Authentication
All SplashPay API requests require authentication using API credentials.
API Credentials
Generate API credentials from:
Merchant Portal → Developers → API Keys
Used in Sandbox environment.X-API-KEY: pk_test_xxxxxxxxxxxxx
X-API-SECRET: sk_test_xxxxxxxxxxxxx
Used in Production environment.X-API-KEY: pk_live_xxxxxxxxxxxxx
X-API-SECRET: sk_live_xxxxxxxxxxxxx
X-API-KEY: pk_live_xxxxxxxxxxxxx
X-API-SECRET: sk_live_xxxxxxxxxxxxx
Idempotency-Key: Unique-Request-ID
Content-Type: application/json
Accept: application/json
Example Request
cURL
Laravel
Node.js
Python
Dart
curl --request GET \
--url https://api.splashpay.co.tz/api/v1/payments/mobile-money \
--header "X-API-KEY: pk_live_xxxxxxxxx" \
--header "X-API-SECRET: sk_live_xxxxxxxxx" \
--header "Idempotency-Key: Unique-Request-ID"
$response = Http::withHeaders([
'X-API-KEY' => env('SPLASHPAY_KEY'),
'X-API-SECRET' => env('SPLASHPAY_SECRET'),
'Idempotency-Key' => 'Unique-Request-ID',
])->get(
'https://api.splashpay.co.tz/api/v1/payments/mobile-money'
);
const response = await fetch(
'https://api.splashpay.co.tz/api/v1/payments/mobile-money',
{
headers: {
'X-API-KEY': process.env.SPLASHPAY_KEY,
'X-API-SECRET': process.env.SPLASHPAY_SECRET,
'Idempotency-Key': 'Unique-Request-ID',
},
}
);
import requests
response = requests.get(
'https://api.splashpay.co.tz/api/v1/payments/mobile-money',
headers={
'X-API-KEY': os.getenv('SPLASHPAY_KEY'),
'X-API-SECRET': os.getenv('SPLASHPAY_SECRET'),
'Idempotency-Key': 'Unique-Request-ID',
}
)
import 'dart:convert';
import 'package:http/http.dart' as http;
import 'package:uuid/uuid.dart';
Future<void> initiateMobileMoneyPayment() async {
final response = await http.post(
Uri.parse(
'https://api.splashpay.co.tz/api/v1/payments/mobile-money',
),
headers: {
'Content-Type': 'application/json',
'X-API-KEY': const String.fromEnvironment('SPLASHPAY_KEY'),
'X-API-SECRET': const String.fromEnvironment('SPLASHPAY_SECRET'),
'Idempotency-Key': const Uuid().v4(),
},
);
}
Authentication Errors
| Status | Description |
|---|
| 401 | Invalid API credentials |
| 403 | Access denied |
| 429 | Too many requests |
Never expose your API Secret in frontend applications, mobile apps, or public repositories.
Best Practices
Store API credentials in environment variables.
Rotate API secrets regularly.
Use Sandbox credentials during development.
Keep API secrets private.
Next Steps
Initiate Collection
Create payment requests and collect payments.
Webhooks
Receive transaction updates automatically.