Zakhir wallet API integration & Sudan OpenFinance

OpenData · OpenFinance · Protocol analysis · Sudan e-wallet

Connect Zakhir wallet balances, transactions and bill payments to your stack — under license

Zakhir is a fully digital Sudanese wallet, licensed by the Central Bank of Sudan, that holds end-to-end retail-payment data: KYC profile, wallet balance, peer-to-peer transfers, agent cash-in/cash-out, Zain airtime top-ups, Zain bill settlements, and electricity purchases. We turn that data into a clean, OpenBanking-style API your back office can consume.

Wallet account & KYC API — Mirror the in-app onboarding (CBOS-aligned KYC/CDD), bind users, refresh sessions, surface verification status for compliance pipelines.

Transaction & statement API — Paginated history of P2P transfers, agent top-ups, Fawri / O-Cash bank funding, bill pay and electricity purchases; export JSON, CSV, Excel or PDF.

Bill payment & airtime endpoints — Programmatic Zain top-ups, Zain bill settlements and electricity purchases for SME billing platforms and remittance front-ends.

What we deliver

Every Zakhir engagement closes with a runnable API package, not just a report. The bundle below is the default; modules can be removed or extended for your scope.

Deliverables checklist

OpenAPI 3.1 / Swagger specification for every exposed endpoint
Protocol & auth-flow report (token chain, refresh, replay protection)
Runnable source for login, statement, bill-pay and airtime APIs (Python & Node.js)
Postman collection plus pytest / Jest integration tests
Excel / CSV / PDF statement exporters with idempotent paging
Compliance briefing aligned with CBOS KYC/CDD and data-minimisation guidance

Two engagement models

Source-code delivery from $300 — receive runnable API source plus full docs; pay after delivery upon satisfaction.
Pay-per-call API billing — call our hosted Zakhir endpoints, pay per call, no upfront commitment; ideal for usage-based products.
Optional managed maintenance: protocol watch, auth rotation, weekly regression run.

Where this fits

Treasury teams reconciling Sudan spend, remittance corridors that route into Sudanese wallets, NGO payouts to displaced populations, ERP add-ons that ingest Zakhir statements alongside Bankak or Bede flows, and analytics products serving merchants accepting Zakhir at the point of sale.

Data available for integration

The table below maps each data class to its source in the app, the granularity available, and the typical downstream use. Use it to scope what your integration actually needs — every field shipped is a field you must protect.

Data type	Source (app surface)	Granularity	Typical use
User profile & KYC status	Onboarding / Profile screen	Per user; verification level, ID type, mobile MSISDN	Identity binding, AML scoring, compliance pipelines
Wallet balance	Home / Wallet screen	Real-time SDG balance, available vs reserved	Treasury dashboards, low-balance triggers, auto-top-up
P2P transfer history	Send / Receive screens	Per transaction: counter-party, amount, channel, status, timestamp	Reconciliation, fraud rules, spend analytics
Agent cash-in / cash-out	Authorized agent flow	Per event: agent ID, region, amount, fee	Agent-network audit, settlement reports
Bank funding events (Fawri, O-Cash)	Top-up via linked bank app	Per top-up: source bank, reference, amount	Cross-rail reconciliation with Faisal Islamic Bank / Omdurman National Bank
Bill & utility payments	Zain bills, electricity purchase	Biller ID, account number, units purchased	Billing portals, NGO disbursement audits, ERP feeds
Mobile airtime top-ups	Recharge module	MSISDN, operator, denomination, ref	Telco bundling, micro-credit eligibility signals

Typical integration scenarios

1. Diaspora remittance reconciliation

Context: a Gulf-based remittance operator pays out into Sudanese Zakhir wallets. Data / API: the /wallet/transactions endpoint returns inbound transfers with reference IDs; webhooks emit a credit.posted event. OpenFinance mapping: aligned with cross-border PISP-style flows — payout initiation upstream, confirmation polling and statement reconciliation downstream against a single canonical ledger.

2. NGO cash-assistance audit

Context: a humanitarian programme distributes aid to displaced households via Zakhir wallets. Data / API: beneficiary KYC status plus per-wallet statement exports keyed by programme cohort. OpenFinance mapping: AISP-style read-only access under explicit consent; data minimised to amount, timestamp and merchant category, with PII tokenised before reaching the donor reporting warehouse.

3. SME bill aggregator

Context: a Khartoum SaaS platform lets merchants pay Zain bills and electricity from one console. Data / API: /bills/zain and /bills/electricity POST endpoints; balance check before submit. OpenFinance mapping: payment-initiation pattern with idempotency keys, merchant-side webhook for asynchronous settlement, and a daily settlement statement pulled via /wallet/statement.

4. Cross-wallet personal finance dashboard

Context: a personal finance app shows users their balances across Zakhir, Bankak and the new Bede wallet. Data / API: normalised account, balance and transaction objects from every connected wallet. OpenFinance mapping: a connector layer that mirrors the spirit of UK Open Banking AISPs — same access-token model, same revocation flow, adapted to Sudan's licensing environment.

5. Agent-network analytics

Context: a fintech operating an authorized-agent footprint wants to see which Zakhir agents drive the most volume by state. Data / API: agent cash-in/cash-out events enriched with geo and fee data. OpenFinance mapping: data-product pattern — raw events ingested via webhook, aggregated nightly, exposed through a private GraphQL endpoint for the operations team.

Technical implementation

The snippets below illustrate the shape of the wrapper API we deliver around the Zakhir app, not Zakhir's internal endpoints. Auth, retries, idempotency and error envelopes are uniform across modules.

Login & session bootstrap

POST /api/v1/zakhir/auth/login
Content-Type: application/json

{
  "msisdn": "+2499XXXXXXXX",
  "device_id": "uuid-v4",
  "otp": "123456"
}

200 OK
{
  "access_token": "eyJhbGciOi...",
  "refresh_token": "rt_8f...",
  "expires_in": 1800,
  "kyc_level": "FULL"
}

Statement query (paginated)

POST /api/v1/zakhir/statement
Authorization: Bearer <ACCESS_TOKEN>
Content-Type: application/json

{
  "wallet_id": "wlt_01HXYZ...",
  "from_date": "2026-04-01",
  "to_date":   "2026-04-30",
  "types": ["P2P", "AGENT_TOPUP", "BILL", "ELECTRICITY"],
  "page": 1,
  "page_size": 100
}

200 OK
{
  "items": [ { "id":"tx_...", "amount":"15000.00", "currency":"SDG",
               "type":"BILL", "biller":"ZAIN", "status":"SETTLED",
               "ts":"2026-04-12T08:31:04Z" } ],
  "next_page": 2,
  "total": 287
}

Webhook: credit posted

POST https://your-app.example/zakhir/webhook
X-Signature: sha256=...

{
  "event": "credit.posted",
  "wallet_id": "wlt_01HXYZ...",
  "tx_id": "tx_01HZ...",
  "amount": "50000.00",
  "currency": "SDG",
  "source": "FAWRI_FAISAL_ISLAMIC",
  "reference": "RMTN-2026-0042",
  "ts": "2026-05-09T19:14:22Z"
}

// Verify HMAC, ack 2xx within 5s, then enqueue.
// Errors return { "error": { "code":"...", "message":"...",
// "retryable": true } } with structured codes.

Compliance & privacy

Regulatory alignment

Zakhir operates under licence from the Central Bank of Sudan (CBOS). Our integrations follow CBOS KYC/CDD identification rules — verification through a national ID, passport or other accepted document — and respect the simplified remote-onboarding rules CBOS has gradually relaxed. We avoid any flow that would conflict with CBOS payment-services circulars or the financial inclusion goals tracked by international observers such as the CGAP commentary on Sudan's financial system.

Data handling

Authorized or documented public channels only — no scraping that breaches the app's terms.
Per-user consent records, with revocation that propagates to caches and warehouses within 24 hours.
Field-level minimisation: PII is hashed unless your downstream legitimately needs it.
Transit TLS 1.2+; at-rest encryption with rotating KMS keys.
Audit trail for every API call: request hash, actor, consent ID, response code.

Data flow & architecture

A typical Zakhir integration is a four-stage pipeline:

Client / Zakhir app surface — protocol-analysed flows (login, statement, bills) replayed under user-authorized credentials.
Ingestion / API gateway — our normaliser exposes a uniform OpenAPI surface, signs webhooks, enforces rate limits and idempotency.
Storage layer — append-only event log (Postgres or BigQuery) plus an aggregated wallet-state table; consents stored separately with TTL.
Outbound API / analytics — REST or GraphQL endpoints, scheduled CSV/PDF statement exports, and dashboards in Looker, Metabase or your existing BI.

Market positioning & user profile

Zakhir targets Sudan's underbanked retail population — a market where, as international reporting in 2024 highlighted, mobile wallets have become a lifeline against cash shortages and conflict-driven branch closures (see The New Humanitarian's feature on Sudan's digital money apps). Primary users are individual Sudanese mobile-number holders on Android, with secondary B2B reach through agent networks and merchant acceptance. Geographically the footprint is Sudan-first, with strong relevance for diaspora corridors in the Gulf, Egypt and East Africa that send money home.

Screenshots

Tap a thumbnail to enlarge.

Similar apps & integration landscape

Sudan's wallet ecosystem is a small graph of overlapping users. Teams that integrate Zakhir typically also need connectors for one or more of the following — listed here purely to map the landscape, not to rank.

Bankak (Bank of Khartoum) — Long-standing app launched in 2014; press coverage in 2024 reported around seven million users. Holds bank-account-linked balances and bill-pay history that operators often want unified with Zakhir wallet flows.

Bede (Zain Fintech) — Launched in April 2025 as a tier-rolled mobile wallet covering money transfers, top-ups, bill pay and merchant purchases. Joint Bede + Zakhir analytics is a frequent cross-wallet integration ask.

O-Cash (Omdurman National Bank) — Bank-affiliated wallet that natively links into Zakhir for bank-to-wallet funding; integration parity matters for reconciliation.

Fawri (Faisal Islamic Bank) — Used to top up Zakhir from a bank account; teams often want both ledgers normalised side by side.

Bravo Sudan Pay — Mobile payment app with a presence on iOS; relevant when building merchant-acceptance dashboards across Sudanese rails.

MyCash — Bank-account-free wallet that has helped widen fintech access in Sudan; useful for diaspora-corridor reach.

RittalPay — Another no-bank-account-required Sudanese wallet often surfaced alongside MyCash in coverage of the country's wartime cash crunch.

Cashi — A biller endpoint frequently appearing inside Bankak's payments catalogue; relevant when cross-mapping bill SKUs across wallets.

About OpenFinance Lab

We are an independent technical studio focused on mobile-app protocol analysis and OpenData / OpenFinance / OpenBanking API integration. The team brings hands-on experience from payment gateways, retail banking, mobile-money platforms across Africa and the Middle East, and high-traffic fintech back-ends. We ship end-to-end financial APIs under licensing, security and compliance constraints rather than one-off scripts.

Mobile money, retail banking, insurtech and cross-border clearing — Sudan, Gulf, East Africa
Enterprise API gateways, security reviews, key-management hardening
Custom Python / Node.js / Go SDKs, Postman collections and test harnesses
Full pipeline: protocol analysis → build → validation → compliance briefing
Source-code delivery from $300 — runnable API source plus full documentation; pay after delivery upon satisfaction
Pay-per-call API billing — access our hosted API and pay only per call, no upfront cost; ideal for usage-based pricing

Contact

For quotes, scoping calls, or to submit your Zakhir / Sudan wallet integration requirements, open our contact page:

Contact page

Typical first reply within one business day. NDAs supplied on request before any sample code is shared.

Engagement workflow

Scope confirmation: which Zakhir surfaces (login, statement, bills, electricity, agent flow) you actually need.
Protocol analysis & API design (2–5 business days, complexity-dependent).
Build & internal validation against a sandbox or shadow account (3–8 business days).
Docs, samples and test cases (1–2 business days).
Typical first delivery: 5–15 business days; partner-bank approvals may extend timelines.

FAQ

Does Zakhir publish a public API?

Zakhir does not currently publish an open developer portal. Integrations rely on documented protocol analysis of the licensed app, customer-authorized account access, and any partner channels exposed through linked banks such as Faisal Islamic Bank (Fawri) and Omdurman National Bank (O-Cash).

What Zakhir data can be exposed via OpenFinance integration?

Account profile, wallet balance, full transaction history (transfers, agent top-ups, bill payments, electricity, Zain mobile recharge), agent network metadata, and bank-link funding events. Each is normalised into JSON and exportable to Excel, CSV, or PDF statements.

How long does a first Zakhir API drop take?

Usually 5 to 12 business days for a working login plus statement endpoint. Adding bill-payment, electricity, or merchant-settlement modules typically extends the timeline by another week, especially when sandbox credentials need to be cleared with a Sudanese partner bank.

Is this compliant with Central Bank of Sudan rules?

We work strictly under customer authorization or documented public/authorized channels, follow CBOS KYC/CDD identity-verification rules, log every consent event, and minimise data retention. NDAs and data-processing agreements are signed when required.

📱 Original app overview (appendix)

Zakhir | زاخر (package sd.zakhir.wallet) is a Sudanese digital wallet built for fast, secure financial transactions and access to essential digital services. It is licensed by the Central Bank of Sudan and positioned as a fully integrated digital wallet — users open an account end-to-end inside the app, with KYC completed online rather than at a branch. The product targets a market where formal banking penetration is low and mobile-first finance has become essential.

Fully digital onboarding and KYC, no branch visit required
Send and receive money between Zakhir wallets
Top up via authorized agents, another Zakhir wallet, or linked bank accounts (Fawri from Faisal Islamic Bank, O-Cash from Omdurman National Bank)
Mobile top-ups across Sudanese networks; Zain bill payments; electricity purchases
Encrypted transport and storage to protect transaction privacy
Currently available on Android for Sudanese mobile numbers
Operates inside a Sudanese fintech landscape that, as of 2025, also includes Bankak, Bede (Zain Fintech, launched April 2025), O-Cash, Fawri, Bravo Sudan Pay, MyCash and RittalPay