Endpoint index

Production: https://l.pasby.africa · Sandbox: https://s.pasby.africa

OIDC routes run on a separate host — see OIDC.

Public API

Method	Path	Ver.	Billing	Primary headers
GET	`/`	—	none	`x-api-key`
GET	`/api/health/check`	—	none	`x-api-key`
POST	`/api/v2/identification/same-device`	v2	authentication	`x-api-key`, `x-access-secret`
POST	`/api/v1/identification/same-device`	v1	authentication	`x-api-key`, `x-access-secret`
POST	`/api/v2/identification/different-device`	v2	authentication	`x-api-key`, `x-access-secret`
POST	`/api/v1/identification/different-device`	v1	authentication	`x-api-key`, `x-access-token`
POST	`/api/v2/identification/wildcard`	v2	authentication	`x-api-key`
POST	`/api/v1/identification/wildcard`	v1	authentication	`x-api-key`, `x-access-token` (recommended)
POST	`/api/v2/signing/same-device`	v2	signature	`x-api-key`, `x-access-secret`
POST	`/api/v1/signing/same-device`	v1	signature	`x-api-key`, `x-access-secret`, `x-access-token`
POST	`/api/v2/signing/different-device`	v2	signature	`x-api-key`, `x-access-secret`
POST	`/api/v1/signing/different-device`	v1	signature	`x-api-key`, `x-access-token`
POST	`/api/v2/signing/wildcard`	v2	signature	`x-api-key`, `x-access-secret`
GET	`/api/v1/flow/authorize`	v1	none	`x-api-key`, `x-access-secret` + query `sub`, `app`
POST	`/api/v2/flow/ping`	v2	none	`x-api-key`, `x-access-secret`
POST	`/api/v1/flow/ping`	v1	none	`x-api-key`, `x-access-token`
GET	`/api/v2/flow/sse`	v2	none	`x-api-key` (secret optional)
POST	`/api/v2/flow/polling`	v2	none	`x-api-key`, `x-access-token`
POST	`/api/v1/flow/polling`	v1	none	`x-api-key`, `x-access-token`
POST	`/api/v2/flow/cancel`	v2	none	`x-api-key`, `x-access-secret`
POST	`/api/v1/flow/cancel`	v1	none	`x-api-key`, `x-access-token`
POST	`/api/v2/document/signing`	v2	signature	`x-api-key`, `x-access-secret`
POST	`/api/v1/document/signing`	v1	signature	`x-api-key`, `x-access-token`
POST	`/api/v2/document/review`	v2	signature	`x-api-key`, `x-access-secret`
POST	`/api/v1/document/review`	v1	signature	`x-api-key`, `x-access-token`
POST	`/api/v2/document/refresh`	v2	signature	`x-api-key`, `x-access-secret`
POST	`/api/v1/document/refresh`	v1	signature	`x-api-key`, `x-access-token`

Notes

Billing: authentication on identification; signature on signing and document routes. Test keys (bk-test_) skip billing pre-check.
Signing wildcard is v2 only (no /api/v1/signing/wildcard).
Flow SSE is v2 only.
Flow ping body must include { "request": "<flow-id>" } even though edge validation is permissive.
Document v2: send x-api-key and x-access-secret on all document calls.
Webhooks are not pasby API routes; you provide webhook.host on sign/document requests.

OIDC (`https://oauth.pasby.africa`)

Hosted separately from the public gateway. UI: national.eid.pasby.africa.

Method	Path	Aliases
GET	`/`	Connectivity
POST	`/api/v1/oidc/kipindi`	`login`
POST	`/api/v1/oidc/kupeana`	`shake`
POST	`/api/v1/oidc/resource`	—

Details: OIDC overview · OIDC quickstart.

Topic	Page
Headers by category	Authentication
Identification	API · Guide
Signing	API · Guide
Flows	API · Guide
Documents	API · Guide
v1 → v2	Migration

Public API

Notes

OIDC (https://oauth.pasby.africa)

Related pages

OIDC (`https://oauth.pasby.africa`)