Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nexapay.ng/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

All integration endpoints use API keys for server-to-server requests.

API Key (Server-to-Server)

Use API keys for payment processing, virtual account creation, withdrawals, and bills. Header 
x-api-key: nexa-prod-... or nexa-test-...

Environment Behavior

NexaPay determines merchant API mode from the API key you send:
  • nexa-prod-... -> production mode
  • nexa-test-... -> test mode
This behavior is tied to the merchant key itself, not to the server’s deployment environment.

Webhook Secret (Dashboard)

Your webhook secret is separate from your API keys.
  • NexaPay uses your webhook secret to sign outbound webhook events sent to your webhookUrl
  • Your backend uses the same secret to verify the signature before trusting the payload
  • The secret is managed from the merchant dashboard and can also be revealed or rotated through authenticated dashboard actions
Webhook secret management requires a dashboard JWT, not an API key.

Secret Management Endpoints

GET /business/webhook-secret POST /business/webhook-secret/regenerate

Webhook Signature Headers

NexaPay sends signed webhook deliveries with headers similar to:
  • x-nexapay-signature
  • x-nexapay-timestamp
  • x-nexapay-event
  • x-nexapay-event-id

Production Key

Requests authenticated with a production key use the live merchant ledger and live provider flow.

Test Key

Requests authenticated with a test key use a sandbox merchant ledger and simulated provider behavior. In test mode:
  • payments affect only test balances
  • bill purchases are simulated and do not vend real services
  • virtual accounts are simulated
  • withdrawals are simulated and do not move real money
  • transactions are tagged with environment: "test"