bank · 3 min read

How to Verify a Bank of Abyssinia (BOA) Receipt

Q: Does BOA verification require Selenium?

No. cheki uses BOA's JSON API directly at cs.bankofabyssinia.com. This is faster and works in serverless environments without Chrome WebDriver.

Q: Why does BOA need the last 5 digits?

BOA's API endpoint combines the transaction reference with the last 5 digits of the receiving account to form the full ID. This prevents unauthorized receipt enumeration.

Q: What if BOA's API returns 'Invalid reference number'?

This happens for inter-bank transfers (e.g., FT... references sent to CBE). In that case, scan the QR code on the receipt and send the payload in the qrData field. cheki decrypts it with AES-256-CBC using the key embedded in BOA's receipt app. See the BOA QR code breakdown for details.

Q: Is QR-based verification secure?

The key is hardcoded in BOA's public receipt web app, which means anyone can decrypt QR codes (and forge them). For high-value inter-bank transfers, request additional confirmation. See our BOA QR code breakdown for the full security analysis.

Q: Can I verify inter-bank BOA transfers without the QR code?

No. BOA's JSON API does not recognize inter-bank transfer references. The QR code is the only way to verify these transactions. If you don't have the QR code, ask the sender for a screenshot of the receipt or check your bank statement for the incoming transfer.

Verify Bank of Abyssinia transactions for free with cheki. No Selenium needed, just the reference number and last 5 digits of your account. QR codes supported for inter-bank transfers.

Bank of Abyssinia (BOA) is one of Ethiopia's largest private banks. BOA publishes receipt data as JSON via a public API endpoint. cheki uses this API directly, without requiring Selenium or a headless browser like some other libraries.

What you need

Transaction reference number (required for API lookup), alphanumeric, typically starts with 2 letters
Last 5 digits of your receiving BOA account number (required for API lookup)
QR code payload (alternative for inter-bank transfers), the encrypted string shown when scanning the QR code

Step-by-step verification

Get the transaction reference

Ask the customer for the reference number from their BOA receipt.

Get your account's last 5 digits

You need the last 5 digits of your receiving BOA account. For example, if your account is 1234567890, the last 5 digits are 67890.

Enter both in cheki

Select BOA from the bank dropdown, enter the reference, and enter the account digits.

Click Verify

cheki calls BOA's JSON API and returns structured payment data in 1-2 seconds.

For inter-bank transfers, use the QR code

If BOA's API returns 'Invalid reference number' (common for transfers sent to CBE or other banks), scan the QR code on the receipt. cheki auto-detects BOA QR payloads, decrypts them server-side with AES-256-CBC, and returns the full transaction details. No account number needed. See our BOA QR code breakdown for the full technical details.

💡

No Selenium required

Unlike the ethiobank_receipts Python library which requires Chrome WebDriver for BOA, cheki uses BOA's JSON API directly. This works in serverless environments without browser dependencies.

💡

QR codes work for inter-bank transfers

BOA's online slip API does not recognize inter-bank transfer references (e.g., FT... sent to CBE). The QR code on the receipt is an AES-256-CBC encrypted payload containing the full transaction details. cheki decrypts it server-side, so QR-based verification works even when the API lookup fails. Read the BOA QR code breakdown for encryption details.

Verifying via API

Use the reference and account digits for normal BOA-to-BOA transfers:

bash

curl -X POST https://chekiapp.vercel.app/api/verify \
  -H "Content-Type: application/json" \
  -d '{"bank":"boa","reference":"AB12345678","accountNumber":"67890"}'

For inter-bank transfers, pass the QR code payload instead (reference is optional):

bash

curl -X POST https://chekiapp.vercel.app/api/verify \
  -H "Content-Type: application/json" \
  -d '{"bank":"boa","qrData":"3cHRaxVjn/pySp..."}'

What the receipt contains

Source account name (sender)
Source account number
Receiver's name
Receiver's account
Transferred amount in ETB
Transaction date
Transaction reference

Two verification methods

Method	When to use	Needs account digits	Speed
JSON API (reference + account)	BOA-to-BOA transfers	Yes (last 5)	~1-2s
QR code decryption	Inter-bank transfers (BOA to CBE/Dashen/etc.)	No	~500ms

For a full technical breakdown of how BOA QR codes work (AES-256-CBC encryption, CryptoJS format, key derivation, security implications), see our BOA QR code breakdown.

Frequently asked questions

Does BOA verification require Selenium?

Why does BOA need the last 5 digits?

What if BOA's API returns 'Invalid reference number'?

Is QR-based verification secure?

Can I verify inter-bank BOA transfers without the QR code?

Edit this article on GitHub Report an issue →