Flowwithlit Developer Documentation
Flowwithlit lets you accept payments on your website with an embeddable checkout, verify transactions server-side, and receive webhooks — all authenticated with a simple public/secret API key pair.
Accept Payments
Embed our checkout in your site with one script tag. Works on any website or framework.
Bank Transfers
Send money to any Nigerian bank account instantly, including bulk payroll disbursements.
Virtual Cards
Create USD virtual cards for your users to pay on international platforms.
Multi-Currency
Hold NGN, USD and other currencies with real-time conversion rates.
Webhooks
Get notified instantly when payment events happen on your account.
Secure Transfer
Escrow-style transfers — funds are held until the recipient claims them.
Base URL
All API requests are made to the base URL below. Always use HTTPS in production.
https://api.flowwithlit.com
Environments
Flowwithlit has two separate environments. You get a distinct set of API keys for each. Test mode is completely isolated — no real money moves, but the API behaves identically.
| Environment | Key prefix | Real money? | Purpose |
|---|---|---|---|
| Test | flw_pub_test_ / flw_sec_test_ |
No | Development and integration testing |
| Live | flw_pub_live_ / flw_sec_live_ |
Yes | Production — real customer payments |
Your API Keys
Find your API keys in the Developer API section of your dashboard. You get two keys:
- Public key — safe to include in frontend HTML and JavaScript. Used to identify your merchant account when initiating a checkout session.
- Secret key — never expose this in the browser or in client-side code. Used only on your server to verify transactions and access protected endpoints.
Authentication
Authenticated API endpoints expect your secret key as a Bearer token in the
Authorization header:
Authorization: Bearer flw_sec_test_YOUR_SECRET_KEY
The checkout public key is passed as a JSON field in the request body — not in headers.
Request & Response Format
All requests and responses use JSON. Always set:
Content-Type: application/json
Every response has the same envelope:
{
"success": true,
"message": "Operation successful",
"data": { ... }
}
On error, success is false and message describes what went wrong.