¶ What is API360?
API360 is a unified integration gateway for digital banking and financial services. It streamlines API consumption, reduces integration time, and provides a scalable, consistent way to exchange data with multiple financial institutions and service providers.
¶ How Services & Endpoints work
API360 organizes its capabilities into Services, each containing multiple Endpoints.
- A Service represents a business function (e.g., Payments, Accounts, KYC).
- An Endpoint is the specific operation you can perform within that service (e.g., "Create Transfer," "Get Account Balance," "Validate National ID").
Each endpoint has its own request/response structure, authentication requirements, and error-handling logic, promoting a modular approach to integration.
¶ API consumption flow
The typical API360 consumption lifecycle consists of:
- Authentication: Use your assigned credentials or token to authenticate through the mandated security protocol (OAuth 2.0/JWT/etc.).
- Request Submission: Send structured requests to the target endpoint using RESTful methods (POST/GET/PUT/DELETE).
- Validation & Processing: API360 validates the payload, checks permissions, then routes the request to the appropriate backend service.
- Response Handling: You receive a standardized JSON response containing data, status codes, and any relevant error messaging.
- Callbacks (if applicable): For asynchronous operations, API360 pushes updates or final results to your configured callback URL.
This flow ensures a consistent and predictable integration experience for all consumers.
¶ Versioning overview
API360 uses versioning to maintain compatibility and enable smooth transitions:
- Major Versions (v1, v2...): Introduce significant changes or new API structures. Breaking changes may occur.
- Minor Versions (v1.1, v1.2...): Include enhancements or new optional parameters without affecting existing integrations.
- Deprecation Policy: Older versions are supported for a defined period before being retired, ensuring partners have enough time to migrate.
Versioning is visible at the endpoint level (e.g., /v1/accounts/balance) and ensures long-term integration stability.
¶ Callback Explanation
API360 uses callback URLs for operations that require more time or external verification. You'll receive notifications when:
- A request is completed,
- A status changes,
- Additional action is needed (e.g., user verification).
You must configure a secure, publicly accessible endpoint to receive these callbacks. Callback payloads are signed or tokenized to verify authenticity and prevent spoofing.
{
"event": "payment.completed",
"transaction_id": "txn_123456",
"amount": 1000,
"currency": "SAR",
"customer": {
"id": "cust_789",
"email": "user@example.com",
"name": "John Doe"
},
"metadata": {
"order_id": "order_456",
"source": "web"
},
"timestamp": "2024-01-15T10:30:00Z"
}{
"event": "payment.completed",
"transaction_id": "txn_123456",
"amount": 1000,
"currency": "SAR",
"customer": {
"id": "cust_789",
"email": "user@example.com",
"name": "John Doe"
},
"metadata": {
"order_id": "order_456",
"source": "web"
},
"timestamp": "2024-01-15T10:30:00Z"
}¶ KYC/KYB rules
API360 enforces Know Your Customer (KYC) and Know Your Business (KYB) compliance rules to meet regulatory requirements.
- KYC applies to individual users and requires personal identity verification.
- KYB applies to companies and requires business documentation and ownership information.
¶ Rules may include:
- Mandatory fields for identity validation
- Document verification requirements
- Allowed customer types per service
- Restrictions based on risk scoring or regulatory policies
Endpoints may not respond with final approvals until KYC/KYB checks are fully completed.
¶ Sandbox vs Production
API360 provides two separate environments: