KuvarPay API
Home
Home
  1. Home
  • Overview
  • SDK Integration Guide
  • Webhooks Integration Guide
  • Subscriptions Guide
  • Transactions
    • Calculate required crypto amount for a fiat target
      POST
    • Create a new fiat transaction
      POST
    • Get transaction by ID
      GET
    • List transactions
      GET
    • Public transaction status by reference
      GET
    • Demo pay (sandbox/testing)
      POST
  • Checkout Sessions
    • Create a checkout session (returns authToken for SSE)
      POST
    • Get a checkout session
      GET
    • Receive payment status webhook for session
      POST
  • SSE
    • Subscribe to transaction updates (SSE)
      GET
    • Subscribe to session updates (SSE)
      GET
  • Currencies
    • List supported currencies
      GET
  • Sandbox
    • Simulate sandbox error scenarios for a transaction
      POST
    • Deliver a test webhook to a URL
      POST
    • List available sandbox error scenarios
      GET
    • Get sandbox environment info
      GET
    • Reset all sandbox data for your business (destructive)
      DELETE
  • Sandbox Simulator
    • Start the sandbox transaction simulator
      POST
    • Stop the sandbox transaction simulator
      POST
    • Get current status of the sandbox transaction simulator
      GET
    • Update simulator configuration
      PUT
    • Force execute a specific scenario for a transaction (testing only)
      POST
    • Force execute a specific scenario for a transaction (URL param)
      POST
    • List pending sandbox transactions available for simulation
      GET
    • Reset sandbox transactions to PENDING for testing
      POST
  • Invoices
    • Create a new invoice
    • Send invoice email to customer
  • Payment Links
    • Create a new payment link
  • Subscriptions
    • Create subscription checkout session
    • Get a subscription checkout session by UID
    • Confirm subscription checkout session
    • Get stablecoin currencies supported for subscriptions
    • Submit relay authorization for subscription
    • Create a new subscription
    • Get a subscription by UID
    • Get relay authorization status for a subscription
    • Update a subscription
    • Cancel a subscription
    • Create a new subscription plan
    • List subscription plans
    • Get a subscription plan by UID
    • Update a subscription plan
    • Create a price for a subscription plan
    • Get prices for a subscription plan
    • Update a subscription price
    • Create a subscription invoice
    • List subscription invoices
    • Create a metered subscription invoice
    • Get a subscription invoice by UID
    • Charge a subscription invoice
    • Get charge attempts for an invoice
  • Payment Fiat Rates
    • Get fiat rate for a specific currency
    • Get multiple fiat rates
    • Update NGN rate from CryptoCompare
    • Update all supported fiat rates
    • Get Flutterwave transfer rates (debug/testing)
    • List supported bank transfer and mobile money currencies
    • Clear the fiat rates cache
    • Get cache statistics
  • Transfer Fees
    • Get transfer fee for a specific amount and currency
    • Get optimal transfer fee (bank vs mobile money)
    • Get all stored transfer fees
    • Manually update transfer fees from Flutterwave
    • Get currencies supported for transfers
  • Schemas
    • Schemas
      • CalculatePaymentRequest
      • CalculatePaymentResponse
      • CreateTransactionRequest
      • Transaction
      • CreateTransactionResponse
      • CheckoutSessionCreateRequest
      • CheckoutSession
      • CheckoutSessionDetails
      • CheckoutSessionGetResponse
      • PaymentStatusWebhookPayload
      • SimpleAck
      • ErrorResponse
      • CurrenciesResponse
      • SandboxDeliveryResult
      • SandboxSimulateErrorRequest
      • SandboxSimulateErrorResponse
      • SandboxTestWebhookRequest
      • SandboxTestWebhookResponse
      • SandboxErrorScenariosResponse
      • SandboxInfoResponse
      • SandboxResetRequest
      • SandboxResetResponse
      • CreateInvoiceRequest
      • CreateSubscriptionCheckoutSessionRequest
      • InvoiceResponse
      • CreateSubscriptionCheckoutSessionResponse
      • CreateInvoiceResponse
      • ConfirmSubscriptionCheckoutSessionRequest
      • SendInvoiceEmailRequest
      • ConfirmSubscriptionCheckoutSessionResponse
      • SendInvoiceEmailResponse
      • SubscriptionCurrency
      • CreatePaymentLinkRequest
      • SubscriptionCurrenciesResponse
      • PaymentLinkResponse
      • CreatePaymentLinkResponse
      • CreateSubscriptionRequest
      • Subscription
      • UpdateSubscriptionRequest
      • SubscriptionResponse
      • CreatePlanRequest
      • UpdatePlanRequest
      • SubscriptionPlan
      • CreatePriceRequest
      • UpdatePriceRequest
      • SubscriptionPrice
      • PlanResponse
      • PlansListResponse
      • PriceResponse
      • PricesListResponse
      • SubscriptionInvoice
      • ChargeInvoiceRequest
      • ChargeAttempt
      • InvoicesListResponse
      • ChargeResponse
      • ChargeAttemptsListResponse
      • SubscriptionCheckoutSession
      • SubscriptionCheckoutSessionResponse
  1. Home

Overview

KuvarPay Merchant API – Comprehensive Overview#

This document provides a complete overview of how to integrate with the KuvarPay Merchant API to accept crypto payments and receive fiat payouts in African markets. It explains authentication, idempotency, core payment flows, real-time status monitoring (SSE), sandbox testing, error handling, and best practices.

SDK for Easy Integration#

KuvarPay provides an official SDK to simplify integration.
You can explore the SDK documentation here: SDK Integration Guide

Versioning and Base URLs#

Invoice/Payment Link base URL: https://kuvarpay.com.
Other endpoint baseurl: https://payment.kuvarpay.com

Authentication#

KuvarPay uses two authentication mechanisms, plus a session-scoped token for SSE.
API Key (ApiKeyAuth)
Header: x-api-key: <your_api_key>
Business ID
Header: x-business-id: <your_business_id>
Bearer JWT (for SSE only)
Header: Authorization: Bearer <session_authToken>
Obtained from the checkout session resource when created/fetched.
Notes
Always send both x-api-key and x-business-id for partner-facing endpoints (Transactions, Checkout Sessions, Currencies, etc.).
Use client key for calls originating from server and secret key for calls originating from server.
Invoice/Payment Link endpoints requires the secret key to be used.
if keys are used wrongly, requests will be rejected by the server.
SSE endpoints require the session-scoped JWT instead of x-api-key.

Idempotency#

Use the Idempotency-Key header on POST requests to safely retry without creating duplicates.
Header: Idempotency-Key: <unique_key_per_request>
On retry with the same key, the server will return the original response (if still valid).

Core Integration Flow#

Below is the recommended high-level flow for a typical checkout.
1.
Create a Checkout Session
Endpoint: POST /api/v1/checkout-sessions
Body includes the fiat target (toCurrency, toAmount). Customer details (customerEmail, customerName) are required for production integrations but are supplied when creating the transaction (POST /api/v1/transactions/create) that links to this session, not during session creation.
Response contains the sessionId, initial status, and an authToken for SSE.
2.
Fetch Supported Currencies and Networks
Endpoint: GET /api/v1/currencies
Required headers: x-api-key, x-business-id
Use the response to let the user select their preferred crypto fromCurrency and fromNetwork (and verify available fiat toCurrency). The crypto list includes a networks array per asset.
3.
Create the Transaction (linked to the session)
Endpoint: POST /api/v1/transactions/create
Include: checkoutSessionId from step 1, the user-selected fromCurrency/fromNetwork, your fiat target (toCurrency, toAmount), and customer details (customerEmail, customerName).
Headers: x-api-key, x-business-id, and Idempotency-Key: <unique>
The response includes transaction details and a deposit address.
4.
Track Session Status
Real-time (recommended): SSE stream
GET /api/v1/sse/session/{sessionId} with headers Accept: text/event-stream and Authorization: Bearer <authToken>
Receive server-sent events as the session status transitions (e.g., PENDING → ARMED → PROCESSING → COMPLETED)
Polling (fallback):
GET /api/v1/checkout-sessions/{sessionId} periodically (e.g., every 2–5 seconds with jitter/backoff)
5.
React to Terminal States
Terminal statuses include COMPLETED, FAILED, EXPIRED, or CANCELLED.
Stop listening/polling and reconcile on your side (fulfill order, show error, retry, etc.).

Example SSE Connection#

Event examples (data payloads are JSON strings):
event: session_update
id: 1
data: {"sessionId":"sess_123","status":"ARMED","updatedAt":"2025-01-01T12:00:15Z"}

id: 2
event: session_update
data: {"sessionId":"sess_123","status":"PROCESSING"}

id: 3
event: session_update
data: {"sessionId":"sess_123","status":"COMPLETED"}

Calculating Required Crypto Amount#

Use POST /api/v1/transactions/calculate-payment to compute the crypto amount for a fiat target.
Required headers: x-api-key, x-business-id
Typical request body includes: fromCurrency, fromNetwork, toCurrency, and toAmount.

Creating a Transaction (Direct API Flow)#

While most integrations use checkout sessions, you can create transactions directly:
POST /api/v1/transactions/create
Include Idempotency-Key to avoid duplicate submissions.
The response includes transaction details and a deposit address.

Customer Details (Required)#

Required fields for production integrations:
customerEmail (must be a valid email format)
customerName (non-empty string)
Where to provide: Include these fields when creating the transaction via POST /api/v1/transactions/create (whether you link it to a previously created checkout session using checkoutSessionId or create a direct transaction).
Current enforcement status (as implemented today):
The POST /api/v1/transactions/create schema accepts customerEmail and customerName but does not mark them as required, and the service validates customerEmail only if provided. If you omit these fields, the API currently does not return a validation error (no 400 is thrown for their absence); they will be stored as null and certain features (e.g., direct customer notifications) may be skipped.
Checkout Session creation (POST /api/v1/checkout-sessions) does not accept customer fields; you must supply them when creating the linked transaction.
Recommendation: Always include customerEmail and customerName for every production transaction to enable notifications, risk checks, and downstream operations. Enforcement may become strict in a future revision.
Example request:
POST /api/v1/transactions/create
Headers:
  x-api-key: <api_key>
  x-business-id: <business_id>
  Idempotency-Key: <unique>
Body:
{
  "fromCurrency": "USDT",
  "fromNetwork": "bsc",
  "toCurrency": "NGN",
  "toAmount": 10000,
  "checkoutSessionId": "sess_123",
  "customerEmail": "buyer@example.com",
  "customerName": "Jane Doe"
}

Webhooks#

You can configure webhooks to receive asynchronous events (e.g., completed transactions, payout updates).
Ensure your endpoint validates signatures (if enabled) and is idempotent.

Sandbox and Testing#

The sandbox lets you simulate end-to-end flows without real funds.
Use your sandbox API key and business ID.
Notable endpoints:
POST /api/v1/sandbox-simulator/start — start the simulator
POST /api/v1/sandbox-simulator/stop — stop the simulator
GET /api/v1/sandbox-simulator/status — view simulator status/config
POST /api/v1/sandbox-simulator/config — update probabilities and timings
POST /api/v1/sandbox-simulator/force-scenario — force a scenario for the next eligible transaction
POST /api/v1/sandbox-simulator/force/{transactionId} — force a scenario for a specific transaction
GET /api/v1/sandbox-simulator/pending-transactions — list pending sandbox transactions (paginate)
POST /api/v1/sandbox-simulator/reset-transactions — reset transactions back to PENDING (with confirm flag)
Tips
Use the simulator to test success/failure paths, partial/excess payments, compliance holds, and timeouts.
Validate that your webhook processing is idempotent by replaying events.

Error Handling and Retries#

Always handle 4xx (client) and 5xx (server) errors.
Implement retries for transient errors with exponential backoff (e.g., network issues, 5xx).
For POST requests, use Idempotency-Key to ensure safe retries.

Security Best Practices#

Treat API keys and tokens as secrets — never log them.
Use HTTPS-only endpoints and validate TLS certificates.
Validate and sanitize all inputs on your side even if server-side validation exists.
Use allowlists for callbacks/webhook targets in your infrastructure.

Rate Limiting and Backoff#

Respect any rate limits indicated by response headers or errors.
Implement client-side backoff and jitter when polling or retrying.

Observability#

Log request IDs, correlation IDs, and timestamps to help trace issues.
Capture SSE events and state transitions in your logging for debugging.

Support#

For production support, contact the KuvarPay team on integration@kuvarpay.com.
For sandbox/trial access, register on KuvarPay Merchant to generate your api key.
Modified at 2025-09-15 18:08:37
Next
SDK Integration Guide
Built with