Quick Start
Set up authentication and make your first RM API call. All endpoints require a valid HMAC-SHA256 signature and an access token — start here.
Recommended Order
- Read Signature Algorithm — required for every request.
- Get an Access Token.
- Make your first API call.
Prerequisites
▾
Signature AlgorithmHMAC-SHA256 request signing required on every API call.
Verify SignatureValidate incoming webhook payloads from RM servers.
Access TokenObtain OAuth 2.0 tokens via client credentials or authorization code flow.
Sandbox TestingTest cards, FPX, e-wallet, and DuitNow QR credentials for the sandbox environment.