API Base URL

Environments

Castler provides separate base URLs for two environments:

Testing (UAT): Use this environment to familiarize yourself with the API, test your integrations, and develop your applications.
Production: Use this environment for deploying your applications to interact with live data.

We recommend following these steps:

Start by using the UAT base URL to explore the API, test your calls, and gain confidence.
Once you're comfortable and your code is functioning correctly, switch to the Production base URL to interact with live data.

Base URLs

UAT: https://api-uat.ncome.in
Production: https://api.ncome.in

Generate API Credentials

Log into your Dashboard with appropriate credentials.
Navigate to Settings → API Credentials → Generate Key to generate key for the selected merchant.

API Authorization

This documentation provides guidelines for clients to interact with our APIs using AES encryption securely. Clients must encrypt the request body of POST calls before sending them to our servers. If encryption is not properly applied or the API key is invalid, appropriate error responses will be returned. Successful requests will receive a 200 status code with an encrypted response body.

Encryption Details

Algorithm: AES

Transformation: AES/CBC/PKCS5Padding

Initialization Vector (IV): NC0V0$0T0L030RME

Request Requirements

Headers:

X-Client-Key: API key generated by you from Castler portal.
X-API-Key: xAPI key shared by Castler team
Content-Type: application/json

Body:

The body of the request must be a JSON object, encrypted using the specified AES Configuration and then encoded in Base64.

Error Handling

400 Bad Request: Returned if the request body is not encrypted.
401 Unauthorized: Returned if the API key in the x-client-key header is invalid.
200 OK: Returned if the request is successful, along with an encrypted response body.

By following these guidelines, you can ensure a smooth development and deployment process for your Castler integrations.