Reliable, secure, and developer-friendly payment solutions. Integrate PrimeStack Pay today and start accepting payments in minutes.
Enterprise-grade security with advanced encryption and fraud detection to keep your data safe.
Experience real-time payment processing and settlements. No more waiting for your funds.
Clean SDKs, comprehensive documentation, and a robust API designed for developers.
Connect your application with PrimeStack Pay Middleware using our secure API. Follow the guide below to authenticate and process transactions.
All requests must be authenticated using a custom HMAC-SHA256 signature.
| Header | Description |
|---|---|
Content-Type |
application/json |
X-App-ID |
Your unique App Identifier (e.g., WEB_PORTAL) |
X-Timestamp |
Current Unix timestamp (integer) to prevent replay attacks. |
X-Signature |
Base64 encoded HMAC-SHA256 signature. |
The signature is calculated as: Base64( HMAC_SHA256( SignString, Secret ) )
Where SignString = RawJsonBody + Timestamp
$secret = 'Your_Shared_Hmac_Secret';
$timestamp = time();
$payload = json_encode(['amount' => 1000, 'msisdn' => '255...']);
// 1. Concatenate Payload and Timestamp
$stringToSign = $payload . $timestamp;
// 2. Compute HMAC-SHA256 and Encode to Base64
$signature = base64_encode(hash_hmac('sha256', $stringToSign, $secret, true));
// 3. Send Request with Headers
// X-Signature: $signature
// X-Timestamp: $timestampURL: /api/v1/transact | Method: POST
{
"action": "collection",
"amount": 1000,
"msisdn": "255700000000",
"reference": "UNIQUE_ORDER_ID",
"currency": "TZS",
"callback_url": "https://your-client-app.com/payment-callback"
}For security, you must whitelist your server's IP in the middleware configuration.