Live across 8 payment rails · 99.94% API uptime

One API for deposits, payouts,
and merchant payments.

HubdexPay helps businesses accept and disburse money across mobile money, banks, wallets, and local payment rails through a single secure API. Built for the Horn of Africa, designed for global merchants.

Request a demo Read API docs
Built for merchants, PSPs, exchanges, and digital platforms
app.hubdexpay.com/merchant

Today, 06 May 2026

Volume today
$48,920
↑ 12.4% vs. yesterday
Successful
1,284
98.2% rate
Pending payouts
12
$3,420 queued
API uptime
99.94%
30-day window
Recent transactions
HDX-D-7K2A1B + $84.50 paid
HDX-P-9M4C8E − $250.00 pending
HDX-D-3F1H6J + $12.00 paid
HDX-D-A8N3R5 + $1,200.00 paid
Webhook delivered
218 ms
Net settled
$47,288.10
Built for
Payment Network

Pre-integrated with the rails
your customers actually use.

Mobile wallets dominate the Horn of Africa. We've built first-class connectors for the major ones, with bank transfer, card, and manual settlement as fallbacks. New providers are added in days through our connector framework.

EVC
Live

EVC Plus

Hormuud · Somalia

Push-payment STK flow with real-time webhooks. Most popular wallet in southern Somalia.

ZD
Live

Zaad

Telesom · Somaliland

Direct wallet-to-merchant collections plus B2C disbursements. Dollar-denominated.

SH
Live

Sahal

Golis · Puntland

Wallet collections via Golis Telecom. Coverage across the Bari and Nugal regions.

ED
Live

eDahab

Somtel · Multi-region

Collections and disbursements across Somtel's network. Cross-region wallet support.

MP
API Ready

M-Pesa

Safaricom · Kenya

Daraja STK Push integration. KES collections, B2C payouts, paybill and till support.

BNK
Manual

Bank Transfer

Local + SWIFT

Operator-confirmed bank deposits and outgoing wires. Multi-currency settlement.

CD
Coming Q3

Card Networks

Visa · Mastercard

3-D Secure card acceptance through approved acquirers. Tokenized PAN handling.

+
On request

Custom Provider

Connector framework

Have a regional rail not listed here? Our connector interface integrates a new provider in days, not months.

How it works

From API request to merchant balance,
typically under 12 seconds.

The full lifecycle of a deposit — request, route, process, confirm, settle — is observable in your dashboard the moment it happens. No black boxes.

1

Merchant sends request

Your backend posts a signed deposit or payout request to /v1/deposits.

POST /v1/deposits
amount: $25.00
2

HubdexPay routes

Routing engine picks the healthy provider for your channel and risk-checks the transaction.

channel=evc
Hormuud, healthy
3

Provider processes

The connector talks to the upstream rail and tracks the provider transaction ID.

prov_tx: evc_8K2A1B
state: pending
4

Webhook confirms

When the customer pays, the provider notifies us; we verify the signature.

verified: true
state: paid
5

Balance updates

Ledger entries written, your balance bumps, and we POST a signed event to your URL.

net: $24.62
webhook: sent
Merchant API

A REST API your engineering team
will actually want to integrate.

Predictable JSON, signed requests, idempotency on every mutation, and webhook callbacks that retry until your endpoint acknowledges them. No SDK lock-in — works with curl.

API key + HMAC signature

Every request signed with HMAC-SHA256 over timestamp + method + path + body_hash. Constant-time comparison, 5-minute replay window.

Idempotency keys

Send the same Idempotency-Key twice and you get the cached response — never a duplicate charge. 24-hour retention.

Predictable JSON responses

Every response wraps in { data: {...} } on success or { error: { code, message } } on failure. No surprises.

Webhook callbacks with retry

Signed events delivered to your URL with 9-step exponential backoff: 30s → 24h. Dead-letter queue for review.

Status query endpoints

Lost a webhook? Pull current state any time via GET /v1/transactions/{id} or by your own merchant reference.

// Charge a customer via mobile wallet (PHP)
$timestamp = time();
$path      = '/v1/deposits';
$body      = json_encode([
    'amount'             => '25.00',
    'currency'           => 'USD',
    'channel'            => 'evc',
    'customer'           => ['phone' => '252611234567'],
    'merchant_reference' => 'order_8421',
]);

$toSign    = "$timestamp\nPOST\n$path\n" . hash('sha256', $body);
$signature = base64_encode(hash_hmac('sha256', $toSign, $apiSecret, true));

$response = httpPost('https://api.hubdexpay.com' . $path, $body, [
    'X-API-Key: '      . $apiKey,
    'X-Timestamp: '    . $timestamp,
    'X-Signature: '    . $signature,
    'Idempotency-Key: ' . $orderId,
]);

// Response: 201 Created
// { "data": { "id": "hdx_dep_01HKL...", "status": "pending", ... } }
# Same call as a one-liner
curl -X POST https://api.hubdexpay.com/v1/deposits \
  -H "X-API-Key: pk_live_xxx" \
  -H "X-Timestamp: $(date +%s)" \
  -H "X-Signature: $SIG" \
  -H "Idempotency-Key: order_8421" \
  -d '{
    "amount": "25.00",
    "currency": "USD",
    "channel": "evc",
    "customer": { "phone": "252611234567" },
    "merchant_reference": "order_8421"
  }'

# 201 Created
{
  "data": {
    "id":        "hdx_dep_01HKL...",
    "reference": "HDX-D-7K2A1B",
    "status":    "pending",
    "amount":    "25.0000",
    "net_amount": "24.6250"
  }
}
// Node.js / TypeScript
import crypto from 'node:crypto';
import { fetch } from 'undici';

const ts   = Math.floor(Date.now() / 1000);
const body = JSON.stringify({
  amount:   '25.00',
  currency: 'USD',
  channel:  'evc',
  customer: { phone: '252611234567' },
});

const bodyHash = crypto.createHash('sha256').update(body).digest('hex');
const sig      = crypto.createHmac('sha256', apiSecret)
  .update(`${ts}\nPOST\n/v1/deposits\n${bodyHash}`).digest('base64');

const res = await fetch('https://api.hubdexpay.com/v1/deposits', {
  method:  'POST',
  headers: { 'X-API-Key': apiKey, 'X-Timestamp': `${ts}`, 'X-Signature': sig },
  body,
});
Merchant Dashboard

Real-time visibility into every
transaction, balance, and webhook.

One pane of glass for your operations team. Filter, search, export, retry, and reconcile — without filing a support ticket.

app.hubdexpay.com/merchant/transactions

Transactions

Volume today
$48,920
↑ 12.4% vs. yesterday
Successful
1,284
98.2% rate
Pending payouts
12
$3,420 queued
Failed (7d)
23
↓ 4 vs. last week
Reference Customer Provider Amount Status
HDX-D-7K2A1B +252 61 1234 567Ahmed M. EVC Plus252611234567 $84.50 paid
HDX-P-9M4C8E +252 90 8765 432Khadra A. ZaadTelesom $250.00 pending
HDX-D-3F1H6J +254 71 0192 837Nairobi M-PesaSafaricom $12.00 paid
HDX-D-A8N3R5 +252 90 5544 332Hargeisa Ltd Bank TransferManual review $1,200.00 review
HDX-D-E5Q7W9 +252 63 7788 990Bosaso SahalGolis $45.00 failed
HDX-D-T1Y2U3 +252 90 1122 334Mogadishu eDahabSomtel $320.00 paid
Balance & Payouts

See available, pending, and reserved balances per currency. Initiate manual payouts straight from the dashboard.

API Keys

Generate test and live keys, scope by capability, restrict to IP ranges, and revoke instantly when needed.

Webhook Settings

Configure your endpoint URL, rotate signing secrets, replay failed deliveries, and inspect every event payload.

Settlement Reports

Daily reconciliation reports with line-by-line breakdown of fees, net settled amount, and payout batches.

Pending review queue 3 awaiting

Risk: high Today
AM
Ahmed M.+252 61 1234 567
$1,200.00 large amount
KA
Khadra A.+252 90 8765 432
$3,420.00 velocity
HL
Hargeisa LtdBank · ZAAD-228
$840.00 manual
Admin & Operations

Not just a website —
a full operations console.

HubdexPay ships with a back-office console designed for real fintech teams. Every action is audited, every state change is reversible, every webhook is inspectable.

Manage merchants

Create, suspend, or close merchant accounts. Adjust risk tier, reserve %, and rate limits per merchant.

Approve / reject queue

Manual review for risky payouts and bank transfers. One click writes ledger entries and notifies the merchant.

Provider monitoring

Real-time health dashboard for every connector. Set health to "down" to instantly reroute traffic.

Webhook delivery logs

Every delivery attempt with HTTP status, response body, and retry timestamp. Replay deliveries from the UI.

Audit trail

Append-only log of every dashboard state change with actor, IP, user-agent, and before/after metadata.

Security

Built like a bank backend,
not a SaaS demo.

Every monetary movement creates immutable ledger entries. Every state transition is audited. Every secret is encrypted at rest. We don't get to be wrong about money.

HMAC signed requests

Every API call signed with HMAC-SHA256 over timestamp + method + path + body hash. Constant-time verification, 5-minute replay window.

Encrypted secrets

Provider API credentials and merchant webhook secrets stored AES-256-GCM encrypted. Plaintext never touches disk.

Role-based access

Owner, admin, finance, support, viewer roles. Each user scoped to their merchant, with full audit on every action.

Webhook signature verification

Verify HubdexPay events with three lines of code. Reject anything older than 5 minutes to prevent replay.

// Verify a webhook (PHP)
$expected = base64_encode(hash_hmac('sha256',
    $timestamp . '.' . $rawBody, $webhookSecret, true));
if (!hash_equals($expected, $received)) return http_response_code(401);

Audit trail

Every state-changing action — login, payout approval, settings change — logged with actor, IP, user-agent, and metadata.

IP logging + rate limits

Per-merchant rate limits, IP allow-lists on API keys, login throttle (5 fails/10min/IP), and DDoS-friendly upstream caching.

Manual review for risky payouts

Configurable thresholds and velocity rules. Anything flagged sits in admin's queue until a human signs off.

Use cases

Built to support how money
actually moves in this region.

HubdexPay is in production with merchants across betting, e-commerce, agent networks, remittance, and utility payments. Real workflows, real volume, real reconciliation.

Betting platforms

Instant deposits, fast payouts

Accept wallet deposits in seconds, disburse winnings the same day. Velocity controls and per-customer limits configurable per merchant.

  • Sub-10s deposit confirmation
  • Auto-payout up to set threshold
  • Anti-abuse velocity rules
Crypto exchanges

Off-ramp & on-ramp the local way

Move fiat in and out of crypto exchanges through mobile wallets and bank transfers. Manual review queue for large amounts.

  • Multi-rail collection
  • KYC-aware payout flow
  • Threshold-based admin review
E-commerce

Checkout that actually converts

White-label checkout where customers pick a payment method by name — without exposing which provider is on the other side. Drop-in JS or full API control.

  • Drop-in checkout snippet
  • Hosted payment page
  • Order-reference webhooks
Digital wallets

Top-ups, transfers, and withdrawals

Wallet platforms get one ledger across providers — no separate reconciliation per rail. Same-day settlement to your operating bank.

  • Cross-rail unified ledger
  • Same-day batch settlement
  • Wallet-to-wallet transfer rails
Agent networks

Float management for cash agents

Distribute float to thousands of agents and reconcile commissions automatically. Sub-merchant accounts let you give each agent their own dashboard.

  • Sub-merchant onboarding
  • Auto commission split
  • Float top-up workflows
Remittance

Inbound and outbound corridors

Receive remittances via correspondent banks and disburse to wallets. Or move money the other direction — wallet to international bank account.

  • Multi-currency settlement
  • Corridor health monitoring
  • FX rate locking on demand
Utility payments

Bills, subscriptions, top-ups

Power, water, and telco bills routed through the right rail per region. Bulk-import customer accounts and let them pay any way they prefer.

  • Bill-presentment API
  • Recurring scheduled payments
  • Bulk customer import
Pricing

Pay only when money
actually moves.

No setup fees, no monthly minimums. Volume discounts kick in automatically as you scale. Provider-specific fees are passed through transparently.

Startup

For new businesses testing the waters. Get fully integrated, then start paying when you go live.

$0
Free sandbox · forever
  • Core
  • Full API access (sandbox)
  • Merchant dashboard
  • Webhook delivery + retries
  • Mock provider for tests
  • Limits
  • 1 user · 1 merchant account
  • Email support
Get sandbox keys
Most popular

Growth

For merchants moving real volume across multiple rails. Production-ready from day one.

1.5% + $0.10
per successful transaction
  • Everything in Startup, plus:
  • Live across all 8 rails
  • T+1 settlement (USD or local)
  • Provider routing rules
  • Daily reconciliation reports
  • Operations
  • 5 users · sub-merchants on request
  • Priority support (email + Slack)
Apply for Growth

Enterprise

For high-volume aggregators and PSPs that need custom routing, dedicated infrastructure, and tight SLAs.

Custom
Volume-tiered · talk to sales
  • Everything in Growth, plus:
  • Custom routing logic
  • Dedicated provider connectors
  • Sub-merchant onboarding API
  • Same-day settlement option
  • Service
  • SLA up to 99.99%
  • Named account manager
Talk to sales
Provider-specific fees are passed through transparently · No hidden FX markups · No PCI overhead
Developer documentation

Documentation written by people
who've actually integrated payment APIs.

Concrete examples in PHP, Node, Python, and curl. No "TODO: write tutorial" pages. No marketing fluff between you and the code.

Complete REST reference

Every endpoint documented with request shape, response shape, error cases, and concrete examples. Hosted alongside an interactive sandbox.

  • POST /v1/deposits — charge a customer via any rail
  • POST /v1/payouts — disburse to a wallet or bank
  • GET /v1/transactions — paginated history
  • GET /v1/balance — per-currency available, pending, reserved
  • GET /v1/providers — your enabled rails with health status
# GET /v1/transactions?type=deposit&status=completed&limit=10
{
  "data": [
    {
      "id":         "hdx_dep_01HKL3...",
      "reference":  "HDX-D-7K2A1B",
      "type":       "deposit",
      "status":     "completed",
      "amount":     "25.0000",
      "net_amount": "24.6250",
      "currency":   "USD",
      "created_at": "2026-05-06T03:14:29Z"
    }
  ],
  "next_cursor": "2026-05-06T02:48:11Z"
}

Webhook delivery

We POST signed JSON events to your URL whenever a transaction state changes. Verify the signature in three lines and you're done.

  • transaction.created
  • transaction.completed
  • transaction.failed
  • transaction.expired
  • transaction.updated
// Verify (PHP)
$secret    = 'whsec_…';
$raw       = file_get_contents('php://input');
$header    = $_SERVER['HTTP_HUBDEXPAY_SIGNATURE'];

preg_match('/t=(\d+),v1=([^,]+)/', $header, $m);
$expected = base64_encode(hash_hmac(
    'sha256', $m[1] . '.' . $raw, $secret, true
));

if (!hash_equals($expected, $m[2])) {
    http_response_code(401); exit;
}

API authentication

Every API call carries three headers: X-API-Key, X-Timestamp, and X-Signature. The signature is HMAC-SHA256 over a canonical string.

  • String to sign: ts + "\n" + METHOD + "\n" + path + "\n" + sha256_hex(body)
  • Signature: base64(hmac_sha256(secret, stringToSign))
  • Replay window: 5 minutes
  • Comparison: constant-time hash_equals
# Compute signature in shell
TS=$(date +%s)
PATH_=/v1/deposits
BODY='{"amount":"25.00","currency":"USD","channel":"evc"}'
HASH=$(printf "%s" "$BODY" | sha256sum | awk '{print $1}')
TO_SIGN=$(printf "%s\nPOST\n%s\n%s" "$TS" "$PATH_" "$HASH")
SIG=$(printf "%s" "$TO_SIGN" | openssl dgst -sha256 -hmac "$SECRET" -binary | base64)

curl -X POST "https://api.hubdexpay.com$PATH_" \
  -H "X-API-Key: $KEY" \
  -H "X-Timestamp: $TS" \
  -H "X-Signature: $SIG" \
  -d "$BODY"

Error codes

Errors return uniform JSON: { error: { code, message, details } }. The HTTP status reflects the kind of error. No surprise codes — every value is documented.

  • 400 invalid_amount — amount missing or malformed
  • 401 signature_invalid — HMAC mismatch or stale timestamp
  • 402 insufficient_balance — payout exceeds available
  • 403 blocked_by_risk — risk engine rejected
  • 409 idempotency_conflict — key reused with different body
  • 429 rate_limited — slow down; check Retry-After
# 402 Payment Required
{
  "error": {
    "code":    "insufficient_balance",
    "message": "Merchant balance is below the requested payout amount.",
    "details": {
      "requested": "100.00",
      "available": "42.50",
      "currency":  "USD"
    }
  }
}

Sandbox testing

Sandbox is a full mirror of production using the mock provider. Every API behavior — pending, completed, failed — can be triggered deterministically without spending a cent.

  • Mock outcomes: success, pending, fail, random
  • Webhook simulator with retry replay
  • Test card numbers and phone numbers documented
  • Sandbox balance is virtual — top-up via dashboard
  • Reset state any time without losing config
# Trigger a deterministic FAILED deposit (sandbox)
curl -X POST https://sandbox.hubdexpay.com/v1/deposits \
  -H "X-API-Key: pk_test_…"  \
  -H "X-Test-Outcome: fail"   \
  -d '{"amount":"10.00","currency":"USD","channel":"mock"}'

# 201 Created — status will transition to "failed" within 2 seconds
# and a transaction.failed webhook will be queued

Integration checklist

The path from sandbox keys to production. We've shipped this with dozens of merchants — these are the steps that matter, in order.

  • Generate sandbox API key in dashboard
  • Build & test signed request flow against /v1/deposits
  • Implement webhook receiver + signature verification
  • Test all four mock outcomes (success / pending / fail / random)
  • Implement idempotency keys on POST endpoints
  • Add error handling for documented error codes
  • Sign legal agreement → KYB → live API key issued
  • Deploy. Monitor the dashboard for the first 24 hours.
# Recommended test matrix before going live
[] Signed request with valid signature   →  201
[] Signed request with stale timestamp   →  401
[] Same idempotency key, same body       →  cached
[] Same idempotency key, diff body       →  409
[] Webhook with valid signature           →  200
[] Webhook with bad signature             →  401
[] Payout exceeding available balance    →  402
[] Recover state via /v1/transactions/id  →  200
Read the full documentation
Request demo

Tell us what you're building.
We'll show you exactly how HubdexPay fits.

One business day to first reply. If you're already running on a payment stack and considering a switch, mention it — those usually get a same-day call.

Get in touch

All fields except message are required for a meaningful first conversation.

CSRF protected · We never share your data

Why teams pick HubdexPay

Fast time-to-launch

Sandbox in minutes. Live keys in days, not months. Most merchants are processing real volume within a week.

White-label end-to-end

Your brand on the dashboard, your channel names in the API, your customer-facing receipts. We're invisible infrastructure.

Real ledger, real reconciliation

Double-entry bookkeeping enforced at write-time. Reconcile to the cent every day with zero spreadsheets.

Operators, not just developers

Built by people who've run a payment back-office. Manual review queues, audit logs, and webhook replay aren't bolt-ons.

Direct contact
Salessales@hubdexpay.com
Supportsupport@hubdexpay.com
OfficeMogadishu, Somalia
HoursSat–Thu · 09:00–18:00 EAT