World Mobil — OpenFinance & API Integration

Protocol analysis, secure API implementations and OpenData integration for World PAY, loyalty points and card services.

Service from
API Integration Studio — starting at $300
OpenData · OpenFinance · Protocol Analysis

Integrate World Mobil features into your product — fast & compliant

We deliver runnable API implementations, SDK samples and documentation to connect World PAY, points wallet, QR/NFC payments, card management and campaign services — with compliance guidance for payments and data protection.

Campaigns & Rewards API — expose campaign lists, per-user earned points, reward redemptions and gift transfers. Supports pagination, filter by merchant & campaign id, and delta sync for mobile clients.
World PAY: QR & NFC Payment Integration — server-side handlers for QR code payment flows, transaction confirmation webhooks, and NFC tokenization guidance for contactless POS.
Card & Account Management — card tracking, limits, card controls (lock/unlock), IBAN/identifier retrieval, and secure card lifecycle events via webhooks.
Request a Quote See Deliverables

What we deliver

Technical Deliverables

  • OpenAPI (Swagger) spec & Postman collection
  • Server-side reference implementation (Node.js / Python)
  • Client SDK snippets (Android / iOS / Web)
  • Webhook handlers and replay-safe processing
  • Automated integration tests & CI instructions

Compliance & Architecture

  • PCI-DSS pragmatic checklist for card flows
  • Data minimization & consent recording patterns
  • Advice for local regulators (e.g., BRSA/BDDK in Türkiye) and international standards
  • Tokenization & EMV-Co guidance for NFC transactions

Business & Ops

  • Protocol analysis report (auth flows, session handling)
  • Integration plan & rollout checklist
  • End-user documentation and test accounts (where permitted)

API integration quick examples

Fetch user points (pseudo)

GET /api/v1/world/points?user_id=USER123
Authorization: Bearer <ACCESS_TOKEN>

Response 200 {
  "user_id": "USER123",
  "available_points": 14840,
  "pending_points": 120,
  "rewards": [ { "id":"R-2025-01","title":"10% off" } ]
}

Create QR payment (lifecycle)

POST /api/v1/payments/qr
Content-Type: application/json
Authorization: Bearer <SERVICE_TOKEN>

{
  "amount": 150.00,
  "currency": "TRY",
  "merchant_id": "M-OPET-001",
  "order_ref": "ORDER-98765",
  "callback_url": "https://your.server/webhooks/payment-confirm"
}

Response 201 {
  "qr_id": "QR-abc123",
  "qr_payload": "000201...",
  "expires_at": "2025-12-31T12:30:00Z"
}

Recommended event webhook: payment.confirm

We deliver idempotent webhook handlers and replay protection. Example:
POST /webhooks/payment-confirm
Headers: X-Signature, X-Idempotency-Key

{
  "event": "payment.confirm",
  "data": { "qr_id": "QR-abc123", "status": "CONFIRMED", "amount": 150.00, "txn_id": "TXN-00123" }
}

Core benefits of working with us

Speed & Practicality

Rapid protocol analysis and a working API stub in 3–7 days for most integrations. Clear handover pack for ops teams.

Security-first

Design patterns for tokenization, minimal data-at-rest, signed webhooks, and role-based access controls to reduce audit scope.

Multilingual & Global-ready

We provide documentation and SDKs in multiple languages (EN / TR / ES) and support localized payment rails and currency handling.

Transparent pricing

Project starts at $300. Deliver-first, pay-on-accept model available for many small integrations.

API Integration Instructions (high level)

Step 1 — Discovery

  1. Share the target app name (World Mobil) and specific features you want (points, QR payments, card controls).
  2. Provide any existing credentials or sandbox endpoints if available.

Step 2 — Protocol analysis

  • We map auth flows (OAuth2 / service tokens / session tokens) and message formats.
  • Deliver a short report with endpoints, headers, sample payloads and security considerations.

Step 3 — Implementation & testing

  • We deliver server reference code, client SDK snippets, OpenAPI spec and test cases.
  • We help set up webhook endpoints and run integration tests in your staging environment.

About our studio

We are a technical service studio specializing in app interface integration, authorized API integration and OpenData/OpenFinance projects. Our engineers have fintech and mobile backgrounds and deliver complete integration packs: protocol analysis, source code, documentation and automated tests.

  • End-to-end delivery: analysis → dev → test → docs
  • Platforms: Android & iOS clients, Node.js / Python server refs
  • Compliance-first: PCI guidance, local regulator advisory, data minimization
  • Starter projects from $300; flexible commercial models

Contact & next steps

Ready to proceed? Provide the exact integration scope (e.g., points read/write, QR pay flow, webhook events) and we will return a scoped estimate and a sample deliverable.

Contact us

Original App — World Mobil (complete description)

World Mobil — feature summary (translated)

World Mobil centralizes Yapı Kredi's World loyalty services. Key capabilities include:

  • Offers & campaigns: Access all campaigns and personalized offers, participate with one tap and track earned points and rewards.
  • Points management: View earned, spent and available points, transfer points between cards, and track redeemed discounts.
  • World PAY: QR code payments and NFC mobile payments — choose which card or account to charge, complete purchases via QR or contactless POS. Contactless purchases under 750 TRY may not require PIN/signature depending on settings.
  • Card management: Access card limits, outstanding amount, statement dates, IBANs and other card/account details. Perform actions like limit increase, payment deferral and change card PIN.
  • Card tracking: Track new or renewed card issuance status and configure card settings before activation.
  • Profile & preferences: Manage notification and location permissions, invite friends, and configure a smart assistant. Users can update preferences for brand/sector interests.
  • Ongoing improvements: The app is continuously updated based on user feedback.

This description is provided for technical integration context. For production integrations, we recommend coordinating with the app owner and ensuring authorized access and legal permissions.