Request & Response Format
Learn NadaPay request headers, response shapes, pagination, status codes, and rate limits.
All NadaPay API requests and responses follow a consistent structure. This page documents the conventions so you know what to expect from every endpoint.
Base URL
Use this base URL for both sandbox and production. Your API key determines which mode handles the request.
The endpoints are versioned under /v1.
Authentication header
Every request must include your API key in the x-api-key header:
x-api-key: YOUR_API_KEY
NadaPay usesx-api-key— notAuthorization: Bearer. Requests using the wrong header format will return401 Unauthorized.
Required headers
| Header | Required | Value |
|---|---|---|
x-api-key | ✅ Always | Your NadaPay API key |
Content-Type | ✅ On POST/PATCH | application/json |
x-idempotency-key | ✅ On POST (create) | A unique UUID per logical request |
Terminology
Use these terms consistently when you read the rest of the docs:
- mode: sandbox or production behavior selected by the API key
- rail: the transfer method, such as
ACH,Bank Transfer,Mobile Money, orCrypto - network: the routing identifier used for some payout methods
- provider: the named service provider used for some rails
Terminology
Use these terms consistently when you read the rest of the docs:
- mode: sandbox or production behavior selected by the API key
- rail: the transfer method, such as
ACH,Bank Transfer,Mobile Money, orCrypto - network: the routing identifier used for some payout methods
- provider: the named service provider used for some rails
Request format
All request bodies are JSON. Always set Content-Type: application/json on POST and PATCH requests.
curl --request POST \
--url https://core.nadapay.io/v1/beneficiaries \
--header 'x-api-key: YOUR_API_KEY' \
--header 'Content-Type: application/json' \
--header 'x-idempotency-key: a1b2c3d4-e5f6-7890-abcd-ef1234567890' \
--data '{
"name": "John Doe",
"currency": "NGN",
"type": "EXTERNAL_BANK",
"details": {
"accountNumber": "0123456789",
"accountName": "John Doe",
"networkId": "ntwk_01HXXXXXXXXXXXXXXXXXX",
"rail": "Bank Transfer",
"country": "NG"
}
}'Response format
All responses return JSON. Successful response shapes are defined per endpoint in the API Reference. Error responses include statusCode and message.
Successful response:
{
"statusCode": 200,
"message": "Successful",
"data": {}
}Error response:
{
"statusCode": 500,
"message": "Internal server error"
}Timestamps
All timestamps are returned in ISO 8601 format in UTC:
2025-01-01T00:00:00ZHTTP status codes
| Status | Meaning |
|---|---|
200 OK | Request succeeded |
201 Created | Resource created successfully |
400 Bad Request | Invalid request body or missing required fields |
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Valid key but insufficient permissions, IP restrictions, or mode mismatch |
404 Not Found | Resource does not exist |
409 Conflict | Duplicate request with a conflicting idempotency key |
422 Unprocessable Entity | Request is well-formed but contains logical errors |
429 Too Many Requests | Rate limit exceeded |
500 Internal Server Error | NadaPay-side error — retry with backoff |
Rate limits
NadaPay applies rate limits per API key.
| Mode | Default limit |
|---|---|
| Sandbox | 100 requests per minute per API key |
| Production | 1000 requests per minute per API key |
When exceeded, you will receive a 429 Too Many Requests response with a Retry-After header indicating when you can retry.
What's next
| Next step | Link |
|---|---|
| Understand idempotency | Idempotency |
| See all error codes | Common Errors & Fixes |
| Make your first call | Getting Started |
Updated 11 days ago