# FAQs {% tabs %} {% tab title="BEGINNER" %}

BaaS (Banking-as-a-Service)

A digital product where banks expose their financial services, e.g., via APIs, H2H, etc., so third-party developers can build applications on top of them.

API Banking

The secure, authorized sharing of financial data, services, and functionalities (payments, transfers, account management, ID verification, etc.) through programmatic interfaces instead of traditional bank portals. It acts as a digital bridge, allowing external software to directly access banking functions without needing the bank's own app.

MSB – Money Services Business

A regulatory classification (common in Canada, U.S., and other jurisdictions) for non-bank financial institutions that provide services such as money transmission, currency exchange, check cashing, or stored value issuance. Equivalent licensing categories may exist under different names in other countries.

MRP – Money Remittance Provider

An entity licensed by CBK to facilitate domestic and/or cross-border fund transfers on behalf of customers. In other jurisdictions, this category is called MTO (Money Transfer Operator) or falls under a broader payments/remittance license.

PSP – Payment Service Provider

A licensed institution that enables businesses to accept and process payments (cards, bank transfers, wallets, etc.) without needing to become financial institutions themselves.

DCP – Digital Credit Provider

A regulated lender that offers credit through digital channels (e.g., mobile or online platforms).

LONO — Letter of No Objection

A formal document issued by a regulator (usually CBK) confirming that it has no objection to a proposed activity, partnership, product launch, or integration.

Whitelisting

The process of allowing only approved accounts or endpoints to access a service or API for security/compliance purposes.

POP (Purpose of Payment)

A document, receipt, or digital confirmation justifying the legitimacy of a transaction.

Callback URL

A URL provided by the BaaS partner to receive asynchronous notifications from our APIs when an event occurs (e.g., transaction result notification).

PesaLink

A Kenyan interbank transfer service that allows instant money transfers between accounts in different banks.

PesaLink Sponsorship

A model that allows us to provide unlicensed BaaS customers with access to PesaLink services at subsidized transaction costs.

Rail

A payment network or infrastructure that facilitates the movement of money between accounts, banks, or systems.

Embedded Finance

Integrating financial services (payments, lending, insurance, etc) directly into other platforms or apps.

API Signing

A security mechanism where API requests are digitally signed to verify authenticity and integrity.

Base URL

The root URL for accessing an API’s endpoints in either sandbox or production environments.

Remittance

Transfer of money from one party to another, often across borders.

Who is BaaS meant for?

Payment service providers, fintechs, finance startups, really anyone who wants to hold and move money.

What do I need to be a Choice Bank customer?

Please contact our branch operations team; they'll get you started. See their contacts [here](https://kgegjwnjseu.sg.larksuite.com/file/VSvfb1BssoIF6gxjpNBlAPIBgkb).

What do we need to use BaaS?

Any client-facing digital product meant to hold and/or move money or any suchlike use-case would a suitable candidate for for BaaS. See our contacts [here](https://kgegjwnjseu.sg.larksuite.com/file/WD4Xb77JUo9wOBxwvQ2lZNUdgdc).

What is the process of opting into BaaS?

Use-case alignment > Technical kick-off > Sandbox testing > Go-live

Where can I study your APIs?

See our [GitBook](https://choice-bank.gitbook.io/) documentation.

What kind of services/functionalities does BaaS consist of?

We offer BaaS under three main [models](https://kgegjwnjseu.sg.larksuite.com/file/X8okbuc7no91eyxL1Ifl96SJgAc): Virtual Account, Sub-account, and IMT - the first two allow you to onboard you customers with VAs further allowing you to pass on the same to your own customers, and IMT focusing on international transfers-out. Your particular use-case and licenses will best determine which one suits your use-case.

Which payment channels/methods do you support?

See full list [here](https://kgegjwnjseu.sg.larksuite.com/file/NoyRbP89NoDR0LxwvnFlS7xmgVf).

Do you offer 24/7 support?

No, as a bank we operate only during working hours (8am to 4:30pm EAT), but off-hours support is available in cases of serious downtimes.

Must I onboard my business using its official registered name?

Yes, this is mandatory for merchants coming on as business customers and SME onboardings via API.

Is proof of license application acceptable?

Yes, certain features/exemptions are available if you can provide evidence of an active application process for the requisite license.

For BaaS, how long can I expect integration and testing to take?

This depends on your tech team’s availability and the sophistication of your use-case, but based on past integrations, the whole sandbox stage typically takes 1–2 months.

Can we get a free BaaS trial?*

It's not standard practice, but yes, this can be negotiated for up to one month, subject to deliberation with your account manager.

What is Choice Bank's bank code?

46 (for SWIFT: 82)

Do you have a collection of your APIs?

Yes, this is available and will be provided once you're signed up.

Can we open accounts ourselves?

The procedure for all account types is: lodge a request for account creation (standard or API onboarding), which we then act on once all requisite details/documents are submitted and validated.

Can approval flows be customized?

Yes. Approval flows can be configured based on the transaction amount and the desired sequence of approvers, allowing flexibility to match operational requirements.

What approval modes are supported for Internet Banking and how do they work?

The system supports five approval modes: * **No Approval Required** — transactions are processed automatically upon submission with no review. * **Sequential & Amount-based** — approvals are required only when a transaction exceeds a defined amount, and each approver must act in a fixed sequence. * **Non-sequential & Amount-based** — approvals are required above a threshold, but approvers can act in any order simultaneously. * **Sequential & Non-amount-based** — all transactions require approval in a fixed sequence regardless of amount. * **Non-sequential & Non-amount-based** — all transactions require approval, but approvers can act in any order simultaneously, regardless of amount.

What happens if a transaction is rejected during approval?

If a transaction is rejected, it is halted and will not be processed unless it is resubmitted or modified according to the configured workflow.

{% endtab %} {% tab title="SANDBOX" %}

What do we need to get into sandbox?

API sandbox keys: \``sender`\` and \``senderKey`\`, which should be kept private at all times. Please contact your account manager for access.

Which features should I test first?

This depends on your particular use-case, but the standard starting point is to onboard yourself as an SME client, which marks access to our APIs.

How do I authenticate into APIs?

We have a robust authentication algorithm using **plain SHA-256** encryption and your private key (i.e., `senderKey`) to allow secure access to our API banking features.

What type of accounts do you offer under BaaS?

Two main types: personal and business. * Personal**:** **Wallets** and **current** accounts * Business**:** **Merchant** and **SME** accounts All business customers, including non-BaaS ones, have merchant accounts. Except for merchant accounts, all other account types are onboarded via API.

What's the difference between a wallet and a current account?

Wallets: Maximum daily transaction volume: KES 20,000, Maximum holding capacity: KES 300,000, require national ID and selfie. Current accounts have no transaction limits (though standard channel [limits](https://kgegjwnjseu.sg.larksuite.com/file/NoyRbP89NoDR0LxwvnFlS7xmgVf) apply) and require KRA PIN certificate in addition to the ID and selfie.

What's the difference between an SME and a merchant account?

SME accounts can only be created via API; merchant accounts can be created via standard onboarding procedures.

What sort of features do you offer via API?

APIs allow you to: onboard accounts, make transfers, validate recipients via Hakikisha, monitor statuses at all stages, close accounts, pull transactions by account number, activate dormant accounts, update signatory info (phone, email), amend KYC, edit account names, push STK prompts to Mpesa holders, execute FX transfers, pay for utilities (airtime, KPLC, water), and much more.

Are there any differences between sandbox and production?

Sandbox differs lightly in terms of which third-party PSP has granted us access to their test environments. Example: \ Mpesa UAT - available \ PesaLink/RTGS/SWIFT/Airtel Money UAT - unavailable, integrations ongoing

Will your APIs accept dummy documentation just for testing purposes?

Yes, when testing, you don't need to pass real documentation.

Do you offer callback notifications?

Yes. See the procedure for setup and templates for all callback notifications [here](https://choice-bank.gitbook.io/choice-bank/notifications/callback-configuration#setup-your-webhook).

Do you support dynamic accounts?

No, accounts are static; they cannot be closed at a predefined time or change account numbers.

Can we freeze/reverse transfers?

Yes. We offer a [reversal](https://choice-bank.gitbook.io/choice-bank/transfer/new-features#apply-for-transaction-reversal) API, and our operations team can act on problematic accounts/transfers.

How long do transfers take to process and complete?

Depends on the payment method used. See full TATs [here](https://kgegjwnjseu.sg.larksuite.com/file/NoyRbP89NoDR0LxwvnFlS7xmgVf).

Which FX account-currencies and conversion-pairs do you support?

Accounts : KES, TZS, UGX, USD, EUR, GBP, and CNY \ Pairs: USD/KES, EUR/KES, GBP/KES, KES/TZS, KES/UGX, KES/RWF, GBP/USD, EUR/GBP, and EUR/USD

How often do your FX rates refresh?*

Every 6 hours.

How do I do an FX transfer?

\- Merchants: via [Internet Banking](https://business.choicedigitalbank.com/login) portal or our dedicated OTC FX team.\ \- BaaS customers can also use our [FX](https://choice-bank.gitbook.io/choice-bank/transfer/foreign-exchange) API.

Do we need to use real money for transfers test?

Yes.

How do I deposit money into my sandbox account for transfer tests?

Use our sandbox Mpesa [Paybill](https://choice-bank.gitbook.io/choice-bank/deposit/deposit-from-m-pesa#paybill-deposit) 4101847, with the account number being the test account you want to deposit into.

How long do I have to validate OTP?

20 or 30 minutes depending on the API. If the validation window passes before confirmation, the onboarding/transfer will fail.

Why are onboardings going to manual review?

Sandbox onboardings go to manual review by design. In production, if docs/details are correct, most onboardings pass automatically; worst-case KYC-flagged cases: 24 hours.

How long will it take to return an account number once onboarding is complete?

Typical case: 1 - 2 minutes for personal account onboardings. Worst-case (almost always SME onboardings): 24 hours for KYC-flagged or personal account onboardings.

What applications/know-how do I need in order to test Choice Bank's APIs?

\- API client (Postman, curl) \ \- Understanding HTTP requests (methods, headers, parameters, JSON responses) \ \- Authentication (API keys, tokens, signatures) \ \- Parsing status codes and error messages

How many business accounts can I have?

\- Merchant and parent-SME: max 10 KES accounts + 1 of each foreign currency \ \- Virtual/sub-accounts: max 50 (can be increased with justification)

Can you increase the number of accounts I can have?

\- Merchant accounts: No, this is fixed\ \- Parent-SMEs and VAs/sub-accounts: Yes, with justification

How long after validating OTP do I have to complete an onboarding?

3 working days.

How many times can I use one phone#/ID# for onboardings?

\- Personal accounts: only once per phone/ID \ \- SME accounts: unlimited uses of the same phone number

What do I do if I haven't received an OTP?

Resend using `/common/sendOtp` API or the dedicated [resend](https://choice-bank.gitbook.io/choice-bank/otp/confirm-otp#universal-resend-otp) API.

What do I do if subsequent attempts to send an OTP fail?

Try the alternative delivery option (SMS or email). If this fails, contact BaaS [support](mailto:baas-support@choice-bank.co) immediately.

What is the sequence of endpoints for onboardings?

See flows for [current](https://choice-bank.gitbook.io/choice-bank/account/current-account#steps) accounts, [wallets](https://choice-bank.gitbook.io/choice-bank/account/wallet-account#steps), and [SME](https://choice-bank.gitbook.io/choice-bank/account/sme-account#steps) accounts.

I'm getting a transaction/API error - what does it mean?

For transaction errors, see the full list [here](https://kgegjwnjseu.sg.larksuite.com/wiki/AEi6w0bSCixlVlkl6rFlHMQJgRd); for API response codes with descriptions, see [here](https://kgegjwnjseu.sg.larksuite.com/wiki/Ts2twWMTNirFv3kpSlnl9YFxgYg).

What do I need to get whitelisted?

Please contact the BaaS [team](mailto:baas-support@choice-bank.co) team via work lines or support email with API whitelist request + use-case justification.

What can I and can't I test on sandbox?

Most APIs are available. Exceptions: Transfers to/via Airtel Money wallets, PesaLink, RTGS, and SWIFT.

To which banks can I do a PesaLink transfer?

Once live, you can do bank-to-bank transfers to all PesaLink-supported [banks](https://pesalink.co.ke/our-partners).

Which KYC will I need to submit for the various account types?

\- **Wallets**: national ID + selfie photo\ \- **Current accounts**: ID + selfie photo + KRA PIN certificate \ -See hyperlinked KYC requirements for [merchant](https://kgegjwnjseu.sg.larksuite.com/file/DcIGbAVQAognhRx1RKElxLIUg7b) and [SME](https://choice-bank.gitbook.io/choice-bank/account/sme-account#documents) accounts.

Do you send payout-receipts/notifications to end-users?**

For API-driven payouts, we don't send out SMS notifications to the payee by default - we offer you the **option** to pass the recipient's number as `payeemobilefornotification` parameter. See a detailed list of SMS notifications + templates here.

What's the minimum/maximum amount I can send?

This depends on the digital product used (i.e., whether IB or via API). Minimum amount for internal transfers done via API is KES 0.01; on IB, as is with M-pesa payouts, it's KES 10; for STK pushes it's KES 1. For maximum amounts, please refer to wallet limits and payment method limits document [here](https://kgegjwnjseu.sg.larksuite.com/file/NoyRbP89NoDR0LxwvnFlS7xmgVf).

Why are we getting a "500" error response when sending a request payload?

This indicates a typographical error in the `base-url/endpoint` string you're calling. Please confirm this is correct then retry.

Do you have algorithms to help automate signing?

Yes, see [here](https://n05mxbyps1.feishu.cn/docx/doxcn1hNwn1s7aZ7ZQOaYkJzi1W) a Java implementation for generating a signature based on our authentication [procedure](https://choice-bank.gitbook.io/choice-bank/getting-started/authentication#sign-the-request).

Can you give us test accounts for all payment channels?

We provide **payee** test accounts for mobile money and internal transfer tests. Payer accounts must be your onboarded accounts.

I sent in wrong onboarding details - can I amend them?

Yes, via our Submit/Pullback [API](https://choice-bank.gitbook.io/choice-bank/account/sme-account/onboarding#submit-pull-back-onboarding-request). You can also, via API, change or add a new [phone](https://choice-bank.gitbook.io/choice-bank/account/account-management#phone-number-change-v2) number or [email](https://choice-bank.gitbook.io/choice-bank/account/account-management#add-email) address to an account after the fact.

Can we close a personal account to free up phone numbers?

We offer an API that enables you [close](https://choice-bank.gitbook.io/choice-bank/account/current-account/closing-individual-account) personal accounts, and another that enables you to cancel business onboardings. **Note**: phone number remains tied and cannot be reused for new personal onboardings.

Do you have one API that handles all payment channels in one call?

Our [General Transfer](https://choice-bank.gitbook.io/choice-bank/transfer/general-transfer/api-reference#request-for-transfer) API handles most use cases, though not all. Separate APIs exist for different payment channels to tailor functionality per rail and allow easier future improvements.

Can funds held earn interest?

Yes. With our new savings product, funds under your BaaS channel can earn daily, weekly, or fixed-term interest - please contact your account manager to arrange for a savings plan.

Who receives the interest earned?

Interest can be retained entirely by the partner or shared with end-users, depending on the agreed setup.

Are interest rates fixed and regulated?

Rates for instant-access funds are reviewed quarterly. Fixed-term rates are determined separately. Interest-bearing products are governed by Central Bank of Kenya regulations.

How is interest calculated when shared with users?

Users earn interest based on their individual wallet balances, while the partner’s return is calculated on the total pooled balance. **4. What are the current interest rates?**\ Rates vary by balance tier: | Balance Tier | Rate (PA) | | ------------ | --------- | | 100K – 5M | 3% | | 5M – 25M | 3.5% | | 25M – 50M | 4% | | 50M+ | 4.5% |

How long do CNY transfers take?

Processing time varies depending on transaction amount, regulatory checks and correspondent bank processing, but it typically ranges from less 5 minutes to worst-case 4 hours. See availability and TATs for CNY transfers [here](https://kgegjwnjseu.sg.larksuite.com/file/FKx3bRqg5oWpoQxmkPAlBnMHgrc).

What is required to initiate a CNY transfer?

You must provide the beneficiary’s full bank details, purpose of payment, and any supporting documentation required for compliance review.

{% endtab %} {% tab title="PRODUCTION" %}

Why is the BaaS dashboard not reflecting all my transaction data?

The dashboard is designed to display a quick summary of transactional activity for all accounts under your BaaS channel in the last 24 hours, not all-time.

Why do you require PoP documentation for pay-ins?

Purpose-of-Payment documentation is mandatory for transfers of KES 1,000,000 (or USD 10,000 equivalent) and above. This is a standard compliance/AML measure for large volumes.

What are Levels I, II, and III in Internet Banking?

Tiers of access privileges for an Internet Banking (merchant account) user/admin\ \- Level I: Most privileged \ \- Level III: Least privileged

Can you whitelist our IP?

No, we no longer whitelist IP addresses. Whitelisting applies to actual account numbers or BaaS channels.

How many account administrators can I add to my SME accounts?*

There is no limit.

Can you send OTPs to international phone numbers?*

Yes.

Which licenses do we need for the virtual account BaaS model?

A DCP license will do, or any other license that allows your organization to hold customer funds.

Why are we getting "system error/busy" on IB/BaaS portal?

Temporary bandwidth lag caused by many users making simultaneous calls to a resource. If it persists for more than 2 minutes, contact BaaS [support](mailto:baas-support@choice-bank.co) immediately.

Are the parameters of the string data type case-sensitive?

Yes.

Can we switch our BaaS model after going live?

Yes, after contractual discussions with your account manager.

Can we use one callback URL for both sandbox and production?

Technically yes, but strongly discouraged. Both environments use the same format for notifications, which can lead to confusion and erroneous transactions.

Are there any special API formatting conventions we should know?

Yes. Mobile numbers will accept only the nine-digit number, i.e., without the 254 or 0 prefix. Also when flattening payloads, arrays should be denoted with square brackets (e.g., `array[0].field`), and empty parameters must still be included as `param={}`. All other details/conventions have been documented in our [documentation](https://choice-bank.gitbook.io/).

Who do we contact to begin the account opening process?

Please contact our branch operations team; they'll get you started; see their contacts [here](https://kgegjwnjseu.sg.larksuite.com/file/VSvfb1BssoIF6gxjpNBlAPIBgkb).

Will an external recipient be notified of an incoming, API-initiated payout?**

Only if you pass the recipient's number as `payeemobilefornotification` param. See a detailed list of SMS notifications + templates here.

Which APIs require prior whitelisting?*

Merchant Bulk Transfer, Internal Transfers without OTP, Internal Transactions by Batch, and Callback 0020.

Can our accounts receive deposits via Paybill?

Yes. Every live Choice Bank account can receive deposits using Mpesa [Paybill](https://choice-bank.gitbook.io/choice-bank/deposit/deposit-from-m-pesa#paybill-deposit) 444174.

Which account status indicates successful opening?

Status 3 or 7.

How can we track transactional activity of our onboarded/child accounts?

Check the Transactions pane in your BaaS dashboard.

Which callbacks should we track for pay-ins and payouts?

For merchant accounts, callbacks 0022 and 0004. For other API-onboarded accounts, track callbacks 0002 and 0003. See full list [here](https://choice-bank.gitbook.io/choice-bank/notifications/callback-configuration#notifications).

We received duplicate callbacks - how can we fix this?

Please confirm first via `notificationType` parameter that they're indeed duplicates - if they indeed are, please get in touch with the BaaS [team](mailto:baas-support@choice-bank.co) to remediate this.

We initiated a payout to an M-pesa wallet and received a reference ID, but the client hasn’t received the funds - how do we trace it?

If a reference ID was returned, the funds were debited successfully. Please contact M-pesa Business [support](mailto:m-pesabusiness@safaricom.co.ke) for reconciliation.

Can we change our callback URL/private key ourselves?

Yes, via BaaS dashboard: Settings > Channel Information.

Do SME accounts onboarded via API need to use registered name?

Yes. For compliance, SME accounts must use the official registered name as it is in the incorporation/business certificate.

Will we need special containers or SDK in our integration?

Yes, only if onboarding current accounts or upgrading from wallets. From January 19, 2026, [Smile ID](https://choice-bank.gitbook.io/choice-bank/account/current-account#documents)'s document verification SDK is required for these flows.

Can you share your IP(s) so we can whitelist them?

Yes.

Any rate limits for requests on your APIs?

Except for `/common/sendOtp` API (60 seconds per call), there are no rate limits.

What do we need to opt into the PesaLink sponsorship?*

Please contact your account manager or BaaS support for guidance on requirements and eligibility.

Can we customise the SMS notifications?

Yes. Customisation per customer is possible, but it requires backend configuration to scope the changes specifically to your BaaS channel. Customisation by account type, however, isn’t supported, as our SMS service operates at the digital-product API layer and doesn’t interface directly with underlying account-type distinctions.

{% endtab %} {% endtabs %}