Home
Introduction
Wiza API is an asynchronous plug in once and get multiple business value tools . Wiza API's allows businesses to reduce the number of efforts required to incorporate multiple payment methods or SMS notifications into their business by integrating with one single API. All the settlements are executed by the payment processors within 24 hours time and the money is credited straight to the merchant account, giving the businesses the ability to plan the next day operations, while the SMS notifications are delivered straight away to your customers being it for OTP notifications or that important order confirmation.
Payment Flow
SMS Flow
Host
The sandbox
and production
systems are accessed through the same host. To send requests to a production system use production token
and to user sandbox system use sandbox token
.
The Wiza host name is https://api.wiza.ao
Example:
Payment
- POST
https://api.wiza.ao/v1/hosts/payments
to start new payment request.
SMS
- POST
https://api.wiza.ao/v1/hosts/sms
to start new sms notification request.
Authentication
Businesses simplicity and security is our primary goals and that's why https
connections and bearer API Token
are essential and mandatory through every single connection. Every single business transaction requires a valid header Authorization
parameter.
Authorization: <some-token-generated-at-merchant-portal>
Callback
To tighten even more the security in the response callback to your system we included a signature
header which is constructed using a Signature Token
that only the merchant has access and can be generated at the merchant portal tokens management page. The signature is created (signature token and raw payload body encoded) as per the secure algorithm below and should match the one sent by Wiza.
HexEncode(HMAC-SHA-256(Signature Token, raw HTTP body))
Payments
Request a Payment
curl -XPOST "https://api.wiza.ao/v1/hosts/payments" \
-H "Content-Type: application/json" \
-H "Accept: application/json"
-H "Authorization: eyJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudF9pZCI6IjE3ZDI5ZDZiLWNhNjUtNDc1Ni1hM2UzLTQzOTY0NjI4MWQ5YSIsInRva2VuX2lkIjoiYjc2MWE3ZDYtMmQxNy00OTczLTg5NGYtZTM4ODVlYWYwNzU1IiwidHlwZSI6InBheW1lbnQiLCJleHAiOjE3MjI0NzAzNDB9.o_3z0dqXrk8f68rPeGieeMNpksSpvwSbLYmKDETa4vs" \
-d '{
"amount": "123.45",
"currency": "aoa",
"reference_id": "123456789",
"success_url": "https://where-to-redirect-in-case-of-success",
"failure_url": "https://where-to-redirect-in-case-of-failure",
"callback_url": "https://send-response-here-when-is-completed"
}
HTTP Request
POST https://api.wiza.ao/v1/hosts/payments
Headers
Key | Value | Description |
---|---|---|
Content-Type | application/json | The content type expected |
Accept | application/json | The format type expected by the server |
Authorization | authorization-token |
The bearer authorization token |
Payload
Name | Type | Required | Type | Description |
---|---|---|---|---|
amount | string | yes | payment | The amount that is required for the transaction. |
currency | string | yes | payment | The transaction currency |
customer | string | yes | payment | The customer cellphone or other identification required to request a payment. |
parent_payment_id | string | yes | refund | The parent payment transaction ID the merchant wishes to refund. |
reference_id | string | yes | both | The merchant transaction request unique id. |
success_url | string | no | payment | Wiza APG hosted age is going to redirect to this url after 5 seconds of successful page is presented. The callback to your backend will be fired nevertheless. |
failure_url | string | no | payment | Wiza APG hosted age is going to redirect to this url after a failure and the payment process is canceled. The callback to your backend will be fired nevertheless. |
callback_url | string | yes | both | Wiza APG will call it back as soon the request is completed (accepted or rejected) and will send a (POST) and will stop if get any 2xx status response. |
Response
Status | Meaning | Description |
---|---|---|
303 | See Other | (The payment request was accepted by wiza hosted gateway for processing and you can open the link provided at header location . |
4xx or 5xx | Error | Check the error table below |
Headers
location: https://hosted.wiza.ao/?id=f3c6ff4c-3f05-4ce6-a253-28b871d682ab&nonce=7079db324f4815ceeda498ebb1261f8205721c9864a52071a738db4f7db89a1d
Example of user process
- Select payment methods
- Input phone number
- Wait while it processes
- Finished payment (at this stage the system calls back merchant callback)
When user and the payment processor finishes processing Wiza will call back the provided URL at (callback_url
) with the payload at the confirm the payment section
Confirm the Payment
curl -XPOST "https://merchant-provided-payment-callback-url" \
-H "Content-Type: application/json" \
-H "Accept: application/json"
-H "signature: aoiufsd98f7sdfkjshdf87d6fsdjhgdu6fd90fdf0988fgd" \
-d '{
"id": "f3c6ff4c-3f05-4ce6-a253-28b871d682ab",,
"currency": "aoa",
"amount": "1000.54",
"status": "accepted",
"status_reason": "2000",
"status_datetime": "2023-03-21T15:28:28.355Z",
"currency": "aoa",
"customer": "912123123",
"reference_id": "123456789",
"processor": "gpo"
}
HTTP Request
POST https://merchant-provided-payment-callback-url
Headers
Key | Value | Description |
---|---|---|
Content-Type | application/json | The content type expected |
Accept | application/json | The format type expected by the server |
signature | aoiufsd98f7sdfkjshdf87d6fsdjhgdu6fd90fdf0988fgd |
The signature generated with signature token and raw payload |
Payload
Name | Type | Description |
---|---|---|
id | uuid | Wiza transaction ID |
amount | string | The transaction amount. |
status | string | The transaction status which could be accepted or rejected |
status_reason | string | The transaction status code reason why the transaction was rejected check table for more details. |
status_datetime | string | The time in ISO that the transaction was finalized (accepted or rejected ) |
currency | string | The transaction currency. |
customer | string | The customer cellphone or other identification used to confirm the payment |
reference_id | string | The merchant transaction unique transaction id. |
processor | string | The payment provider used by the customer. |
Response
This callback is a fire and forget. It is the merchant responsability to guarantee the proper endpoint that accepts the callback request
Status | Meaning | Description |
---|---|---|
2xx | Success | The callback was successfully accepted by the merchant system. |
4xx or 5xx | Failed | The callback was not successful and Wiza may try again later |
SMSBeta
Request a SMS
curl -XPOST "https://api.wiza.ao/v1/hosts/sms" \
-H "Content-Type: application/json" \
-H "Accept: application/json"
-H "Authorization: eyJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudF9pZCI6IjE3ZDI5ZDZiLWNhNjUtNDc1Ni1hM2UzLTQzOTY0NjI4MWQ5YSIsInRva2VuX2lkIjoiYjc2MWE3ZDYtMmQxNy00OTczLTg5NGYtZTM4ODVlYWYwNzU1IiwidHlwZSI6InBheW1lbnQiLCJleHAiOjE3MjI0NzAzNDB9.o_3z0dqXrk8f68rPeGieeMNpksSpvwSbLYmKDETa4vs" \
-d '{
"numbers": ["912345678", "912456789"]
"content": "Your awesome message to your awesome customer"
"callback_url": "https://send-response-here-when-is-completed"
}
HTTP Request
POST https://api.wiza.ao/v1/hosts/sms
Headers
Key | Value | Description |
---|---|---|
Content-Type | application/json | The content type expected |
Accept | application/json | The format type expected by the server |
Authorization | authorization-token |
The bearer authorization token |
Payload
Name | Type | Required | Description |
---|---|---|---|
numbers | string | yes | An array of valid phone numbers where you want to deliver the sms message. |
content | string | yes | The sms message content you want to deliver |
callback_url | string | yes | Wiza SMS will call it back as soon the request is completed (accepted or rejected) and will send a (POST) and will stop if get any 2xx status response. |
Response
{
"id": "4fe3972e-3d4d-475e-a0ec-477764064641",
"numbers": ["912345678", "912456789"],
"sent_sms_count": 0,
"content": "Your awesome message to your awesome customer",
"status": "requested",
"requested_at": "12.01.2025 10:15"
}
Status | Meaning | Description |
---|---|---|
202 | Accepted | (The SMS request was accepted by wiza SMS for processing and will be forwarded to the telco operatorwill be forwarded to the telco operator. You can open the link provided at header location to monitor the status. |
4xx or 5xx | Error | Check the error table below |
Headers
location: https://api.wiza.ao/v1/hosts/sms/4fe3972e-3d4d-475e-a0ec-477764064641
SMS Callback
curl -XPOST "https://merchant-provided-sms-callback-url" \
-H "Content-Type: application/json" \
-H "Accept: application/json"
-H "signature: aoiufsd98f7sdfkjshdf87d6fsdjhgdu6fd90fdf0988fgd" \
-d '{
"id": "4fe3972e-3d4d-475e-a0ec-477764064641",
"numbers": ["912345678", "912456789"],
"content": "Your awesome message to your awesome customer",
"status": "sent",
"status_reason": "2000"
}
HTTP Request
POST https://merchant-provided-sms-callback-url
Headers
Key | Value | Description |
---|---|---|
Content-Type | application/json | The content type expected |
Accept | application/json | The format type expected by the server |
signature | aoiufsd98f7sdfkjshdf87d6fsdjhgdu6fd90fdf0988fgd |
The signature generated with signature token and raw payload |
Payload
Name | Type | Description |
---|---|---|
id | uuid | Wiza transaction ID |
numbers | string | An array of valid phone numbers where you want to deliver the sms message. |
content | string | The sms message content you want to deliver |
status | string | The status of the SMS request. |
status_reason | string | The reason code of the SMS request status. |
Response
This callback is a fire and forget. It is the merchant responsability to guarantee the proper endpoint that accepts the callback request
Status | Meaning | Description |
---|---|---|
2xx | Success | The callback was successfully accepted by the merchant system. |
4xx or 5xx | Failed | The callback was not successful and Wiza may try again later |
Sandbox
Payments
When using Wiza payments API with a sandbox token the payment scenarios uses a very specific phone numbers to simulate the successful and rejection transactions status.
The processes for callback, signature and any other requirement specified previously still apply just like it would when using production token.
Scenario | Number | Notes |
---|---|---|
Accepted | 900000000 | This scenario simulates a successful payment confirmation |
Rejected | 900002004 | This scenario simulates a failed payment confirmation because user failed to accept within time limit. |
Rejected | 900003000 | This scenario simulates a failed payment confirmation because user rejected it. |
Rejected | 9xxxxxxxx | In case of the use of any other number this scenario would cover it and always respond with processor error 4000 |
SMS
When using Wiza SMS API with a sandbox token the SMS scenarios uses a very specific phone numbers to simulate the successful and rejection notifications status.
The processes for callback, signature and any other requirement specified previously still apply just like it would when using production token.
Scenario | Number | Notes |
---|---|---|
Sent | 900000000 | This scenario simulates a successful sms notification |
Rejected | 9xxxxxxxx | In case of the use of any other number this scenario would cover it and always respond with processor error 4000 |
Status Codes
Payments
Wiza Payments API uses the following status codes:
Code | Meaning |
---|---|
9000 | Unknown Error / Erro Desconhecido |
4004 | Transaction Expired / Transacção Expirada |
4003 | Processor Unavailable / Processador Indisponível |
4000 | Processor Error / Erro no Processador |
3006 | Amount lower than minimum limit / Valor abaixo do liminte minimo |
3005 | Invalid PIN / PIN Inválido |
3004 | Invalid Confirmation / Confirmação Inválida |
3003 | Request Timed out / Tempo Expirado |
3002 | Rejected by the customer / Rejeitado pelo cliente |
3001 | Insufficient funds / Saldo insuficiente |
3000 | Invalid or disabled account / Conta inválida ou desactivada |
2000 | Successful / Sucesso |
SMS
Wiza SMS API uses the following status codes:
Code | Meaning |
---|---|
9000 | Unknown Error / Erro Desconhecido |
5001 | Processor Unavailable / Processador Indisponível |
5000 | Processor Error / Erro no Processador |
MESSAGE_CONTENT_FIELD_IS_REQUIRED | The field content is missing |
MESSAGE_NUMBERS_FIELD_IS_REQUIRED | The field numbers is missing |
MESSAGE_NUMBERS_FIELD_MUST_BE_ARRAY | The field numbers has to be of a an array eg: ["912123123", "921123123"] |
NOT_ENOUGH_CREDITS | Insufficient credits / Créditos Insuficientes |
REQUESTED | Request submmited and waiting response / Pedido feito e a aguardar resposta |
SUCCESS | Successful / Sucesso |