Flow endpoints

Base path: /api/{version}/flow · No billing pre-check on flow routes.

After starting identification or signing, use these endpoints to observe or cancel the journey. See Flow lifecycle.

SDK: pasby.flows.ping, pasby.flows.cancel — not pasby.flow. SSE and polling are REST-only — TypeScript SDK.

POST /api/v2/flow/ping

Client-controlled status poll (recommended).

curl -sS -X POST "https://s.pasby.africa/api/v2/flow/ping" \
  -H "x-api-key: bk-test_YOUR_KEY" \
  -H "x-access-secret: YOUR_APP_SECRET" \
  -H "Content-Type: application/json" \
  -d '{ "request": "your_flow_request_id" }'

Poll every 1–3 seconds; back off when idle. Terminal states include cancelled or a truthy signature in data.request (signing flows).

GET /api/v2/flow/sse (v2 only)

Server-Sent Events stream (~every 2 seconds).

curl -N "https://s.pasby.africa/api/v2/flow/sse?request=your_flow_request_id" \
  -H "x-api-key: bk-test_YOUR_KEY" \
  -H "x-access-secret: YOUR_APP_SECRET"

Use with the browser EventSource API for live web UIs.

POST /api/v2/flow/cancel

curl -sS -X POST "https://s.pasby.africa/api/v2/flow/cancel" \
  -H "x-api-key: bk-test_YOUR_KEY" \
  -H "x-access-secret: YOUR_APP_SECRET" \
  -H "Content-Type: application/json" \
  -d '{ "request": "your_flow_request_id" }'

Call when the user abandons your UI.

POST /api/v2/flow/polling (legacy)

Long-held connection; server polls upstream every ~1.2s. Completes when data.request.cancelled is true or data.request.signature is present.

GET /api/v1/flow/authorize (v1 only)

Obtain x-access-token for token-based v1 integrations.

curl -sS -i "https://s.pasby.africa/api/v1/flow/authorize?sub=YOUR_CONSUMER&app=YOUR_APP" \
  -H "x-api-key: bk-test_YOUR_KEY" \
  -H "x-access-secret: YOUR_APP_SECRET"

v1 flow mirror

No v1 SSE route.