POST
/
pos

Point of Sales Integration API

Process debit card transactions securely through your Point of Sales terminals.

Process Transaction

Endpoint:
POST /pos

Request Headers:

KeyValue
Content-Typeapplication/json

Request Body:

FieldTypeRequiredDescription
serialNumberstringYesThe serial number of the POS terminal
datastringYesEncrypted transaction data payload

Sample Request

curl --location 'https://corebanking-staging.boldmfb.com/api/pos' \
--header 'Content-Type: application/json' \
--data '{
  "serialNumber": "0001",
  "data": "HzeHFDL1gAr4GZaxW7ZblJPezzakhuzSimacmcZyJMkzCyzn2Ve7kKOKWgKayKUWm"
}'

Data Payload Format

The data field contains an encrypted payload with the following structure:

{
  "accountType": "SAVINGS",
  "amount": "31",
  "cardExpiryDate": "2604",
  "iccData": "9F2608C40DA041DCB67BCE9...",
  "pan": "5061181664130316723",
  "pinBlock": "null",
  "sequenceNumber": "001",
  "cardHolderName": "U./OGHENEKPARHOWHO",
  "aid": "A0000000041010",
  "track2Data": "50611816641303167....",
  "institutionCode": "539983"
}

Encryption Implementation

The payload must be encrypted before sending. Below are examples of encryption implementation in different languages:

public function encrypt($input, $key)
{
    $input = is_array($input) ? json_encode($input) : $input;
    $key = $this->adjustKeyLength($key);

    $input = $this->pkcs5_pad($input, 16); // AES block size is 16 bytes
    $encrypted = openssl_encrypt(
        $input,
        'AES-128-ECB',
        $key,
        OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING
    );

    return base64_encode($encrypted);
}

private function adjustKeyLength($key)
{
    if (strlen($key) < 16) {
        // If key is less than 16 bytes, pad it
        return str_pad($key, 16, "\0");
    } elseif (strlen($key) > 16) {
        // If key is more than 16 bytes, truncate it
        return substr($key, 0, 16);
    }
    return $key;
}

private function pkcs5_pad($text, $blocksize)
{
    $pad = $blocksize - (strlen($text) % $blocksize);
    return $text . str_repeat(chr($pad), $pad);
}

The encryption key should be securely managed and not hardcoded in your application. Contact Bold support for your unique encryption key.

For security reasons, always validate the response after processing a transaction to ensure it was successful.

Body

application/json
serialNumber
string
required

The serial number of the POS terminal

data
string
required

Encrypted transaction data payload

Response

200 - application/json
status
boolean
statusCode
integer
data
object
ProcessGet Provider