Skip to main content
POST
/
api
/
v1
/
transaction
/
{transactionId}
/
authorize
Afriex SDK
const transaction = await afriex.transactions.authorize("transaction-id", {
  type: "OTP",
  otp: "123456",
});
curl --request POST \
--url https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize \
--header 'Content-Type: application/json' \
--header 'x-api-key: <api-key>' \
--data '
{
"type": "OTP",
"otp": "123456"
}
'
import requests

url = "https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize"

payload = {
"type": "OTP",
"otp": "123456"
}
headers = {
"x-api-key": "<api-key>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {'x-api-key': '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({type: 'OTP', otp: '123456'})
};

fetch('https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'type' => 'OTP',
'otp' => '123456'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"x-api-key: <api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize"

payload := strings.NewReader("{\n \"type\": \"OTP\",\n \"otp\": \"123456\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("x-api-key", "<api-key>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize")
.header("x-api-key", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"type\": \"OTP\",\n \"otp\": \"123456\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://sandbox.api.afriex.com/api/v1/transaction/{transactionId}/authorize")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["x-api-key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"type\": \"OTP\",\n \"otp\": \"123456\"\n}"

response = http.request(request)
puts response.read_body
{
  "data": {
    "status": "PROCESSING",
    "type": "DEPOSIT",
    "channel": "MOBILE_MONEY",
    "sourceAmount": "10",
    "sourceCurrency": "USD",
    "destinationAmount": "14101.041",
    "destinationCurrency": "NGN",
    "customerId": "68e6717848e1f632e9686460",
    "transactionId": "69d3c79531c0234586ad5ee0",
    "meta": {
      "reference": "ref-deposit-001",
      "idempotencyKey": "idem-deposit-001"
    },
    "createdAt": "2026-04-06T14:47:49.166Z",
    "updatedAt": "2026-04-06T14:49:02.110Z"
  }
}
Complete a transaction that was created in a CUSTOMER_ACTION_REQUIRED state and needs an extra authorization step, such as a one-time password (OTP) on a mobile-money deposit. The request body is discriminated by type; today the only supported variant is OTP. A deposit needs this step when the create-transaction response comes back with status CUSTOMER_ACTION_REQUIRED and meta.otpRequired set to true.
Testing in sandbox? Submit the OTP 123456 to complete the deposit. Any other value is rejected so you can test the wrong-OTP path. See Simulating OTP-required deposits for the full sandbox flow.

Authorizations

x-api-key
string
header
required

Static business API key issued from the dashboard. A business can provision multiple API keys, each scoped to a configurable set of permissions (e.g. read transactions, create deposits, etc). Permissions are chosen per key at creation time in the dashboard and may be revoked by deleting the key. Requests made with a key that does not include the permission required by the target endpoint will be rejected with a 403 Forbidden response; an unrecognised, malformed or revoked key returns 401 Unauthorized. Manage your keys and their permissions under Developer → API keys in the dashboard.

Headers

x-api-version
string

API version in ISO 8601 format (e.g. 2025-12-28). Defaults to latest stable.

Path Parameters

transactionId
string
required

The unique identifier of the transaction

Body

application/json
type
enum<string>
required

The authorization method.

Available options:
OTP
otp
string
required

The one-time password supplied by the customer.

Response

Transaction authorized successfully.

data
object