Programmatic API

The African Community Fund provides a secure, high-performance API for members and partners. Authenticate via the ACF Certificate Authority to automate workflows, governance participation, data integration and security standards.

API Overview

The ACF Programmatic API enables members, partners, and authorized systems to interact with Fund services securely and efficiently. Built on RESTful principles and secured by the ACF Certificate Authority.

  1. RESTful Architecture: Standard HTTP methods (GET, POST, PUT, DELETE) with JSON request/response bodies.
  2. PKI Security: Mutual TLS (mTLS) authentication using ACF-CA issued client certificates.
  3. Role-Based Access: Permissions aligned with Class A (governance) and Class B (economic) membership rights.
  4. High Availability: Redundant infrastructure hosted within African jurisdictions under Fund immunities.
  5. Versioning: Stable API versions with deprecation notices to ensure long-term integration reliability.

Authentication & Security

Security is paramount. The API requires strong authentication using digital certificates issued by the ACF Certificate Authority. This ensures non-repudiation, encryption, and strict access control aligned with the Fund's legal protections.

  1. Client Certificates: All API requests must present a valid X.509 client certificate issued by ACF-CA.
  2. Mutual TLS: Connections use mTLS to verify both client and server identity, preventing man-in-the-middle attacks.
  3. Certificate Pinning: Clients should pin the ACF-CA root certificate to prevent unauthorized CA impersonation.
  4. Tokenless Auth: No OAuth tokens or API keys; authentication is derived from the client certificate's subject and extensions.
  5. Encryption in Transit: All traffic is encrypted via TLS 1.3; sensitive data is additionally encrypted at rest per Article 17.

Developer Resources

We provide comprehensive documentation, SDKs, and sandbox environments to help members integrate with the ACF API securely and efficiently.

  1. API Documentation: Interactive OpenAPI (Swagger) specification detailing all endpoints, schemas, and error codes.
  2. SDKs: Official client libraries for Python, JavaScript, Java, and Go to simplify authentication and request signing.
  3. Sandbox Environment: Test environment with sample data for development; requires separate test certificates.
  4. Webhooks: Configure webhooks to receive real-time notifications on loan status, governance votes, or financial events.
  5. Support Channel: Dedicated developer support email and ticketing system for technical assistance.

Get Started

Ready to integrate your systems with the African Community Fund? Begin by securing your digital identity and requesting API access credentials.

  • Enable Integration
  • Technical Help
  • Policy Questions
Subscribe

Newsletter

Subscribe to our weekly insights, tailored for you

By confirming and submitting this form, I acknowledge ACF's privacy policy.