Skip to main content
POST
/
api
/
v1
/
payment
/
verify-card
BODY='{"card_serial":"OLIV0001","pin":"1234"}'
TIMESTAMP='2026-03-10T12:00:00Z'
SIGNATURE=$(printf 'POST\n/api/v1/payment/verify-card\n%s\n%s' "$TIMESTAMP" "$BODY" | openssl dgst -sha256 -hmac "$OLIVE_HMAC_SECRET" -hex | sed 's/^.* //')

curl -X POST "https://olive-gateway-a6ba.onrender.com/api/v1/payment/verify-card" \
  -H "X-API-Key-ID: $OLIVE_API_KEY_ID" \
  -H "X-Timestamp: $TIMESTAMP" \
  -H "X-Signature: $SIGNATURE" \
  -H "Content-Type: application/json" \
  -d "$BODY"

{
  "success": true,
  "message": "Card verified successfully",
  "is_active": true,
  "balance": "48,500.00 SLE",
  "holder_name": "John Doe"
}
Used before a payment to verify the card and fetch the holder name and current balance.

​
Request

​
X-API-Key-ID
string
required
API key ID assigned to the integration
​
X-Timestamp
string
required
RFC3339 timestamp used in the HMAC signature
​
X-Signature
string
required
Hex-encoded HMAC-SHA256 of the request

​
Body Parameters

​
card_serial
string
required
Card serial number
​
pin
string
required
Cardholder 4-digit PIN

​
Response

​
success
boolean
Whether verification succeeded
​
message
string
Verification result message
​
is_active
boolean
Whether the card is active
​
balance
string
Formatted available balance
​
holder_name
string
Card holder display name

​
Example

BODY='{"card_serial":"OLIV0001","pin":"1234"}'
TIMESTAMP='2026-03-10T12:00:00Z'
SIGNATURE=$(printf 'POST\n/api/v1/payment/verify-card\n%s\n%s' "$TIMESTAMP" "$BODY" | openssl dgst -sha256 -hmac "$OLIVE_HMAC_SECRET" -hex | sed 's/^.* //')

curl -X POST "https://olive-gateway-a6ba.onrender.com/api/v1/payment/verify-card" \
  -H "X-API-Key-ID: $OLIVE_API_KEY_ID" \
  -H "X-Timestamp: $TIMESTAMP" \
  -H "X-Signature: $SIGNATURE" \
  -H "Content-Type: application/json" \
  -d "$BODY"

{
  "success": true,
  "message": "Card verified successfully",
  "is_active": true,
  "balance": "48,500.00 SLE",
  "holder_name": "John Doe"
}

​
Errors

StatusCodeDescription
400Validation or business errorInvalid payload, unknown card, blocked card, or bad PIN
401HMAC auth errorMissing/invalid X-API-Key-ID, X-Timestamp, or X-Signature
500Internal errorServer error

Authorizations

​
Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

​
X-API-Key-ID
string
required

API key ID assigned to the integration

​
X-Timestamp
string
required

RFC3339 timestamp used in the HMAC signature

​
X-Signature
string
required

Hex-encoded HMAC-SHA256 of the request

Body

application/json
​
card_serial
string
required

Card serial number

​
pin
string
required

Cardholder 4-digit PIN

Response

200 - application/json

Response 200

​
success
boolean

Whether verification succeeded

​
message
string

Verification result message

​
is_active
boolean

Whether the card is active

​
balance
string

Formatted available balance

​
holder_name
string

Card holder display name