SDKs & libraries

The API is plain REST + JSON, so any HTTP client works — there's never a hard dependency on an SDK. A thin wrapper keeps your code tidy, though.

Roll your own (recommended start)

A complete client is about 30 lines. Token caching + one method per endpoint:

// pesabridge.js
export class PesaBridge {
  constructor(base, id, secret) { Object.assign(this, { base, id, secret }); }
  async token() {
    if (this._t && this._t.exp > Date.now()) return this._t.v;
    const r = await fetch(`${this.base}/oauth/token`, { method:"POST",
      headers:{ "Content-Type":"application/json" },
      body: JSON.stringify({ client_id:this.id, client_secret:this.secret }) });
    const { data } = await r.json();
    this._t = { v:data.access_token, exp: Date.now() + (data.expires_in-60)*1000 };
    return this._t.v;
  }
  async stk(body) {
    const r = await fetch(`${this.base}/partner/stk`, { method:"POST",
      headers:{ Authorization:`Bearer ${await this.token()}`, "Content-Type":"application/json" },
      body: JSON.stringify(body) });
    const j = await r.json(); if (j.status!=="ok") throw new Error(j.message);
    return j.data;
  }
}

Conventions any wrapper should follow

  • Cache the token and refresh ~60s before expiry.

  • On 401, refresh once and retry.

  • Surface message/code from the error envelope.

  • Default an idem key on money-moving calls.

OpenAPI

The machine-readable contract is always at /openapi.json — generate a typed client in your language with openapi-generator if you prefer.

Was this page helpful?