Skip to main content

​
Environments

Payfonte provides two environments for integration:
EnvironmentUse CaseAPI Base URLDashboard
SandboxDevelopment and QAhttps://sandbox-api.payfonte.comhttps://sandbox-app.payfonte.com
ProductionLive transactionshttps://api.payfonte.comhttps://app.payfonte.com
Do not use live provider credentials in sandbox. Keep sandbox and production credentials separate.

​
API Authentication

All API calls require these headers:
  • client-id
  • client-secret
You can find both in: Dashboard -> Settings -> API Keys/Webhooks

​
Sandbox Example

curl --location 'https://sandbox-api.payfonte.com/payments/v1/checkouts' \
  --header 'client-id: <your-sandbox-client-id>' \
  --header 'client-secret: <your-sandbox-client-secret>' \
  --header 'Content-Type: application/json' \
  --data '{
    "reference": "test-001",
    "amount": 1000,
    "currency": "NGN",
    "country": "NG",
    "user": {
      "phoneNumber": "08012345678"
    }
  }'

​
Production Go-Live Checklist

1

Complete testing in sandbox

Validate successful, failed, and pending flows, including webhooks.
2

Complete KYB onboarding

Submit your business details using the KYB onboarding form.
3

Switch credentials and base URL

Replace sandbox client-id/client-secret with production keys and update your API base URL to https://api.payfonte.com.
4

Verify webhooks in production

Confirm your production webhook URL is configured under Settings -> API Keys/Webhooks.

​
Recommended App Configuration

Use environment variables so secrets stay out of source code: 
# Sandbox
PAYFONTE_SANDBOX_BASE_URL=https://sandbox-api.payfonte.com
PAYFONTE_SANDBOX_CLIENT_ID=...
PAYFONTE_SANDBOX_CLIENT_SECRET=...

# Production
PAYFONTE_PRODUCTION_BASE_URL=https://api.payfonte.com
PAYFONTE_PRODUCTION_CLIENT_ID=...
PAYFONTE_PRODUCTION_CLIENT_SECRET=...

const isProduction = process.env.NODE_ENV === "production";

const config = isProduction
  ? {
      baseUrl: process.env.PAYFONTE_PRODUCTION_BASE_URL,
      clientId: process.env.PAYFONTE_PRODUCTION_CLIENT_ID,
      clientSecret: process.env.PAYFONTE_PRODUCTION_CLIENT_SECRET
    }
  : {
      baseUrl: process.env.PAYFONTE_SANDBOX_BASE_URL,
      clientId: process.env.PAYFONTE_SANDBOX_CLIENT_ID,
      clientSecret: process.env.PAYFONTE_SANDBOX_CLIENT_SECRET
    };

​
Security Notes

  • Never expose client-secret in frontend apps.
  • Never commit credentials to git.
  • Rotate keys immediately if you suspect exposure.
  • Use HTTPS for API and webhook endpoints.