Kobo API
Kobo provisions and manages persistent, identity-linked virtual accounts. Integrators register identities, receive a dedicated virtual account per identity, and consume reconciled transactions, statements, and lifecycle events through this API. Integrators never call Nomba directly.
Conventions for implementers: - All monetary amounts are integers in kobo (the smallest Naira unit), never floats. - All timestamps are ISO 8601 / RFC 3339 in UTC, e.g. "2026-06-30T14:00:00Z". - All resource IDs are UUIDv4 strings. - Pagination uses cursor-based page[cursor] and page[limit] query params, response includes next_cursor (nullable). - Every error response uses the shared Error schema with a stable code field; integrators should branch on code, not on the human-readable message.
Authentication
- HTTP: Basic Auth
- API Key: HmacSignature
- API Key: NombaWebhookSignature
Basic Auth using API Key as the username and API Secret as the password.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | basic |
HMAC-SHA256 signature of the request body plus the X-Kobo-Timestamp header value, signed with the integrator's API secret. Requests with a timestamp older than 5 minutes are rejected to prevent replay.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | X-Kobo-Signature |
Signature provided by Nomba on outbound webhook calls, verified against the shared webhook secret.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | X-Nomba-Signature |
Contact
Kobo Platform Team: