API Overview & Authentication
This section covers base URLs, authentication, rate limiting, error handling, and security best practices.Base URL
All API requests should be made to the following base URL: Test Environment:Authentication Methods
API Key Authentication
All API requests require a valid API key included in the request headers.- HTTP Headers
Obtaining API Keys
If you haven’t received your API key yet, please contact our team to complete your onboarding process. You will receive an email with detailed steps on how to obtain yourx-api-key.
Rate Limiting
Each API endpoint type has specific rate limits to ensure fair usage and system stability. Refer to the table below for the allowed request rates per endpoint category.If your backend encounters rate limits often, consider implementing a queue to process requests asynchronously. This approach allows your system to handle actions in an eventually consistent manner, reducing the likelihood of hitting limits.If your use case requires higher rate limits, contact our team with details about your application and traffic patterns. We will review your request and discuss possible adjustments.
Rate Limits
Notes
- Rates below were extracted from the functions code (withRateLimit options) and converted to a human-friendly “requests per minute (rpm)” where needed. For endpoints that do not set a per-endpoint limit the service default is used: window = 60,000 ms, maxPerWindow = 30 → 30 rpm.
- Where the configured window is longer than 60s we show both the configured limit (max requests per window) and the equivalent rpm in the table.
User Management & Authentication
Virtual Accounts & Wallet Operations
Wallet Management
Transactions & Asset Management
Fintech Fee Management
The following endpoints allow fintechs to manage and retrieve accumulated fees, request withdrawals of collected fees, and configure fee rates for onramp/offramp flows.Bank Account Management
The following endpoints allow fintechs to manage Nigerian bank accounts for offramp (fiat payout) operations.FX Orderbook & Trading Management
The following endpoints allow fintechs to create liquidity orders and execute FX trades.Configuration & Management
Webhooks & Third-Party Integration
Handling Rate Limits
When you exceed rate limits, the API returns a429 Too Many Requests response:
Error Handling
Standard Error Response
Common Error Codes
The following error codes apply globally across all API endpoints:Complete Reference: For a comprehensive list of all status codes, error codes, and state transitions, see the API Status & Error Reference.API-Specific Errors: Each API also has domain-specific error codes documented in their respective sections:
Security Best Practices
API Key Management
- Store Securely: Never commit API keys to version control
- Use Environment Variables: Store keys in environment variables
- Rotate Regularly: Rotate API keys periodically
- Limit Scope: Use minimal required permissions for who or what service should have access to your keys.
Request Security
- Use HTTPS: Always use secure connections
- Validate Responses: Check response status and structure
- Implement Timeouts: Set reasonable request timeouts
- Log Carefully: Avoid logging sensitive data
Public Key / Encryption (store-public-key)
You may opt into an encryption feature where sensitive payloads are encrypted before being sent to Strails. To enable this, Use/storepublickey endpoint. This allows Strails to store the fintech’s public key material for encrypting responses or for verifying encrypted requests.