Flowwithlit Docs
OVERVIEW

Flowwithlit Developer Documentation

Flowwithlit lets you accept payments on your website with an embeddable checkout, verify transactions server-side, and receive webhooks — all authenticated with a simple public/secret API key pair.

💳

Accept Payments

Embed our checkout in your site with one script tag. Works on any website or framework.

🏦

Bank Transfers

Send money to any Nigerian bank account instantly, including bulk payroll disbursements.

🪪

Virtual Cards

Create USD virtual cards for your users to pay on international platforms.

🌐

Multi-Currency

Hold NGN, USD and other currencies with real-time conversion rates.

🔔

Webhooks

Get notified instantly when payment events happen on your account.

🔒

Secure Transfer

Escrow-style transfers — funds are held until the recipient claims them.

Base URL

All API requests are made to the base URL below. Always use HTTPS in production.

Base URL
https://api.flowwithlit.com

Environments

Flowwithlit has two separate environments. You get a distinct set of API keys for each. Test mode is completely isolated — no real money moves, but the API behaves identically.

EnvironmentKey prefixReal money?Purpose
Test flw_pub_test_ / flw_sec_test_ No Development and integration testing
Live flw_pub_live_ / flw_sec_live_ Yes Production — real customer payments

Your API Keys

Find your API keys in the Developer API section of your dashboard. You get two keys:

  • Public key — safe to include in frontend HTML and JavaScript. Used to identify your merchant account when initiating a checkout session.
  • Secret keynever expose this in the browser or in client-side code. Used only on your server to verify transactions and access protected endpoints.
🚨
Never commit your secret key to version control or expose it in frontend code. If your secret key is compromised, rotate it immediately from the Developer API dashboard.

Authentication

Authenticated API endpoints expect your secret key as a Bearer token in the Authorization header:

HTTP Header
Authorization: Bearer flw_sec_test_YOUR_SECRET_KEY

The checkout public key is passed as a JSON field in the request body — not in headers.

Request & Response Format

All requests and responses use JSON. Always set:

HTTP Header
Content-Type: application/json

Every response has the same envelope:

JSON
{
  "success": true,
  "message": "Operation successful",
  "data": { ... }
}

On error, success is false and message describes what went wrong.

What's Next?