https://sandbox.api.borderpayafrica.com
Test tenant keys, test onboarding, webhook mocks, and dry-run integration work.
API Docs
BorderPay Public API v1.0.1
Create customers, wallets, virtual accounts, transfers, payouts, and webhooks through BorderPay. Business developers receive BorderPay tenant API keys; BorderPay handles provider routing, compliance boundaries, idempotency, and white-label metadata.
{"success":false,"error":{"code":"unauthorized","message":"API key bearer token is required"}}
This is expected when an endpoint is opened without
Authorization: Bearer <api_key>. Use the authenticated examples below.
Quickstart
Use a sandbox API key issued by BorderPay. Do not put real keys in frontend code, screenshots, or public repos.
export BORDERPAY_API_KEY="bpk_test_..."
curl --request GET \
--url https://sandbox.api.borderpayafrica.com/v1/health \
--header "Authorization: Bearer $BORDERPAY_API_KEY" \
--header "x-borderpay-mode: sandbox"
const response = await fetch("https://sandbox.api.borderpayafrica.com/v1/health", {
method: "GET",
headers: {
Authorization: `Bearer ${process.env.BORDERPAY_API_KEY}`,
"x-borderpay-mode": "sandbox",
},
});
console.log(await response.json());
Authentication
Every request requires a tenant API key in the Authorization header. Mutating routes also require
an Idempotency-Key header so retries cannot duplicate financial operations.
| Header | Required | Purpose |
|---|---|---|
Authorization | Yes | Bearer bpk_test_... or bpk_live_... |
x-borderpay-mode | Recommended | Use sandbox or production; mismatches are rejected. |
Idempotency-Key | POST only | Required for customer, wallet, virtual account, transfer, payout, and webhook creation. |
Include the bearer token. API keys are shown once when issued.
Use the correct tenant mode and route scopes.
Environments
Test tenant keys, test onboarding, webhook mocks, and dry-run integration work.
Live keys only after compliance, KYB, risk limits, and production allowlisting are complete.
API Reference
Provider-neutral routes aligned to the current OpenAPI contract.
/v1/healthCheck tenant mode, rate limit state, gateway readiness, and public white-label metadata.
/v1/customersCreate an individual or business customer before wallets, virtual accounts, or payouts.
/v1/walletsCreate a stablecoin wallet for an eligible customer.
/v1/virtual-accountsCreate fiat account details that route deposits to a stablecoin destination.
/v1/transfersMove funds between supported source and destination rails.
/v1/payoutsPay suppliers or beneficiaries using the payout contract.
/v1/webhooksRegister an endpoint and receive a signing secret for event verification.
Webhooks
Webhooks use a timestamp and HMAC signature. Store the signing secret safely and verify the raw body before accepting an event.
x-borderpay-signature: sha256=<hex>
x-borderpay-timestamp: <unix_seconds>
SDKs & Artifacts
White Label
BorderPay creates the tenant, uploads the logo to Supabase storage, configures brand colors, sets sandbox or production mode, then issues scoped API keys. The public API health response returns white-label metadata for approved tenants.
Go Live