Frequently Asked Questions
Frequently Asked Questions
Common questions about setup, integration, authentication, and troubleshooting with the keshflippay Partner API.
General
What is keshflippay?
keshflippay is a unified payment platform providing crypto and fiat APIs for partners to send, receive, and manage digital and traditional currencies securely.
Is there a sandbox environment?
Yes. Use the following base URL for testing and development:
| Environment | Base URL |
|---|---|
| Sandbox | https://sandbox.keshflippay.com/v1 |
Production requests use:
https://api.keshflippay.com/v1
Your sandbox keys are isolated from production.
How do I get API keys?
API keys are issued from the developer dashboard (coming soon).
You’ll receive two keys:
public_key— for request headerssecret_key— for generating HMAC signatures
See Authentication for signing details.
How do I report issues or request features?
Contact your account representative or open a support ticket with the correlationId (from the failed API response).
You can also email support@keshflippay.com with the request ID and timestamp.
Authentication
What headers are required?
Every request must include:
| Header | Description |
|---|---|
X-keshflippay-Key | Your public API key |
X-keshflippay-Timestamp | Current Unix timestamp |
X-keshflippay-Signature | HMAC-SHA256 signature |
Refer to Authentication & Security for examples.
Why am I getting 401 Unauthorized?
Check the following:
- Ensure your timestamp is within ±60 seconds of the server time.
- Verify your signature generation matches
HMAC_SHA256(timestamp + '.' + body). - Confirm your secret key is valid and active.
- Ensure
Content-Type: application/jsonis set correctly.
Webhooks
How can I test webhooks locally?
You can use:
- ngrok —
ngrok http 3000 - localtunnel — simple HTTPS tunneling
Then, register your temporary URL in the dashboard.
What happens if my server doesn’t respond to webhooks?
keshflippay retries with exponential backoff for 24 hours (see Webhooks for retry policy).
After repeated failure, the event will be marked failed in the dashboard.
Are webhook events guaranteed to be delivered in order?
Not always. Always use the event’s createdAt timestamp or sequence ID to maintain ordering in your system.
SDKs
Is there an official SDK?
Yes, SDKs are available for:
Both SDKs are open-source and handle signing, retries, and JSON parsing automatically.
Can I use raw HTTP instead?
Absolutely. SDKs are optional; all endpoints are standard HTTPS JSON APIs.
See API Reference for details.
Troubleshooting
What should I log for debugging?
- HTTP method and full path
- Request body and headers (minus secret)
- Response body and status
correlationIdfrom API errors
Never log your secret key or full authorization headers.
How can I verify if an issue is on my side or the API’s?
- Check your correlationId in the dashboard or API logs.
- Use the sandbox to replicate the call.
- Confirm your network and proxy are not modifying headers.
- If issue persists, contact support with timestamps and IDs.
How do I migrate from sandbox to production?
- Update
baseUrlfromhttps://sandbox.keshflippay.com/v1→https://api.keshflippay.com/v1. - Replace sandbox keys with production keys.
- Verify your webhook endpoint is HTTPS and accessible publicly.
- Perform small test transactions before going live.
Miscellaneous
Is there rate limiting?
Yes. Limits vary per partner and endpoint.
When throttled, you’ll receive 429 Too Many Requests with headers indicating limit and reset time.
How can I check API uptime?
The API status page will be available soon at status.keshflippay.com.
Where can I find release notes?
SDK updates and new endpoint releases will appear on the developer portal and GitHub repository.