MyCAC API integration & OpenBanking Djibouti services

OpenData · OpenFinance · OpenBanking · Protocol analysis

Connect MyCAC accounts, CAC Wallet and CACPAY QR to your back-office — under documented authorization

MyCAC is the next-generation digital banking app from CAC International Bank, the third-largest financial institution in the Republic of Djibouti, serving retail and corporate customers across the Horn of Africa. The data flowing through MyCAC — real-time balances, multi-currency transfers, CAC Wallet ledger entries, CACPAY QR settlements and standing orders — is exactly the structured financial information that ERP, accounting, treasury and risk-control platforms need. Our studio delivers compliant API surfaces and runnable source code that mirror the app's authorization flow without bypassing security.

Account & transaction data: balances, history, standing orders and loan installment schedules.
Wallet & QR data: CAC Wallet ledger and CACPAY merchant settlement events from the 2021 launch onward.
Cross-border data: domestic Djiboutian Franc (DJF) and international SWIFT-style transfer confirmations.

Account login APIs — Mirror the MyCAC authorization handshake (credentials → SMS OTP → device biometric token), expose refresh and revoke endpoints, and bind a stable internal user ID for downstream services.

Statement query APIs — Real-time balance plus paginated transaction history with date-range filters, currency tags and CACPAY/CAC Wallet sub-ledger separation; export to JSON, CSV, Excel or PDF for accounting reconciliation.

Payments & bills — Programmatic mobile recharges, utility bill payments, peer-to-peer transfers via mobile number, and bulk salary file uploads originally introduced for corporate users.

Cards, cheques & loans — Trigger cheque book, debit and credit card requests; pull loan outstanding balances and next-installment due dates for treasury dashboards.

Data available for integration

The table below summarises the structured records MyCAC exposes to its authenticated user, mapped to the MyCAC screen they originate from and the typical OpenFinance use case. All extraction is performed under documented user or merchant authorization — no protocol break is required to obtain the records below.

Data type	Source screen / feature	Granularity	Typical use
Account balance	Home / accounts overview	Real-time per account & currency	Treasury sweep, dashboard tiles, liquidity alerts
Transaction history	Statement / transactions tab	Per-line, paginated, date-ranged	Reconciliation, AML/KYC review, expense reporting
CAC Wallet ledger	CAC Wallet	Per peer-to-peer transfer	Mobile-number P2P analytics, refund matching
CACPAY QR settlements	Scan & Pay / merchant inbox	Per scan event with merchant ID	Merchant payouts, ERP sales sync, POS reconciliation
Bill & airtime payments	Bills / mobile recharge	Per biller, per amount	Subscription audit, cost centre allocation
Standing orders	Standing orders	Schedule + payee + amount	Cash-flow forecasting, automation tests
Loan schedule	Loans	Outstanding + next installment	Risk control, debt-service ratio modelling
Cross-border transfer	International transfer	Per SWIFT-like confirmation	Trade settlement, FX exposure tracking

Typical integration scenarios

1. ERP & accounting reconciliation

An import/export trader in Djibouti Port operates Sage or Odoo and needs every CAC International Bank entry to land in the general ledger nightly. We schedule a job that calls the statement API per account, normalises the tx_id, value_date, amount, currency and counterparty fields, and posts journal entries through the ERP webhook. Failures are retried with idempotency keys keyed on tx_id.

2. CACPAY merchant payout dashboard

A franchised retail chain uses CACPAY merchant QR codes at every till. Our integration listens for scan-and-pay confirmation events, aggregates them per merchant_id and store, and pushes a daily settlement report into the franchise headquarters' BI stack. CAC Wallet refunds are matched back to the original transaction in OpenFinance fashion.

3. Cross-border payroll for diaspora teams

A multinational with staff across Djibouti, Ethiopia and the UAE uses MyCAC's bulk file upload to push monthly salaries. We wrap the file upload in an API that accepts a payroll JSON, validates IBANs and mobile numbers, generates the institution-formatted file, submits it, and exposes a polling endpoint for confirmations — mapping naturally onto OpenBanking payment-initiation patterns.

4. Treasury & liquidity dashboard

A corporate treasurer monitors DJF, USD and EUR positions across MyCAC Corporate accounts. We expose a unified /positions endpoint that returns balance per account and currency, plus a 30-day cash-flow forecast derived from standing orders and known loan installments. The same feed powers Slack alerts when the operating buffer crosses a threshold.

5. Compliance & audit log export

For a regulated client, we deliver an immutable export of every authorized API call — request hash, consent ID, scope, response code and retained field set — into S3 with object-lock. Auditors can then trace exactly which MyCAC records were retrieved, when, and under whose consent, satisfying Banque Centrale de Djibouti and EU GDPR record-keeping requirements.

Technical implementation

Our deliverable centres on three reusable building blocks: an authorization bridge, a statement reader and a CACPAY webhook receiver. Below are pseudo-code sketches; the actual source ships in Python (FastAPI) or Node.js (Express/Fastify), with TypeScript types for every payload.

1. OAuth-style login bridge

POST /api/v1/mycac/login
Content-Type: application/json

{
  "username": "ALICE_DJ",
  "password": "<hashed>",
  "device_fingerprint": "fp_3f9a..."
}

// step 1: trigger SMS OTP via MyCAC
// step 2: confirm OTP, mint internal access_token
// step 3: bind biometric token (face / fingerprint) on next call

Response 200:
{
  "access_token": "eyJhbGciOi...",
  "expires_in": 1800,
  "scopes": ["balance.read","statement.read","wallet.read"]
}

2. Statement query (DJF / USD / EUR)

POST /api/v1/mycac/statement
Authorization: Bearer <ACCESS_TOKEN>

{
  "account_id": "DJ81-CAC-...",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "channels":  ["WALLET","CACPAY","BANK"]
}

Response 200:
{
  "account_id": "DJ81-CAC-...",
  "currency": "DJF",
  "page": 1,
  "items": [
    {
      "tx_id": "TX-2026...A1",
      "value_date": "2026-04-12",
      "amount": -2500.00,
      "channel": "CACPAY",
      "counterparty": "Merchant: Beyti Cafe",
      "balance_after": 184500.00
    }
  ]
}

3. CACPAY webhook + reconciliation

// CAC Wallet / CACPAY scan event delivered to your endpoint
POST https://yourapp.com/hooks/cacpay
X-Signature: hmac-sha256=...

{
  "event": "cacpay.scan.confirmed",
  "merchant_id": "MERCH-00481",
  "tx_id": "CP-2026-...-Z7",
  "amount": 1200.00,
  "currency": "DJF",
  "scanned_at": "2026-05-09T08:14:22Z"
}

// Verify HMAC, idempotency-check tx_id,
// then post to ERP / BI / accounting system.
// On 5xx from downstream, retry with exponential
// backoff up to 24h before alerting ops.

Compliance & privacy

Regulatory alignment

MyCAC is regulated under Djibouti's central bank framework (Banque Centrale de Djibouti, BCD), which supervises all licensed banks including CAC International Bank, BCIMR, Salaam African Bank and Saba African Bank. Our integrations follow BCD guidance on consent, customer-due-diligence record-keeping, and cross-border transfer reporting. For European or UK counterparties we additionally observe GDPR data-minimization and right-to-erasure obligations, and we can apply PSD2-style strong customer authentication (SCA) when a partner bank requires it.

Privacy & data minimization

We retain only the minimum fields needed for the agreed use case, and we strip sensitive identifiers (full PAN, IBAN tail, biometric template) before they leave the trust boundary. Every API call is signed, every response is logged with a consent ID, and every consent is revocable from a single endpoint. NDAs and data-processing agreements are available on request.

Data flow & architecture

The reference pipeline is intentionally short so it is easy to audit:

MyCAC client & CAC backend — the original mobile app remains the source of truth.
Authorization bridge — our edge service handles login + OTP + biometric step-up under the user's consent.
Normalization layer — JSON schemas for accounts, transactions, CAC Wallet, CACPAY events, standing orders and loans.
Storage & analytics — Postgres for ledger-style records, S3/object-lock for audit artefacts, Kafka or webhooks for real-time fan-out.
Customer API / dashboard — your ERP, BI tool, mobile back-end or compliance system consumes the normalised feed.

Market positioning & user profile

MyCAC is built for retail and corporate clients of CAC International Bank, primarily in the Republic of Djibouti and across the Horn of Africa, with a sister product (MyCAC Corporate, package com.cacintbank.cacmobilecorp) for SMEs and large enterprises and a separate MyCAC e-Token / Islamic e-Token for two-factor authentication. The user base skews mobile-first — Android and iOS — and includes diaspora workers transacting between Djibouti, the UAE, France and the broader EU, port-logistics operators in Djibouti Port, retail merchants accepting CACPAY QR payments, and corporate treasurers using bulk file uploads for payroll. The result is a relatively high-value, structured feed: every transaction tends to carry a clear counterparty and a regulated currency, which makes MyCAC an attractive integration target for OpenFinance and OpenBanking platforms looking to extend coverage into the Horn of Africa.

Screenshots

Click any thumbnail to view the full-resolution screen. These shots illustrate the MyCAC surfaces our APIs can read or trigger under user consent.

Similar apps & integration landscape

MyCAC sits inside a broader Horn of Africa and Red Sea digital-finance ecosystem. Customers and merchants frequently move money between MyCAC and the apps below; teams that adopt our MyCAC integration generally also need a unified view across one or more of these neighbours. We list them as part of the integration landscape, not as competitors.

BCIMR Connect

The mobile app of Banque pour le Commerce et l'Industrie – Mer Rouge, the largest bank in the Horn of Africa with roughly 45% market share in Djibouti. Holds account, statement and transfer data that pairs naturally with MyCAC for treasury aggregators.

Salaam African Bank

An Islamic banking institution active in Djibouti since 2008, offering POS, mobile and online banking plus the WAAFI mobile wallet — a typical Sharia-compliant counterpart to MyCAC for unified P2P transfer reporting.

Saba African Bank

One of three fully-fledged Islamic banks in Djibouti, established in 2006. Customers often hold side-by-side accounts with CAC International Bank, making cross-bank statement export a recurring integration request.

WAAFI mobile wallet

Salaam African Bank's wallet, interoperable with Djibouti Telecom's D-mobile. WAAFI ledger entries pair with CAC Wallet entries to give a complete picture of mobile-money flows in the country.

D-money / D-mobile (Djibouti Telecom)

Djibouti's telco-led mobile wallet. Frequently appears on the counterparty side of MyCAC transfers, so unified de-duplication is helpful for analytics and AML.

telebirr (Ethiopia)

Ethio Telecom's mobile-money platform, reporting around 72 million users by mid-2025. Cross-border traders along the Djibouti–Addis corridor often need MyCAC and telebirr movements unified for reconciliation.

CBE Mobile Banking (Ethiopia)

The Commercial Bank of Ethiopia mobile app, a major counterpart for cross-border SWIFT and trade flows out of Djibouti Port — a common neighbour to MyCAC in regional treasury stacks.

East Africa Bank

A regional player offering retail and corporate banking; users sometimes maintain parallel accounts to access different correspondent networks alongside CAC International Bank.

CAC MobileNet

The legacy CAC online-banking front-end (package cac.mobile.net). Many corporate users still operate it alongside MyCAC, so a small bridge keeps both data streams aligned.

MyCAC Corporate & MyCAC Islamic e-Token

Companion apps from the same publisher: MyCAC Corporate adds Trade Finance (letters of credit, letters of guarantee) and bulk salary uploads; the e-Token apps deliver TOTP-style two-factor authentication that integration scripts can emulate under explicit user consent.

What we deliver

Deliverables checklist

OpenAPI / Swagger specification for every endpoint we ship
Protocol & auth flow report (login, OTP, biometric, token refresh)
Runnable source for login, statement and CACPAY webhook in Python or Node.js
Sample payloads for DJF, USD and EUR transactions
Postman collection plus end-to-end automated test suite
Compliance dossier: BCD-aligned consent, GDPR record-keeping, NDA template

Engagement workflow

Scope confirmation: pick the data scopes (login, balance, statement, CAC Wallet, CACPAY, loans).
Protocol analysis & API design (2–5 business days).
Build & internal validation against sandbox or authorized live data (3–8 business days).
Documentation, samples and automated tests (1–2 business days).
Hand-off, security review and warranty window for fixes.

Typical first delivery: 5–15 business days. Real-time CACPAY webhooks or cross-bank stacks may run longer.

About us

We are an independent technical studio focused on mobile-app protocol analysis, OpenData and OpenFinance integrations. Our engineers come from retail and corporate banking, payment gateways, mobile-money operators and cloud security, and we have shipped integrations covering UPI, PIX, SEPA, SWIFT, GCC bank apps and a growing portfolio of Horn of Africa institutions including CAC International Bank, BCIMR and Salaam African Bank counterparts.

Full pipeline: protocol analysis → API design → build → validation → compliance
Custom Python / Node.js / Go SDKs and test harnesses
Source code delivery from $300 — runnable code plus full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted MyCAC API and pay only per call, no upfront cost
Security reviews, threat models, NDAs and DPAs available on request

Contact

Tell us the target app (MyCAC), the data scopes you need (CAC Wallet, CACPAY, statements, standing orders, loan schedule) and the delivery model (source code or pay-per-call). We reply with a fixed quote and a delivery plan.

Contact page

FAQ

What do you need from me to start a MyCAC integration?

The MyCAC package ID (com.cacintbank.cacmobile), the data scope you need (transactions, CAC Wallet balance, CACPAY merchant settlement, standing orders, loan schedule), and any authorized customer credentials or sandbox access provided by CAC International Bank.

How long does a MyCAC API delivery take?

A first runnable drop covering OAuth login plus statement export typically takes 5–12 business days. Adding CACPAY merchant settlement, cross-border SWIFT confirmations, or corporate trade finance can extend the timeline to 3–4 weeks.

How do you handle Djibouti banking compliance?

We work under documented authorization from the account holder or merchant, follow Banque Centrale de Djibouti (BCD) guidance, log every consent, minimize retained fields, and align with GDPR for EU-resident counterparties. NDAs are available on request.

Can you integrate CACPAY QR payments into our merchant stack?

Yes. We deliver CACPAY QR generation, scan-and-pay confirmation webhooks, and reconciliation against CAC Wallet ledger entries, including CSV/Excel export for accounting and ERP systems.

📱 Original app overview (appendix)

MyCAC next generation is the official mobile banking app of CAC International Bank in the Republic of Djibouti. The bank, which opened in 2008–2009, has grown into the third-leading financial institution in the country and continues to expand digital services for retail and corporate customers across the Horn of Africa. MyCAC is the consumer face of that strategy and is positioned by the bank as a more personalized, easy, secure and intuitive way to keep clients on top of their finances.

Onboarding flow. A new user enters their MyCAC login credentials, keys in the OTP number received via SMS, enables face scan or fingerprint authentication so that only they can access the account, and is then ready to bank anywhere, anytime.

Key features published by the bank:

Monitor account balances and transaction history in real time.
Transfer funds using a mobile number via the CAC Wallet.
Pay utility bills and recharge mobile credit effortlessly.
Manage spending and access budgeting tools.
Scan and Pay with CACPAY and other QR payments (CACPAY launched 2021).
Latest encryption and authentication protocols for every session.
Local and international transfers in just a few taps.
Request cheque book, credit and debit cards.
View loan details, outstanding amounts and the next installment date.
Set up, edit and delete standing orders.
Find your nearest CAC branch or ATM.

Companion apps. CAC International Bank publishes a small family of complementary apps: MyCAC Corporate (com.cacintbank.cacmobilecorp) for SME and enterprise users, with Trade Finance and bulk file uploads for salary disbursement; MyCAC e-Token and MyCAC Islamic e-Token for two-factor authentication; CAC Pay for QR-based payments; and the legacy CAC MobileNet web/mobile front-end. Together they cover personal banking, corporate banking, secure authentication and merchant acceptance under one CACPAY-branded umbrella.

Feedback channels. The bank invites feedback at info@cacintbank.com and via WhatsApp at +253 77 39 39 39, signalling an active product-development cycle. The information above is summarised from publicly listed app-store and bank-website material; this page is independent and exists to describe technical integration positioning, not to claim affiliation with CAC International Bank.