Base URL
The MpesaFlow API is built on REST principles. We enforce HTTPS in every request to improve data security, integrity, and privacy. The API does not support HTTP. All requests contain the following base URL:Authentication
To authenticate you need to add an Authorization header with the contents of the header beingBearer mf_test_1234567890 where mf_test_1234567890 is your API Key.
Response codes
MpesaFlow uses standard HTTP codes to indicate the success or failure of your requests. In general,2xx HTTP codes correspond to success, 4xx codes are for user-related failures, and 5xx codes are for infrastructure issues.
| Status | Description |
|---|---|
200 | Successful request. |
400 | Check that the parameters were correct. |
401 | The API key used was missing. |
403 | The API key used was invalid. |
404 | The resource was not found. |
429 | The rate limit was exceeded. |
5xx | Indicates an error with MpesaFlow servers. |
Check Error Codes for a comprehensive breakdown of all possible API errors.
Rate limits
To ensure fair usage and protect the stability of the API, all requests are subject to rate limiting. If your application exceeds the allowed request rate, the API will return a429 Too Many Requests error response.
Learn more about our rate limits.
Pagination
The default maximum rate limit is 2 requests per second. This number can be increased for trusted senders by request. After that, you’ll hit the rate limit and receive a429 response error code.
Learn more about our rate limits.
Versioning
The default maximum rate limit is 2 requests per second. This number can be increased for trusted senders by request. After that, you’ll hit the rate limit and receive a429 response error code.
Learn more about our rate limits.