SDKs & libraries
The API is plain REST + JSON, so any HTTP client works — there's never a hard dependency on an SDK. A thin wrapper keeps your code tidy, though.
Roll your own (recommended start)
A complete client is about 30 lines. Token caching + one method per endpoint:
// pesabridge.js
export class PesaBridge {
constructor(base, id, secret) { Object.assign(this, { base, id, secret }); }
async token() {
if (this._t && this._t.exp > Date.now()) return this._t.v;
const r = await fetch(`${this.base}/oauth/token`, { method:"POST",
headers:{ "Content-Type":"application/json" },
body: JSON.stringify({ client_id:this.id, client_secret:this.secret }) });
const { data } = await r.json();
this._t = { v:data.access_token, exp: Date.now() + (data.expires_in-60)*1000 };
return this._t.v;
}
async stk(body) {
const r = await fetch(`${this.base}/partner/stk`, { method:"POST",
headers:{ Authorization:`Bearer ${await this.token()}`, "Content-Type":"application/json" },
body: JSON.stringify(body) });
const j = await r.json(); if (j.status!=="ok") throw new Error(j.message);
return j.data;
}
}Conventions any wrapper should follow
Cache the token and refresh ~60s before expiry.
On
401, refresh once and retry.Surface
message/codefrom the error envelope.Default an
idemkey on money-moving calls.
OpenAPI
The machine-readable contract is always at /openapi.json — generate a typed client in your language with openapi-generator if you prefer.
Was this page helpful?

