Quick Start Guide

Get up and running with the ChamaPay API in three simple steps. No complex setup required.

1

Get Your API Keys

Follow these simple steps to get your API key:

  1. Log into your ChamaPay Dashboard
  2. Go to the API Keys section
  3. Click "Create Key" to generate a new API key
  4. Store your key securely — you won't be able to see it again!

2

Authenticate Your Requests

Include your API key in the Authorization header using Bearer token format. All requests must be made over HTTPS.

3

Start Building

Make your first API call to retrieve members, track contributions, or process loans. Integrate with your existing systems seamlessly.

Official SDKs

JavaScript
npm install chamapay
PHP
composer require chamapay/chamapay
Python
pip install chamapay
cURL — Quick Example
# Retrieve all active members
curl -X GET https://api.chamapay.co.ke/v1/members \
  -H "Authorization: Bearer cpk_live_your_api_key:your_api_secret" \
  -H "Content-Type: application/json"

Authentication & Security

ChamaPay uses industry-standard Bearer token authentication with enterprise-grade security features.

Authentication Method

All API requests require authentication using a Bearer token. Include your API key in the Authorization header.

Header Format

HTTP Header
Authorization: Bearer cpk_live_your_api_key:your_api_secret
Content-Type: application/json

Security Best Practices

  • Never expose API keys in frontend code or client-side applications
  • Use environment variables to store keys securely
  • Rotate keys regularly (recommended every 90 days)
  • Use backend proxy for mobile and web apps
  • All requests must use HTTPS — HTTP requests will be rejected

Encrypted Storage

API secrets are hashed using bcrypt and never stored in plain text. Keys are encrypted at rest.

Key Rotation

Rotate API keys without downtime. Generate new keys and phase out old ones seamlessly.

Audit Logging

Every API request is logged with timestamps, IP addresses, and response codes for complete traceability.

IP Restrictions

Whitelist specific IP addresses for enhanced security. Restrict API access to your servers only.

API Standards & Versioning

Consistent patterns applied across the entire API to make integration predictable.

Versioning Policy

We guarantee backward compatibility within the v1 namespace. Non-breaking changes (like adding new fields) will happen automatically.

  • Breaking Changes: Will always result in a new v2 endpoint.
  • Deprecation: We provide a minimum 6-month notice before deprecating any endpoint.

Pagination Standard

Every list endpoint returns data wrapped in a strict pagination structure. Always rely on the meta block for cursor/page math.

"meta": {
  "total": 150,     // Total records in DB
  "page": 1,        // Current page
  "limit": 50,      // Records per page
  "pages": 3        // Total pages available
}

Strict Data Formatting Rules

Data Type Strict Format Requirements Example
Phone Numbers Must use strict E.164 international format (Regex: ^\+254\d{9}$) +254712345678
Dates Must use ISO-8601 formatting. Dates use YYYY-MM-DD, timestamps use full ISO format. 2026-04-30
Amounts/Currency Must be numeric integers or decimals up to 2 places. Never send currency symbols. 12500.50
Status Enums Case-sensitive exact matches required. (e.g. Active, Pending, Suspended) Active

🔁 Idempotency

Safely retry requests without worrying about duplicate operations — critical for financial transactions.

Prevent Duplicate Operations

To safely retry requests without duplication, include an Idempotency-Key header with a unique value for each new request.

Header Format

HTTP Header
Idempotency-Key: unique-request-id-abc123
Authorization: Bearer cpk_live_xxxxxxxxxxxxx
Content-Type: application/json

How It Works

  • If the same Idempotency-Key is sent twice, only one operation will be executed
  • The second request will return the same response as the first
  • Keys should be unique per request (we recommend using UUIDs)
  • Keys expire after 24 hours

Example Request with Idempotency Key

cURL
curl -X POST https://api.chamapay.co.ke/v1/contributions \
  -H "Authorization: Bearer cpk_live_xxxxx" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -d '{"member_id": "MFT001", "amount": 5000}'

API Endpoints

RESTful endpoints designed for simplicity and scalability. All endpoints return JSON responses.

GET /api/v1/members

Retrieve a paginated list of all members in your chama. Supports filtering by status and search queries.

Query Parameters

Parameter Type Required Description
status string Optional Filter by status: Active, Inactive, Pending
page integer Optional Page number for pagination (default: 1)
limit integer Optional Results per page (default: 50, max: 100)
search string Optional Search by name, email, or member ID

Response Schema

Field Type Description
success boolean Indicates if the request was successful
data array Array of member objects
data[].id integer Unique member ID
data[].member_id string Member identifier (e.g., MFT001)
data[].first_name string Member's first name
data[].last_name string Member's last name
data[].email string Member's email address
data[].phone string Member's phone number (E.164 format)
data[].status string Member status: Active, Inactive, or Pending
data[].created_at string ISO-8601 timestamp of when the member was created
meta object Pagination metadata
meta.total integer Total number of records
meta.page integer Current page number
meta.limit integer Number of records per page
meta.pages integer Total number of pages available

Example Request

cURL
curl -X GET "https://api.chamapay.co.ke/v1/members?status=Active&page=1&limit=20" \
  -H "Authorization: Bearer cpk_live_xxxxx"

Response (200 OK)

JSON
{
  "success": true,
  "data": [
    {
      "id": 123,
      "member_id": "MFT001",
      "first_name": "John",
      "last_name": "Doe",
      "email": "john@example.com",
      "phone": "+254712345678",
      "status": "Active",
      "created_at": "2024-01-15T10:30:00Z"
    }
  ],
  "meta": {
    "total": 150,
    "page": 1,
    "limit": 20,
    "pages": 8
  }
}
POST /api/v1/members

Create a new member in your chama. Requires write permission.

Request Body

Field Type Required Description
first_name string Required Member's first name (max 50 chars)
last_name string Required Member's last name (max 50 chars)
email string Required Valid email address (must be unique)
phone string Required Phone number in E.164 format (+254...)
id_number string Optional National ID number (must be unique)

Example Request

cURL
curl -X POST https://api.chamapay.co.ke/v1/members \
  -H "Authorization: Bearer cpk_live_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "Jane",
    "last_name": "Smith",
    "email": "jane@example.com",
    "phone": "+254798765432",
    "id_number": "12345678"
  }'

Possible Errors

Error Code HTTP Status Description
MEMBER_EXISTS_EMAIL 409 Conflict A member with this email address already exists
INVALID_PHONE_FORMAT 400 Bad Request Phone number must be in E.164 format (+254...)
MISSING_REQUIRED_FIELD 400 Bad Request One or more required fields are missing
MEMBER_EXISTS_ID 409 Conflict A member with this ID number already exists
GET /api/v1/contributions

Retrieve member contributions with advanced filtering by date range, member, and contribution type.

Query Parameters

Parameter Type Required Description
member_id string Optional Filter by specific member ID
from string Optional Start date (YYYY-MM-DD)
to string Optional End date (YYYY-MM-DD)

Webhooks & Real-Time Events

Don't poll the API. Receive instant notifications when payments are processed, members are registered, or loans are approved.

Configure your webhook URLs in the ChamaPay Admin Dashboard to receive POST requests for specific system events.

Supported Events

  • contribution.created — Fired instantly when a new payment is recorded.
  • loan.approved — Fired when a pending loan application is approved by the committee.
  • member.registered — Fired when a new member joins the group.
  • fine.issued — Fired when a penalty is applied to a member.

Webhook Payload Example

JSON — contribution.created
{
  "event": "contribution.created",
  "data": {
    "member_id": "MFT001",
    "amount": 5000,
    "date": "2026-04-30"
  }
}

Security: Signature Verification

Every webhook request includes an X-ChamaPay-Signature header. You MUST verify this using your Webhook Secret to prevent spoofing.

Node.js Signature Verification
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const hash = crypto.createHmac('sha256', secret)
                     .update(JSON.stringify(payload))
                     .digest('hex');
  return hash === signature;
}

Retry Logic

If your server returns anything other than a 2xx HTTP status code, ChamaPay will retry the webhook 5 times using exponential backoff over 24 hours.

Complete V1 API Reference

ChamaPay offers a comprehensive suite of endpoints to manage every aspect of your organization. All endpoints follow the same standard RESTful conventions and authentication patterns.

Endpoint Supported Methods Description
/api/v1/members GET POST Manage members, view profiles, and register new members.
/api/v1/contributions GET POST List contributions or post new financial records.
/api/v1/loans GET POST Retrieve loan balances and submit new loan applications.
/api/v1/fines GET POST List active fines and issue new penalties to members.
/api/v1/meetings GET POST Access meeting schedules, attendance records, and create new meetings.
/api/v1/projects GET POST List investment projects and record member pledges.
/api/v1/accounts GET Access general ledgers, accounts, transactions, and expenses.
/api/v1/welfare GET Retrieve welfare balances, contributions, and distributions.
/api/v1/dividends GET Access member dividend allocations and history.
/api/v1/documents GET List organizational documents and policies.
/api/v1/election_notices GET Retrieve official election and voting notices.
/api/v1/document_reminders GET Fetch system-generated alerts for expiring documents.
/api/v1/audit GET Extract system-wide security and action audit logs.
/api/v1/liabilities GET POST Track group debts, creditors, and submit new liabilities.
/api/v1/reports GET Extract aggregated dashboard statistics and high-level reports.

Rate Limiting

API rate limits ensure fair usage and system stability for all integrations.

Rate Limits

Current tier limits. Need higher limits? Contact us for enterprise pricing.

100
Requests per minute
10,000
Requests per day
1,000
Monthly quota (Free)

Rate Limit Headers

Every API response includes rate limit information in the headers. If you receive a 429 Too Many Requests error, you must implement Exponential Backoff to avoid being temporarily blacklisted.

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1625097600   // Unix timestamp when quota resets
Retry-After: 60                 // Seconds to wait before retrying

Real-World Use Cases

See how developers are building innovative solutions with the ChamaPay API.

Mobile App for Chama Members

Build native iOS/Android apps that allow members to check balances, view contributions, apply for loans, and receive push notifications.

React Native Flutter Swift Kotlin

SACCO System Integration

Sync ChamaPay data with existing SACCO management systems. Automate contribution reconciliation and loan disbursement workflows.

PHP Laravel Node.js MySQL

WhatsApp Bot for Balance Checks

Create WhatsApp chatbots that allow members to check their account balance, contribution history, and loan status via simple text commands.

Twilio API Python FastAPI Webhooks

Custom Analytics Dashboard

Build advanced analytics dashboards with custom visualizations, predictive modeling, and automated reporting for chama administrators.

React D3.js Python Pandas

Code Examples

Production-ready code snippets in multiple languages to accelerate your integration.

cURL
curl -X GET "https://api.chamapay.co.ke/v1/members" \
  -H "Authorization: Bearer cpk_live_your_api_key:your_api_secret" \
  -H "Content-Type: application/json"
PHP 8.0+
<?php
// Initialize cURL
$ch = curl_init('https://api.chamapay.co.ke/v1/members');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer cpk_live_your_api_key:your_api_secret',
    'Content-Type: application/json']);

// Execute request
$response = curl_exec($ch);
$data = json_decode($response, true);

print_r($data);
curl_close($ch);
?>
JavaScript (Fetch API)
const apiKey = 'cpk_live_your_api_key';

async function getMembers() {
  try {
    const response = await fetch('https://api.chamapay.co.ke/v1/members', {
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json'
      }
    });
    
    const data = await response.json();
    // console.log('Members:', data);
  } catch (error) {
    console.error('Error:', error);
  }
}

getMembers();
Python 3.7+
import requests

api_key = 'cpk_live_your_api_key'
headers = {
    'Authorization': f'Bearer {api_key}',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.chamapay.co.ke/v1/members',
    headers=headers
)

print(response.json())

Error Handling

ChamaPay uses standard HTTP response codes to indicate the success or failure of API requests.

HTTP Code Meaning Common Causes
200 Success Request processed successfully
400 Bad Request Invalid JSON, missing required fields
401 Unauthorized Missing or invalid API key
403 Forbidden Insufficient permissions for action
429 Too Many Requests Rate limit exceeded
500 Server Error Internal server error - contact support

Error Response Format & Specific Error Codes

Unlike generic APIs, ChamaPay returns extremely precise error.code values so your application can programmatically handle exact failure scenarios (e.g., prompting a user if an email is taken vs if their phone is invalid).

Example: Precise Validation Error
{
  "success": false,
  "error": {
    "code": "MEMBER_EXISTS_EMAIL",
    "message": "The email address john@example.com is already registered to another member.",
    "details": "Please provide a unique email or contact support for account recovery."
  }
}

Pricing

Start for free, scale as you grow. Transparent pricing with no hidden fees.

Choose Your Plan

Flexible pricing for developers and enterprises

TESTING 1 KSH PLAN

Ksh 1 /month

100 API requests/month

  • read_access
  • testing_only

Professional API

Ksh 2,000 /month

10,000 API requests/month

  • read_access
  • write_access
  • webhooks
  • priority_support

Enterprise API

Ksh 5,000 /month

100,000 API requests/month

  • full_access
  • webhooks
  • custom_endpoints
  • dedicated_support
  • sla

Support & Resources

We're here to help you build successful integrations.

Email Support

api-support@chamapay.co.ke

Contact Us

Official SDKs

Install our official wrappers via NPM, Composer, or Pip.

Node.js PHP Python

Community

Join developer forum

Join Now

📝 Changelog

Track all updates, additions, and improvements to the ChamaPay API.

v1.0.0 (Current Release — 2026-04-30)

  • 🎉 Initial API Release
  • ✅ Members API endpoints
  • ✅ Contributions tracking
  • ✅ Loans management
  • ✅ Webhooks support
  • ✅ Idempotency keys for safe retries
  • ✅ Official SDKs for JavaScript, PHP, Python