AFRISWITCH

API Authentication

Access to the AfriSwitch institutional API requires two mandatory headers: x-api-key and api-secret. These keys are unique to each organisation and are used to authenticate requests.

Required Headers

x-api-key: AFS-PROD-PUB-XXXXXXXXXXXX
api-secret: AFS-PROD-SEC-XXXXXXXXXXXXXXXXXXXX
Content-Type: application/json

Important: These keys must never be exposed on the frontend or in any public code.

Postman Example

In the Headers tab:

{
  "x-api-key": "AFS-PROD-PUB-XXXXXXXXXXXX",
  "api-secret": "AFS-PROD-SEC-XXXXXXXXXXXXXXXXXXXX",
  "Content-Type": "application/json"
}

cURL Example

curl -X POST "https://api.afriswitch.net/api/v1/transactions/payin/" \
  -H "x-api-key: AFS-PROD-PUB-XXXXXXXXXXXX" \
  -H "api-secret: AFS-PROD-SEC-XXXXXXXXXXXXXXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{
        "amount": 1000,
        "currency": "GNF",
        "operator": "mtn",
        "country": "GN",
        "phone_number": "224XXXXXX448",
        "opaque_id": "test_payin_001"
      }'

Security Notes

HMAC Signature

The HMAC signature is automatically applied by the AfriSwitch portal. The partner does not need to sign anything manually. Only x-api-key and api-secret must be provided.