{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"fb883344-2f15-471f-a5ee-81c38db6cca3","name":"UBA Virtual Account API - Documentation","description":"## **General API information**\n\n#### **Complete API collection for UBA Virtual Account Service with RSA/AES encryption**\n\nThe APIs are fairly RESTFUL and organized around the main services you would be interacting with. You can simply import this collection from the top right of the page into your **Postman**.\n\nThe base url currently sits at:\n\n```\nhttps://ubavirtualaccounts.ubagroup.com\n\n ```\n\n# **Authentication headers**\n\n##### Required Headers for All Requests\n\n#### 1\\. **Authorization Header**\n\n```\nAuthorization: Bearer {sha256_hash_of_merchant_public_key}\n\n ```\n\nIt consists of:\n\n- **Prefix:** \"Bearer \" (with trailing space)\n    \n- **Value:** SHA256 hash of your MERCHANT_PUBLIC_KEY\n    \n\n**Example:**\n\n```\nAuthorization: Bearer a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456\n\n ```\n\n---\n\n#### 2\\. **Signature Header**\n\n```\nSignature: {rsa_signed_payload_hash}\n\n ```\n\nIt involves\n\n1. Converting your JSON payload to a string\n    \n2. Generating a SHA256 hash of the payload string\n    \n3. Signing the hash with your MERCHANT_PRIVATE_KEY using RSA\n    \n\n---\n\n#### 3\\. **SecureToken Header**\n\n```\nSecureToken: {rsa_encrypted_aes_key}\n\n ```\n\nIt involves\n\n1. An AES symmetric key (generated by you, 32 bytes recommended)\n    \n2. Encrypted using RSA with the VAS_PUBLIC_KEY\n    \n3. This encrypted key is used by the server to decrypt your payload\n    \n\n---\n\n#### 4\\. **Content-Type Header**\n\n```\nContent-Type: application/json\n\n ```\n\n**Description:** Indicates that the request body is in JSON format.\n\n**Required For:** All requests\n\n# Payload Encryption & Decryption\n\nAll request and response payloads exchanged with the Virtual Account API are **AES encrypted** to ensure secure data transmission.\n\n### Request Encryption\n\nBefore sending a request to the API, the **JSON payload must be encrypted using AES** with a randomly generated **AES symmetric key**.\n\nSteps:\n\n1. Convert the request body into a JSON string (`json_payload_string`).\n    \n2. Generate an **AES symmetric key**.\n    \n3. Encrypt the JSON payload string using **AES encryption** with this symmetric key.\n    \n4. Set the AES-encrypted payload as the value of the data field in the request body.\n    \n\nExample request body:\n\n```\n{  \"data\": \"{{aes_encrypted(json_payload_string)}}\"}\n\n ```\n\nRequest Payload example:\n\n```\ncurl --location '{{base_url}}/api/v1/virtual/accounts' \\\n--header 'Authorization: Bearer sha256hash(merchantPublicKey)' \\\n--header 'Signature: rsa_signed(sha256hash(json_payload_string))' \\\n--header 'SecureToken: rsa_encrypted(aes_symmetric_key)' \\\n--header 'Content-Type: application/json' \\\n--data '{\n    \"data\": \"{{aes_encrypted(json_payload_string)}}\"\n}'\n\n ```\n\n---\n\n### Response Decryption\n\nThe API response payload follows the **same encryption format** as the request.\n\nExample response body:\n\n```\n{  \"data\": \"{{aes_encrypted(json_payload_string)}}\"}\n\n ```\n\nTo decrypt the response:\n\n1. Retrieve the `data` value from the response body.\n    \n2. Use the **same AES symmetric key** sent in the request to decrypt the payload.\n    \n3. The result will be the **original JSON response payload**.\n    \n\n---\n\n# HTTP Status Codes\n\n| Code | Meaning |\n| --- | --- |\n| 201 | Created: Successful request. |\n| 400 | Bad Request: Invalid request parameters or missing required parameters. |\n| 401 | Unauthorized access due to invalid or missing credentials. |\n| 403 | Forbidden access due to insufficient permissions. |\n| 404 | Not Found: The requested resource was not found. |\n| 5xx | Server Error: An error occurred on the server |","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"42332797","team":242895,"collectionId":"fb883344-2f15-471f-a5ee-81c38db6cca3","publishedId":"2sBXVo98K9","public":true,"publicUrl":"https://docs.ubavirtualaccounts.ubagroup.com","privateUrl":"https://go.postman.co/documentation/42332797-fb883344-2f15-471f-a5ee-81c38db6cca3","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"d42e11"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":"UBA Virtual Account Service developers' documentation"},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":"https://content.pstmn.io/13a06a29-4555-4fea-a8a8-442c4e1b49e9/VUJBX0xPR08ucG5n","colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"d42e11"}},{"name":"light","logo":"https://content.pstmn.io/13a06a29-4555-4fea-a8a8-442c4e1b49e9/VUJBX0xPR08ucG5n","colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"d42e11"}}]}},"version":"8.10.1","publishDate":"2026-03-06T09:45:53.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":"UBA Virtual Account Service developers' documentation"},"logos":{"logoLight":"https://content.pstmn.io/13a06a29-4555-4fea-a8a8-442c4e1b49e9/VUJBX0xPR08ucG5n","logoDark":"https://content.pstmn.io/13a06a29-4555-4fea-a8a8-442c4e1b49e9/VUJBX0xPR08ucG5n"}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/a27a425324c006dd1f53f07becf2d5c16478567dd1dde25001728b716c749aa8","favicon":"https://res.cloudinary.com/postman/image/upload/v1547191824/team/zjhn0lwn04wuxbe90rhq.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://docs.ubavirtualaccounts.ubagroup.com/view/metadata/2sBXVo98K9"}