A
API Key
A credential used to authenticate your application’s requests to Novac. Each Novac account comes with two types of keys Public and Secret issued for both the Test and Live environments.Authorization Code
A unique token returned after a successful card transaction. It confirms that the card issuer has approved the charge. Stored in webhook payloads asauthorizationCode.
Abandoned Transaction
A transaction that was initiated but never completed — typically because the customer exited the checkout flow before finalising payment. Reported asnotifyType: "abandoned" in webhooks.
B
Bank Transfer
A payment method where a unique virtual account number is generated for the customer. The customer completes payment via their bank app by sending funds to that account. Reduces card decline rates and is useful for one-time payments.Base URL
The root endpoint for all Novac API calls:C
Callback URL / Redirect URL
The URL your server or frontend provides to Novac so customers can be redirected after completing a payment. Also used to carry transaction references back to your system.Card Tokenisation
The process of replacing a customer’s raw card details with a secure tokencard.token that can be stored and used to charge the card again in the future — without re-entering card details. Essential for recurring billing.
Checkout
A payment session initiated by your server. Novac supports two checkout modes:- Prebuilt Checkout - Novac’s hosted UI; minimal setup required.
- Custom Checkout - You build the UI and call Novac APIs directly for full control.
Collection API (Direct Card Charge)
A server-side API for charging a customer’s card directly without redirecting them to a hosted checkout page. Requires card details to be encrypted before transmission.CVV
Card Verification Value - the 3- or 4-digit security code on a payment card. Must be encrypted using Novac’s Encryption API before being sent in Direct Card Charge requests.D
Dedicated Virtual Account
A persistent virtual bank account assigned to a specific customer or business entity. Unlike a checkout virtual account, it doesn’t expire after a single transaction. Used for ongoing payment collection.Decryption API
An endpoint provided by NovacPOST /api/v1/decrypt-data that reverses encrypted card data back to its original form. Use this when you need to inspect or process previously encrypted card details.
E
Encryption
The process of converting sensitive data (card numbers, CVV, PIN) into an unreadable format so it cannot be intercepted or misused in transit. Novac provides a dedicated Encryption API endpointPOST /api/v1/encrypt-data so you don’t need to implement your own.
Environment
Novac operates in two environments:| Environment | Purpose |
|---|---|
| Test | Simulate transactions; no real money moves |
| Production / Live | Real transactions with real money |
G
Gateway Response Code
A code returned by the underlying payment gateway indicating the result of a transaction attempt. Included in webhook payloads asgatewayResponseCode. Useful for diagnosing failed transactions.
I
IP Whitelisting
A server-side security measure that only allows webhook requests from pre-approved IP addresses. Novac’s public IP address is18.233.137.110. You should configure your webhook endpoint to reject requests from any other IP to prevent fake/spoofed webhook attacks.
M
Merchant Account
A Novac business account that gives you access to the dashboard, API keys, and payment infrastructure. Required before any integration can begin.Mobile Money (MoMo)
A payment method that lets customers pay using their mobile wallet balance. Novac currently supports MTN Ghana and Telecel Ghana mobile money wallets for GHS-denominated transactions.N
NQR
A QR code automatically generated by Novac when a payment link is created. Customers scan the code to initiate payment, suited for point-of-sale scenarios.Notify Type
A field in the webhook payload (notifyType) that describes the outcome of a transaction event. Possible values:
| Value | Meaning |
|---|---|
successful | Transaction completed successfully |
failed | Transaction was declined or failed |
reversed | A successful transaction was reversed (e.g. refund or chargeback) |
abandoned | Customer started but did not complete the payment |
P
Payout
A transfer of funds from your Novac wallet to an external bank account. Used for disbursements, vendor payments, and settlements. Authenticated with your Secret Key.Payment Descriptor
The name that appears on a customer’s bank statement to identify the merchant. Novac’s default descriptor isNOVAC.
Payment Link
A shareable URL that leads customers to a hosted checkout page. No custom UI required. Payment links also auto-generate an NQR code.Payment Preference
Configuration that controls which payment methods are available at checkout and how transaction fees are handled (e.g. borne by merchant vs. passed to customer).Public Key
A non-sensitive API key safe to use in client-side code. Used to initiate transactions — checkout sessions, payment links, and in-app card collections. Cannot modify account settings or trigger payouts.R
Recurring Billing
The ability to charge a customer’s card on a schedule without requiring them to re-enter their card details. Enabled by saving a card token after the first successful transaction and using the Tokenised Card Charge endpoint for subsequent charges.Refund
The process of returning funds to a customer for a completed transaction. Novac supports:- Full Refund: Returns the entire charged amount.
- Partial Refund: Returns a portion of the charged amount.
Reference (Transaction Reference)
A unique string you generate to identify a transaction in your system. It is passed to Novac when creating a checkout and returned in webhooks and verification responses. Use it to match Novac events back to your own records.S
Secret Key
A highly sensitive API key that must never be exposed in client-side code or public repositories. Used for secure server-side operations: payouts, refunds, and accessing financial data. Regenerate immediately on the dashboard if compromised.Settlement
The process by which collected payment funds are disbursed to your bank account. Novac supports split settlement via Sub-settlement Accounts.Split Payment / Sub-settlement Account
A feature that allows incoming payments to be automatically split between a primary settlement account and one or more sub-accounts. Useful for marketplace or multi-vendor platforms.T
3DS (3D Secure)
An additional authentication layer for card payments. After entering card details, the customer is asked to verify their identity (e.g. via OTP). Novac’s Collection API supports initiating and retrieving the status of 3DS challenges.Tokenised Card Charge
Charging a customer using a saved card token instead of raw card details. Requires the card to have been tokenised during a previous transaction. See Card Tokenisation.Transaction Fee
The fee charged per transaction. Retrievable via theGET /checkout/transaction-fee endpoint before initiating a checkout. Can be configured to be borne by the merchant or passed to the customer.
U
USSD Payment
A payment method where the customer dials a short code on their mobile phone to authorise payment. Works without internet access and is ideal for customers on feature phones or in areas with poor connectivity.V
Verify Transaction
An API call you make after receiving a webhook to independently confirm the transaction status directly with Novac. This is a best practice to prevent acting on forged webhook payloads.Virtual Account
A bank account number generated by Novac for the purpose of receiving payments. Can be dedicated (persistent, tied to a customer) or checkout-based (temporary, expires after a single use).Void Transaction
The cancellation of a transaction that has been authorised but not yet settled. Supported via thePOST /collections/void-transaction endpoint.
W
Wallet
A Novac-managed balance that can be used to fund payouts, purchaseairtime/data/electricity, or accept customer payments. Balance is retrievable via the GET /payouts/retrieve-balance endpoint.
Webhook
An HTTPPOST request that Novac automatically sends to your configured URL when a transaction event occurs (payment success, failure, reversal, etc.). Eliminates the need to poll the API for status updates. Novac retries failed delivery up to 3 times, every 5 seconds.
Terms are listed in alphabetical order. For full API references, visit the API Reference section of the Novac documentation.