Your server exposes an HTTPS endpoint; we POST signed JSON events to it.
HTTP Request
https://{your-domain}/webhooks/chariVous pouvez fournir tout autre endpoint.
Headers
Content-Type: application/jsonUser-Agent: Chari-BAAS-Webhook/1.0C-Webhook-Id: xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxxX-Api-Key: xxxxxxxx- •C-Webhook-Id : identifiant unique de la requête webhook, généré par Chari.
- •X-Api-Key : clé secrète pour l'authentification de votre système (vous devez nous fournir cette clé).
Expected response: 200 OK within 5s (empty body). In case of a business error or breach of contract sent by us, please return a 400 error with a description of the problem. Any non-2xx triggers a retry.
Event Body Properties
Common properties
| Property | Type | Required | Description |
|---|---|---|---|
WebhookId | string | Required | Identifiant du webhook. |
EventId | string | Required | Type d'événement. Ex : bank-transfer.initiated |
CRequestId | string | Required | Identifiant de traçage reçu du partenaire. |
OperationId | int | Required | ID de l'opération exécutée (peut être 0 si aucune opération créée). |
TransactionId | int | Optional | ID de la transaction principale. |
OperationType | int | Required | Code du type d'opération (voir Types). |
OperationStatus | int | Required | 1 = Open, 2 = Completed, 3 = Failed, 4 = Canceled |
CreatedAt | date | Required | Date de début du processus. |
ExecutedAt | date | Required | Date d'exécution de l'opération. |
Amount | decimal | Required | Montant de l'opération. |
FeeAmount | decimal | Required | Montant des frais. |
PrimaryAccountNumber | string | Required | Numéro de téléphone de l'émetteur. |
SecondaryAccountNumber | string | Optional | Numéro de téléphone du destinataire. |
Method | string | Optional | Méthode : Card / Agent / Network |
Cash-in Card specific
| Property | Type | Required | Description |
|---|---|---|---|
CustomData | string | Optional | Données personnalisées fournies par le partenaire (max 128 caractères). |
GatewayTrackId | string | Optional | Gateway Transaction Track Id. |
GatewayOrderId | string | Optional | Gateway Transaction Order Id. |
GatewayReferenceId | string | Optional | Gateway Transaction Reference Id. |
Bank Transfer specific
| Property | Type | Required | Description |
|---|---|---|---|
BankTransferBeneficiaryName | string | Optional | Nom du bénéficiaire pour les virements bancaires. |
Cash-in / Cash-out (network reference)
| Property | Type | Required | Description |
|---|---|---|---|
NetworkName | string | Optional | Nom du réseau pour les opérations réseau. |
Reference | string | Optional | Référence de l'opération par référence. |
Retry Policy
Events
| Event ID | Description |
|---|---|
customer.level.updated | Customer account level updated |
cashin.card.authorized | CashIn by Card accepted |
payment.card.authorized | Payment by Card accepted |
payment.received | Payment received by merchant |
bank-transfer.initiated | Bank transfer sent |
bank-transfer.completed | Bank transfer finalized (settled, rejected, or returned — inspect OperationStatus) |
bank-transfer.received | Bank transfer received |
transfer.received | Transfer received |
cashin.network.executed | CashIn by reference executed |
cashout.network.executed | CashOut by reference executed |
Example Event Body
Bank Transfer
{
"data": {
"WebhookId": 12345,
"CRequestId": "a4d1e0b5-9f6a-4c1d-bc7b-2d0a7f4b9b12",
"OperationId": 924381,
"OperationType": 5,
"OperationStatus": 2,
"CreatedAt": "2025-11-05T10:12:00Z",
"ExecutedAt": "2025-11-05T10:12:22Z",
"Amount": 25000.00,
"FeeAmount": 350.00,
"CustomData": "{\"note\":\"Salary for October\"}",
"PrimaryAccountNumber": "+212711111111",
"SecondaryAccountNumber": "+212722222222",
"Method": "BankTransfer",
"Reference": "BANK-REF-9FJ2X7",
"BankTransferBeneficiaryName": "Aminata Diop"
}
}CashIn Card
{
"data": {
"WebhookId": 12346,
"CRequestId": "7b8c9f1a-15da-4e1c-8c3b-3a2bd0ed5e6f",
"OperationId": 563210,
"OperationType": 1,
"OperationStatus": 2,
"CreatedAt": "2025-11-05T09:41:00Z",
"ExecutedAt": "2025-11-05T09:41:18Z",
"Amount": 10000.00,
"FeeAmount": 150.00,
"CustomData": "ref12345",
"PrimaryAccountNumber": "+212711111111",
"Method": "Card",
"GatewayTrackId": "83c1d1c7",
"GatewayOrderId": "20251105_00045",
"GatewayReferenceId": "6f92b0aa"
}
}Response Format
All API responses are wrapped in a `data` object. The C-Request-Id header you send is echoed back in the response.
C-Request-Id Header
Our API supports the C-Request-Id header to allow networks to track requests efficiently. You can include a unique C-Request-Id in the request headers, which will be echoed back in the response.
Types & References
Operation Types
| ID | Code |
|---|---|
| 1 | CASHIN |
| 2 | CASHOUT |
| 3 | TRANSFER |
| 5 | MOBILE_PAYMENT |
| 7 | PAYMENT_REFUND |
| 9 | BANK_TRANSFER |
| 10 | RECHARGE |
| 12 | CHARGEBACK |
| 24 | CARD_PAYMENT |
| 25 | BILL_PAYMENT |
Transaction Types
| ID | Code |
|---|---|
| 1 | CASHIN |
| 2 | CASHOUT |
| 3 | TRANSFER |
| 5 | MOBILE_PAYMENT |
| 6 | TRANSACTION_FEES |
| 7 | PAYMENT_REFUND |
| 9 | CHARGEBACK |
| 10 | CHARGEBACK_CANCELLATION |
| 16 | BANK_TRANSFER |
| 17 | RECHARGE |
| 18 | CASHBACK |
| 24 | CARD_PAYMENT |
| 25 | BILL_PAYMENT |
Operation Statuses
| ID | Code | Description |
|---|---|---|
| 1 | OPEN | Open (lifecycle in progress) |
| 2 | COMPLETED | Completed successfully |
| 3 | FAILED | Failed |
| 4 | CANCELED | Canceled |
Transaction Statuses
| ID | Code | Description |
|---|---|---|
| 1 | OPEN | Open (in progress) |
| 2 | COMPLETED | Completed |
| 3 | FAILED | Failed |
| 4 | CANCELED | Canceled |
Transaction Direction (Sens)
| ID | Code | Description |
|---|---|---|
| 1 | CREDIT | Credit (incoming funds) |
| 2 | DEBIT | Debit (outgoing funds) |
Customer Statuses
| ID | Code | Description |
|---|---|---|
| 0 | NOT_EXISTS | Number does not exist at ChariMoney |
| 1 | NOT_CONFIRMED | Exists but not confirmed (OTP not entered) |
| 2 | CONFIRMED | Confirmed and registered with Switch |
| 3 | ACTIVE | Registered, active, and PIN created |
| 4 | LOCKED_TEMPORARY | Temporarily locked (excessive attempts) |
| 5 | LOCKED | Locked |
Account Levels
| ID | Code | Description |
|---|---|---|
| 1 | LEVEL_1 | Level 1 — Name + valid phone + CIN number. Limit: 1,000 MAD. |
| 2 | LEVEL_2 | Level 2 — Full KYC (CIN + selfie or document scan). Limit: 4,000 MAD. |
| 3 | LEVEL_3 | Level 3 — Verified ID + interview + digital customer record. Limit: 20,000 MAD. |
| 4 | LEVEL_4 | Level 4 — Full KYC + interview + proof of income + proof of address. Limit: 100,000 MAD. |
| 5 | MERCHANT | Merchant — Full KYB + IF/RC business registration. Limit: negotiated. |
Document Types
| ID | Code | Description |
|---|---|---|
| 1 | IdentityCard | National identity card |
| 2 | DrivingLicense | Driving license |
| 3 | Passport | Passport |
| 4 | ResidencePermit | Residence permit |
| 5 | ProofOfIncome | Proof of income |
| 6 | ProofOfResidence | Proof of residence |
| 7 | Selfie | Selfie / Face photo |
| 8 | CommercialRegister | Commercial register |
Error Codes
HTTP Status Codes
Error Response Format
{
"errorCode": 20005,
"errorDescription": "The specified user could not be found."
}Chari Error Codes
10xxxGeneral
| Code | Message | Related Endpoints |
|---|---|---|
| 10001 | Missing Parameters. |
20xxxCustomer
| Code | Message | Related Endpoints |
|---|---|---|
| 20000 | The phone number format is invalid. | |
| 20005 | The specified user could not be found. | |
| 20006 | The initial parameters provided are incorrect or invalid. | |
| 20007 | The Merchant Category Code (MCC) provided is incorrect or not recognized. | |
| 20008 | Registration is temporarily locked due to security or policy restrictions. | |
| 20009 | The request is pending confirmation. Please wait for further processing. | |
| 20017 | There is no pending request associated with the provided Phone Number. |
26xxxPIN / Authentication
| Code | Message | Related Endpoints |
|---|---|---|
| 26001 | The entered PIN is incorrect. | |
| 26004 | A PIN has already been set for this wallet. | |
| 26005 | The provided PIN does not meet the required format (must be a 4-digit number). |
27xxxBeneficiary
| Code | Message | Related Endpoints |
|---|---|---|
| 27000 | The Beneficiary already exists with the same phoneNumber. | |
| 27001 | The Beneficiary does not exist. |
32xxxKYC / Upgrade
| Code | Message | Related Endpoints |
|---|---|---|
| 32000 | An upgrade request is already under review for this account. |
Infrastructure & Security
Environments
Sandbox
https://sandbox.charimoney.comDevelopment and testing. Transactions are simulated.
Production
Communiqué sur demandeLive transactions. Requires prior approval.
API Key Management
You will be assigned a dedicated API key for each environment (sandbox and production). Keys must be included in the Chari-Api-Key header of every request.
IP & Domain Whitelisting
You must share the IP addresses and/or domains that will be used to consume our API. Only whitelisted IPs/domains will be allowed to access the API. If your infrastructure changes, update your IP/domain list with the support team.
How to submit IPs / domains
- 1Provide a list of public IP addresses or domains that will be used to access the API.
- 2Send this information to the support team before attempting API integration.
- 3Any changes must be communicated at least 72 hours in advance so we can update our security rules.
Security & Compliance
- •API authentication is handled using API Keys.
- •Requests from non-whitelisted IPs/domains will be rejected.
- •If an API key is compromised, it must be rotated immediately.
- •Rate limiting may apply to prevent abuse.
- •The production environment requires prior approval and testing in sandbox.
Next Steps for Integration
- 1Request API keys
Contact support to receive your dedicated sandbox and production keys.
- 2Submit IPs/domains
Provide the list of public IPs or domains for whitelisting.
- 3Test in sandbox
Run all your integration tests in the sandbox environment.
- 4Go to production
Once approved, switch to production with your live API key.
You will receive a form to fill out with the necessary elements.