For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
DashboardGet started
  • Getting Started
    • Introduction
    • Quickstart
    • Errors
  • Core Concepts
    • Capabilities
    • Containers
    • Gateway
    • Wallets and top-ups
    • Grants and controls
    • Mandates
    • Approvals
    • Receipts
    • Settlements
  • Authentication
    • Authentication overview
    • Wallet sign-in (SIWE)
    • Connected apps (OAuth)
  • Guides
    • Call a capability
    • Monetize an API
    • Apply for public capability
    • Realtime notifications
  • Agents
    • MCP
    • CLI
  • Admin
    • Capability applications
  • API Reference
    • Overview
    • Authentication
  • Generated API Explorer
LogoLogo
DashboardGet started
On this page
  • Accounts
  • Auth — Google + wallet + sessions
  • OAuth 2.1 — authorization server (for agents)
  • Wallet
  • Topups
  • Capabilities
  • Gateway — the actual charge
  • Spending controls
  • Approvals (one-shot human-in-the-loop)
  • Intent mandates (signed conditional permission)
  • Scheduled intents (time-based)
  • Usage & analytics
  • Transfers (account-to-account, internal Lipafy)
  • Notifications
  • MCP

API reference

Was this page helpful?
Previous

Health check

Next
Built with

The full surface, organised by domain. All endpoints return JSON unless noted. All amounts are decimal strings in the smallest unit of their currency (so 100 KES is "100", not 100.00 and not 10000).

Accounts

POST /v1/accountsCreate an account + wallet, returns JWT + session cookie
GET /v1/accounts/meCurrent account info
POST /v1/accounts/me/api-keysIssue an API key (plaintext returned once)
GET /v1/accounts/me/api-keysList active keys
DELETE /v1/accounts/me/api-keys/:idRevoke a key

Auth — Google + wallet + sessions

GET /v1/auth/google/startRedirect to Google OIDC
GET /v1/auth/google/callbackReturning from Google — sets session cookie
POST /v1/auth/wallet/nonceBegin SIWE — returns nonce + message to sign
POST /v1/auth/wallet/verifySubmit signature — sets session cookie
GET /v1/auth/sessionCurrent session info
GET /v1/auth/sessionsAll active sessions for the account
POST /v1/auth/logoutRevoke current session
POST /v1/auth/logout/allRevoke every session for the account

OAuth 2.1 — authorization server (for agents)

GET /.well-known/oauth-authorization-serverDiscovery metadata
POST /oauth/registerDynamic Client Registration (RFC 7591)
GET /oauth/authorizeConsent screen
POST /oauth/authorizeApprove / deny consent
POST /oauth/tokencode → access+refresh OR refresh → access+refresh
POST /oauth/revokeRevoke a grant
GET /v1/oauth/grants”Connected apps” — list mine
DELETE /v1/oauth/grants/:idRevoke an app

Wallet

GET /v1/walletBalance, held, available
GET /v1/wallet/transactions?cursor=...Paginated tx history

Topups

POST /v1/topups/initiateTriggers an M-Pesa STK push via Lipafy’s active payment rail
Private operator endpointAdmin-only balance correction; not part of the public client integration
GET /v1/topups/:idStatus of one topup

Capabilities

POST /v1/capabilitiesRegister a new capability
GET /v1/capabilitiesList active public capabilities
GET /v1/capabilities/mineList ones owned by the caller
GET /v1/capabilities/:slugDetail (public view)
PATCH /v1/capabilities/:slugUpdate (owner only)
DELETE /v1/capabilities/:slugSoft-delete (sets status to disabled)

Gateway — the actual charge

* /gateway/:slug/*The x402-compatible gateway. Any method + path

Spending controls

GET /v1/controls?grant_id=...Read controls for a grant (or account default if omitted)
PUT /v1/controlsUpsert (pass grant_id to scope to a specific grant)

Approvals (one-shot human-in-the-loop)

POST /v1/approvalsAgent requests an approval
GET /v1/approvalsList mine
GET /v1/approvals/:idDetail
POST /v1/approvals/:id/decideHuman approves/denies (session/JWT only)
GET /v1/approvals/:id/challenge?decision=...Get message to sign with wallet
POST /v1/approvals/:id/decide-by-signatureWallet-signed approval

Intent mandates (signed conditional permission)

POST /v1/intent-mandates/challengeReturns canonical text + nonce to sign
POST /v1/intent-mandatesCreate signed mandate
GET /v1/intent-mandatesList mine
GET /v1/intent-mandates/:idDetail
DELETE /v1/intent-mandates/:idCancel
POST /v1/intent-mandates/:id/fulfillConsume one slot of the mandate

Scheduled intents (time-based)

POST /v1/intentsSchedule a future capability call
GET /v1/intentsList mine
GET /v1/intents/:idDetail
DELETE /v1/intents/:idCancel

Usage & analytics

GET /v1/usageSummary for a date range
GET /v1/usage/breakdownPer-capability breakdown

Transfers (account-to-account, internal Lipafy)

POST /v1/transfersMove balance between two Lipafy accounts

Notifications

GET /v1/notifications/streamSSE long-poll — receives approval / mandate events in real time

MCP

POST /mcpJSON-RPC 2.0 endpoint for MCP-aware agents
GET /mcpDiscovery (lists tools, transports)

A full per-endpoint reference with request/response shapes is generated separately. This page is the inventory.