Pesalink Developer Portal

Quickstart

Request sandbox access

Submit the developer form with company details and intended flow.

Register OAuth client

Create a client ID/secret and download credentials from the portal.

Fetch access token

Call the identity endpoint with client credentials to receive a bearer token.

Send first payment

Use mock accounts to initiate a `POST /v1/payments` request with idempotency keys.

Verify settlement

Listen to webhook callbacks or poll `GET /v1/payments/{paymentId}` for status.

Overview

The Pesalink API unlocks real-time payments, account validation, and transaction visibility for financial products across Kenya. Use this portal to onboard your application, retrieve credentials, and launch new money-movement workflows with minimal friction.

API responses follow a consistent envelope with `data`, `meta`, and `errors` blocks to simplify integration across channels. All payloads use JSON over HTTPS and share structured error messages for deterministic handling.

API conventions

Versioning: Declare `Accept: application/vnd.pesalink.v1+json` on every request to ensure you access the latest stable contract.
Idempotency: Supply an `Idempotency-Key` header when creating payments to guarantee exactly-once processing.
Correlation: Capture `X-Pesalink-Request-Id` from responses for observability and escalation.

Authentication

Authentication relies on OAuth2 client credentials. Each integration receives a client ID/secret pair with environment-scoped permissions and token lifetimes of 15 minutes. Rotate secrets via the developer portal or escalate urgent resets using the hotline below.

Need help fast? Email developers@pesalink.co.ke or call +254 712 345 678 (24/7 emergency reset desk).

bash

curl --request POST \
  https://identity.sandbox.pesalink.co.ke/oauth2/token \
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data "grant_type=client_credentials" \
  --data "client_id=<your_client_id>" \
  --data "client_secret=<your_client_secret>"

Include the returned bearer token in the `Authorization` header for every request. Scope tokens per workload to isolate risk and revoke credentials swiftly when necessary.

Webhooks

Subscribe to settlement updates, reversals, and fraud alerts by registering webhook URLs in the portal. Pesalink retries failed deliveries up to 9 times with exponential backoff. Signatures are provided in the `X-Pesalink-Signature` header using HMAC SHA-256.

json

{
  "eventType": "payment.settled",
  "eventVersion": "2025-01-01",
  "data": {
    "paymentId": "pay_21bca982",
    "status": "SETTLED",
    "amount": { "value": 25000, "currency": "KES" },
    "completedAt": "2025-03-12T19:12:44Z"
  }
}

Environments

Sandbox

https://api.sandbox.pesalink.co.ke

Use seeded mock accounts. Data resets nightly for consistent QA and deterministic test results.

Production

https://api.pesalink.co.ke

Requires compliance validation, IP whitelisting, and signed SLA prior to go-live.

Feedback

Found an issue or missing detail? Help us improve the Pesalink docs for everyone.

Report an issue