Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.moflay.com/llms.txt

Use this file to discover all available pages before exploring further.

API keys authenticate your requests to the Moflay API. Create separate keys for each environment and grant only the permissions your integration needs.

Prerequisites

Create an API key

1

Open the API Keys page

Go to API Keys in the dashboard.
2

Choose the environment

Select Sandbox for testing or Production for real payments.
3

Create the key

Give the key a clear name such as checkout-service-sandbox, then assign only the permissions your service needs.
4

Copy the key once

Copy the key immediately and store it securely. Treat it like a password.

Environment-specific prefixes

  • mof_test_: Sandbox API keys
  • mof_live_: Production API keys

Available permissions

The current API permission set includes:
PermissionAllows
express.payCreate M-Pesa Express payment requests
customers.readRead customer records
customers.writeCreate, update, or delete customer records
transactions.readRead transactions and payment status
For the quickstarts, grant express.pay to create the payment and transactions.read to check the payment status.

Use the key in your app

export MOFLAY_API_KEY="mof_test_your_api_key"

import { Moflay } from "@moflay/sdk";

const moflay = new Moflay({
  token: process.env.MOFLAY_API_KEY!,
});

Use the key with raw HTTP

curl https://api.moflay.com/v1/transactions \
  -H "Authorization: Bearer $MOFLAY_API_KEY"

Verify the result

Your API key is working if you can call an endpoint successfully in the same environment where the key was created.

Troubleshooting

  • missing_api_key: Add the Authorization: Bearer YOUR_API_KEY header.
  • invalid_api_key: Check that the key is valid and copied correctly.
  • invalid_access: The key exists, but it does not have the permission required by that endpoint