Kora CBA

Kora CBA is a multi-tenant core banking platform built as a set of microservices. It provides a double-entry general ledger, customer account management, transaction processing, financial reporting, and more — all accessible through a unified REST API.

What You Can Do

• General Ledger — Hierarchical chart of accounts with double-entry journal posting, approval workflows, and standing instructions.
• Account Management — Open and manage savings, current, fixed deposit, domiciliary, joint, and corporate accounts with virtual sub-accounts.
• Transaction Processing — Internal transfers, interbank (NIBSS NIP), cross-currency, deposits, and withdrawals with automatic fee calculation.
• Financial Reporting — Trial balance, profit & loss, balance sheet, cash flow, and comparative reports across fiscal periods.
• Fiscal Period Management — Monthly and yearly period lifecycle with closing and year-end consolidation.
• Webhooks — Real-time event notifications for transactions, accounts, loans, and security events with HMAC-SHA256 signatures.
• Multi-Tenancy — Database-per-tenant isolation with per-tenant configuration, feature flags, and branding.
• RBAC — Role-based access control with scoped permissions (viewer, teller, officer, manager, admin).

Architecture

┌────────────┐
│  Clients   │
│ (Web, API, │
│  Mobile)   │
└─────┬──────┘
      │
┌─────▼──────────────────────────────────────────────┐
│                   API Gateway (:8080)               │
│  Auth · Rate Limiting · Idempotency · Tenant Res.  │
└─────┬──────────────────────────────────────────────┘
      │
      ├──▶ GL Service (:8081)          Chart of accounts, journals, reports
      ├──▶ Account Service (:8084)     Account CRUD, balances, virtual accounts
      ├──▶ Transaction Service (:8085) Transfers, deposits, withdrawals
      ├──▶ Customer Service (:8082)    Customer profiles, KYC
      ├──▶ Loan Service (:8086)        Lending and repayment
      ├──▶ Card Service (:8096)        Card issuance and management
      ├──▶ Fraud Service (:8094)       AML/CFT screening
      ├──▶ Workflow Service (:8091)    Approval workflows
      └──▶ Notification Service        Email, SMS, push

All traffic routes through the API gateway, which handles authentication, rate limiting, idempotency, and tenant resolution before proxying to the appropriate service.

Quick Example

cURL

curl https://api.korastratum.com/api/v1/cba/accounts \
  -H "Authorization: Bearer eyJ0eXAi..." \
  -H "X-Tenant-ID: demo_bank"

Node.js

const res = await fetch("https://api.korastratum.com/api/v1/cba/accounts", {
  headers: {
    Authorization: "Bearer eyJ0eXAi...",
    "X-Tenant-ID": "demo_bank",
  },
});
const { accounts } = await res.json();

Python

import requests

res = requests.get(
    "https://api.korastratum.com/api/v1/cba/accounts",
    headers={
        "Authorization": "Bearer eyJ0eXAi...",
        "X-Tenant-ID": "demo_bank",
    },
)
accounts = res.json()["accounts"]

Go

req, _ := http.NewRequest("GET", "https://api.korastratum.com/api/v1/cba/accounts", nil)
req.Header.Set("Authorization", "Bearer eyJ0eXAi...")
req.Header.Set("X-Tenant-ID", "demo_bank")

resp, _ := http.DefaultClient.Do(req)
defer resp.Body.Close()

Next Steps

• Quickstart — Create an account and post your first journal in 5 minutes.
• Authentication — JWT tokens, RBAC roles, and scopes.
• Multi-Tenancy — Database-per-tenant isolation and configuration.
• API Reference — Base URL, headers, pagination, and response format.