Skip to main content
The Orafi API is organized around REST. It accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP status codes and verbs.

Base URL

https://api.orafi.app
Both test and live requests use the same base URL. Your API key determines the mode.

Authentication

Authenticate every request by including your API key in the x-api-key header: 
curl https://api.orafi.app/transactions \
  -H "x-api-key: ora_test_your_api_key"
See the Authentication guide for details on key formats and security best practices.

Request & response format

All request bodies must be application/json (except file uploads which use multipart/form-data). Every response follows a consistent envelope: 
{
  "success": true,
  "message": "Operation successful",
  "data": { ... }
}

HTTP status codes

CodeDescription
200Request succeeded
201Resource created
400Bad request — invalid parameters
401Unauthorized — missing or invalid API key
403Forbidden — insufficient permissions
404Not found — resource doesn’t exist
429Too many requests — rate limited
500Internal server error

Rate limiting

API requests are rate-limited. Inspect these response headers to monitor your usage:
HeaderDescription
X-RateLimit-LimitMax requests per window
X-RateLimit-RemainingRequests remaining
X-RateLimit-ResetTime when the window resets
If you hit the limit, back off and retry after X-RateLimit-Reset.

Pagination

List endpoints use cursor-based pagination for consistent performance:
ParameterTypeDescription
limitnumberMax items per page (default 20)
cursorstringCursor from a previous response to fetch the next page
Response includes nextCursor and hasNextPage to indicate whether more data is available.

Explore endpoints

Payments

Create, verify, and retrieve payments.

Paylinks

Shareable no-code payment pages.

Transactions

Query your full transaction history.

Payouts

Withdraw funds to crypto or fiat.

Webhooks

Register endpoints and subscribe to events.

Customers

Manage customer records.