Authentication & API Security
The RMO Merchant API uses API Keys to authenticate and authorize requests. Every request must include a valid key in the Authorization header.
API Key Types
API keys can be generated and managed within the Merchant Dashboard.
Security Requirements
-
All requests must be made over HTTPS
-
TLS 1.2 or higher required
-
API keys must be kept secret and never exposed publicly
Recommended Practices
-
Rotate keys regularly
-
Use separate keys for backend vs client systems
-
Restrict keys by IP or environment
-
Store keys securely (environment variables or vault systems)
Related Articles
Introduction to the RMO Merchant API
The RMO Merchant API allows merchants, platforms, and payment partners to securely process transactions across card-present and card-not-present channels using RMO’s unified payments network. This API provides a modern, predictable interface for ...
Processing Payments with PaymentCodes
A PaymentCode is a secure 8-character alphanumeric token created by a Member in the RMO app or portal. PaymentCodes provide a safe alternative to storing card details and are ideal for card-not-present payments. Key Features 8-character randomly ...
Authorize a Transaction
The authorization endpoint checks if a Member has sufficient funds or credit and validates the payment method without moving any money. It is commonly used for: E-commerce pre-auth Hotels Fuel stations Tipping workflows Any flow where final price may ...
Understanding Transaction Types
The RMO Merchant API supports multiple types of monetary transactions. Understanding these types ensures proper integration and reduces payment errors. Authorization Checks whether funds are available. No money moves. Capture Transfers funds after a ...
Refund a Transaction
Refunds allow merchants to return funds to a Member after settlement. Endpoint POST /merchant/v1/transactions/refund Capabilities Full refunds Partial refunds Multiple refunds against a single transaction Refund receipts returned via API Request ...