Getting Started
Introduction
Fundamental concepts of MpesaFlow’s API.
Base URL
The MpesaFlow API is built on REST principles. We enforce HTTPS in every request to improve data security, integrity, and privacy. The API does not support HTTP. All requests contain the following base URL:Authentication
To authenticate you need to add an Authorization header with the contents of the header beingBearer mf_test_1234567890 where Bearer mf_test_1234567890 is your API Key.
Response codes
MpesaFlow uses standard HTTP codes to indicate the success or failure of your requests. In general,2xx HTTP codes correspond to success, 4xx codes are for user-related failures, and 5xx codes are for infrastructure issues.
| Status | Description |
|---|---|
200 | Successful request. |
400 | Check that the parameters were correct. |
401 | The API key used was missing. |
403 | The API key used was invalid. |
404 | The resource was not found. |
429 | The rate limit was exceeded. |
5xx | Indicates an error with MpesaFlow servers. |
Check Error Codes for a comprehensive breakdown of
all possible API errors.
Rate limit
The default maximum rate limit is 2 requests per second. This number can be increased for trusted senders by request. After that, you’ll hit the rate limit and receive a429 response error code.
Learn more about our rate limits.
FAQ
How does pagination work with the API?
How does pagination work with the API?
We currently support cursor pagination.
How do you handle API versioning?
How do you handle API versioning?
Currently, there’s no versioning system in place. We plan to add versioning
via calendar-based headers in the future.