Slex Pay is a fintech service brand. Banking services are provided through licensed partners in Pakistan.

Developer Integration Guide

Everything needed to integrate Slex Pay APIs in one place: authentication, endpoints, required parameters, request/response examples, webhook verification, retries, and production readiness controls.

REST API Webhook Events Idempotency Sandbox + Production

Base URLs

Sandbox: https://sandbox-api.slexpay.pk/v1

Production: https://api.slexpay.pk/v1

Checkout host: https://checkout.slexpay.pk

Authentication

Header: Authorization: Bearer <SECRET_KEY>

Optional: X-Client-Id: <PUBLIC_ID>

Content-Type: application/json

Rate Limits & Retries

  • Default: 100 requests/minute per API key (can vary by account tier).
  • Use exponential backoff for 429 and 5xx responses.
  • Never retry non-idempotent writes without an idempotency key.
  • Respect response headers like Retry-After when present.

Idempotency Best Practice

  • Generate one UUID per create/refund operation.
  • Reuse the same key only when retrying the exact same payload.
  • Store idempotency key with your order record.
  • Do not share one key across different endpoints.

Need Integration Review?

Before going live, our team can review your request flow, webhook handling, retry logic, and error states.

Merchant Dashboard

Create keys, rotate secrets, register webhook URLs, and monitor API activity from your merchant panel.

Tip: keep API secrets server-side only. Never expose secret keys in frontend JavaScript, mobile apps, or public repositories.