Base URL & Environments
This guide covers the Cashfin Business API base URL and request structure.
Production Environment
The Cashfin Business API is available at:
https://api.cashfin.africaAll API endpoints are prefixed with /business/ followed by the module and action.
Single Environment
Cashfin currently provides a single production environment. All API operations affect real data. Test your integration thoroughly before going live.
API Versioning
The Cashfin Business API uses path-based versioning for major updates. The current version is v1 (implicit in the current endpoints).
| Version | Status | Base Path |
|---|---|---|
| v1 | Current (default) | /business/* |
Future Versions
When new API versions are released, the current version will continue to be supported with a deprecation period of at least 12 months.
Request Structure
All API requests should include:
- Base URL -
https://api.cashfin.africa - Path - The API endpoint (e.g.,
/business/product/list) - Headers - Required headers including authentication
Full Request URL Structure
https://api.cashfin.africa/business/{module}/{action}Examples:
https://api.cashfin.africa/business/product/listhttps://api.cashfin.africa/business/product/createhttps://api.cashfin.africa/business/order/checkout
Required Headers
All requests must include:
| Header | Description | Example |
|---|---|---|
Authorization | Your Client Secret | cs_your_client_secret |
Content-Type | Request body format | application/json |
Example: Full Request
curl -X POST "https://api.cashfin.africa/business/product/create" \
-H "Authorization: cs_your_client_secret" \
-H "Content-Type: application/json" \
-d '{
"title": "Premium Widget",
"price": 1999.99,
"stock": 100
}'const response = await fetch(
"https://api.cashfin.africa/business/product/create",
{
method: "POST",
headers: {
Authorization: process.env.CASHFIN_CLIENT_SECRET,
"Content-Type": "application/json",
},
body: JSON.stringify({
title: "Premium Widget",
price: 1999.99,
stock: 100,
}),
}
);CORS Support
The API supports Cross-Origin Resource Sharing (CORS) for browser-based requests. However, we recommend making API calls from your backend to protect your API credentials.
Security Best Practice
Never expose your Client Secret in client-side code. Always make API calls from your server.
Timeouts
API requests have a timeout of 100 seconds. For most operations, responses are returned much faster. If you experience timeouts, consider:
- Reducing batch sizes for bulk operations
- Implementing retry logic with exponential backoff
- Contacting support if issues persist