Malipo
Connect payments in four steps
Public API reference for mobile money. Create a charge, check status, and verify webhooks — nothing else.
Base URL
All API requests go to this host.
https://lipa.justsmmpro.com
1. Authentication
Send your API key on every request. After login, copy it from Settings → Integration.
X-API-Key: YOUR_API_KEY
2. Create payment
POST https://lipa.justsmmpro.com/api/v1/payments
{
"order_id": "ORD-1001",
"amount": 5000,
"currency": "TZS",
"customer_phone": "0712345678",
"customer_name": "John Doe",
"callback_url": "https://yoursite.com/payment-callback"
}
- Required —
order_id,amount,customer_phone - Phone —
07XXXXXXXXor255XXXXXXXXX - Callback — HTTPS on your registered website domain
Success returns a 10-character reference and optional payment_url. Status is always pending until the customer pays — poll status or use webhook; do not show failure immediately after initiate.
curl -X POST "https://lipa.justsmmpro.com/api/v1/payments" \
-H "Content-Type: application/json" \
-H "X-API-Key: YOUR_API_KEY" \
-d '{"order_id":"ORD-1001","amount":5000,"customer_phone":"0712345678"}'
3. Check status
GET https://lipa.justsmmpro.com/api/v1/payments/{reference}
curl "https://lipa.justsmmpro.com/api/v1/payments/K7M2P9X4Q1" \
-H "X-API-Key: YOUR_API_KEY"
Statuses: pending, completed, failed. Mark an order paid only when Malipo returns completed.
4. Webhook
When a payment finishes, Malipo POSTs to your callback_url.
{
"event": "payment.completed",
"reference": "K7M2P9X4Q1",
"order_id": "ORD-1001",
"status": "completed",
"amount": 5000,
"currency": "TZS"
}
Security rules
Header X-Malipo-Signature = HMAC-SHA256 of the raw body using your API key.
Fulfill orders only when status is completed.
Check order_id, reference, and amount against your records.
Never mark paid from a customer redirect without webhook or status API.