IBIS Payment Gateway - Corporate API Sandbox

Dashboard

Express Port: 3000 Django Port: 8000

Middleman Connection

ACTIVE

Proxying to Django sandbox

Total Transactions Initiated

Saved in local session store

Dynamic QR Codes

Available for collection simulation

Session Activity History

Ref ID / User Ref	Type / Method	Amount	Status	Created At	Actions
No transactions initiated in this session yet. Create some payouts or QR collections to test!

Customer ID *

Account Number *

Start Date *

End Date *

Payment Mode *

Amount (INR) *

Customer ID *

Transaction Password *

Source Account *

Source Branch Name

Destination Account *

IFSC Code *

Beneficiary Name *

Beneficiary Bank Name

Beneficiary Branch Name

Corporate Branch Code *

Batch Transfer List

Assemble multiple transactions to dispatch in a single atomic batch payload.

Merchant ID *

Terminal ID *

Virtual Payment Address (VPA UPI ID) *

Amount (INR) *

Remarks *

Select Transaction for Webhook Trigger

No transactions available in this session. Create a payout or UPI QR transaction first!

Click a transaction from the list to open simulation actions

JWE Encrypted Console & API Headers Log

Console listening for API requests...

OAuth Token Status

No Stored OAuth Token

Middleware will attempt calls without a Bearer header. Run authorization flow to establish security context.

OAuth Control Center

Target Bank Host

Client ID

1. Step One: Authenticate with Canara Bank Connect Bank Account

Redirects to Canara corporate login portal. Enter maker/checker username & password to receive an auth code.

3. Token Maintenance Tools

Gateway Client Status

Django Mode Unknown

Probe to detect.

Auth Header Missing

Configure an API key to authenticate.

Webhook URL Not Set

No URL configured.

Keypair Not Generated

No RSA keypair yet.

Django Base URL

Client Display Name

Recent Webhook Deliveries

No webhook deliveries yet.

One-Shot Setup

Generates a fresh API key, an RSA keypair, a webhook secret, and a webhook URL pointing back at this sandbox. Everything is cached in data/client_config.json so subsequent requests authenticate automatically.

Asymmetric Client↔Server Crypto

End-to-end test of the RSA-OAEP + AES-256-GCM hybrid flow:
• Outbound: we sign the request with our RSA private key — Django verifies with our RSA public key.
• Inbound: Django encrypts the response with our RSA public key — only our RSA private key can decrypt it.

API Key

Current

Paste an existing key (issued by Django admin)

Webhook

Webhook URL (the gateway POSTs here)

Webhook Secret (HMAC-SHA256, 64 hex chars)

RSA Keypair (for signing requests)

The private key is stored only in this sandbox. After generation the sandbox automatically pushes the public key to Django via PUT /api/v1/clients/me/public-key/ so signed requests succeed without any manual copy-paste through Django admin.

Public Key (synced to gateway)

Show private key (sandbox-only)