Base URL

The MpesaFlow API is built on REST principles. We enforce HTTPS in every request to improve data security, integrity, and privacy. The API does not support HTTP. All requests contain the following base URL: 
https://api.mpesaflow.dev

Authentication

To authenticate you need to add an Authorization header with the contents of the header being Bearer mf_test_1234567890 where mf_test_1234567890 is your API Key. 
Authorization: Bearer mf_test_1234567890

Response codes

MpesaFlow uses standard HTTP codes to indicate the success or failure of your requests. In general, 2xx HTTP codes correspond to success, 4xx codes are for user-related failures, and 5xx codes are for infrastructure issues.
StatusDescription
200Successful request.
400Check that the parameters were correct.
401The API key used was missing.
403The API key used was invalid.
404The resource was not found.
429The rate limit was exceeded.
5xxIndicates an error with MpesaFlow servers.
Check Error Codes for a comprehensive breakdown of all possible API errors.

Rate limit

The default maximum rate limit is 2 requests per second. This number can be increased for trusted senders by request. After that, you’ll hit the rate limit and receive a 429 response error code. Learn more about our rate limits.

Pagination

The default maximum rate limit is 2 requests per second. This number can be increased for trusted senders by request. After that, you’ll hit the rate limit and receive a 429 response error code. Learn more about our rate limits.

Versioning

The default maximum rate limit is 2 requests per second. This number can be increased for trusted senders by request. After that, you’ll hit the rate limit and receive a 429 response error code. Learn more about our rate limits.