FlyExpense

FlyExpense Developer Platform

FlyExpense Developer Platform

Integrate FlyExpense's payment processing into your application. Accept payments through 39 providers with a single, unified API. Base URL: https://flyexpense.com/pf/v1

Getting Started — Base URL & Test Credentials

All Payment Gateway API requests go to the base URL: https://flyexpense.com/pf/v1 Use sandbox credentials to test without processing real payments.

  • Base URL: https://flyexpense.com/pf/v1
  • Sandbox Client ID: pf_test_client_flyexpense_sandbox_2024
  • Sandbox Client Secret: sk_test_51ABC123XYZ789DEF456GHI000JKL111MNO222PQR333
  • Sandbox credentials only work in TEST mode — create an account for production keys
  • Multi-PSP support: Stripe, iyzico, PayTR, and 36 more with automatic failover
  • Built-in 3D Secure 2 authentication (SCA/PSD2 compliant)
  • Smart routing: automatic provider selection with failover logic

Authentication — Required Headers

All Payment Gateway API requests require three headers: your Client ID, an HMAC-SHA256 signature, and a Unix timestamp in milliseconds. Signature = HMAC-SHA256(timestamp + requestBody, clientSecret).

  • x-client-id: your API Client ID
  • x-signature: HMAC-SHA256 of (timestamp + JSON request body) using your Client Secret
  • x-timestamp: Unix timestamp in milliseconds (must be current — requests older than 5 minutes are rejected)
  • Content-Type: application/json
  • Node.js: crypto.createHmac('sha256', CLIENT_SECRET).update(timestamp + JSON.stringify(body)).digest('hex')
  • Python: hmac.new(secret.encode(), (timestamp + json.dumps(body)).encode(), hashlib.sha256).hexdigest()
  • PHP: hash_hmac('sha256', timestamp . json_encode(body), CLIENT_SECRET)

Authorize Payment — POST /pf/v1/payments/authorize

Create a new payment authorization. The system automatically routes to the best available provider based on currency, country, and provider availability.

  • amount (number, required): total payment amount
  • currency (string, required): ISO currency code — USD, EUR, TRY, AED, GBP
  • merchantReference (string, required): your unique order/reference ID
  • cardNumber / cardExpMonth / cardExpYear / cardCvc (string, required): card details
  • is3DS (boolean, optional): enable 3D Secure — default false
  • returnUrl (string, optional): callback URL for 3DS verification
  • installment (number, optional): installment count — 1 means no installment
  • buyer.firstName, buyer.lastName, buyer.email (string, required): buyer information
  • billingAddress.address, billingAddress.city, billingAddress.country (string, required): billing address

Capture, Refund, Void & Get Transaction

Full payment lifecycle management after authorization.

  • POST /pf/v1/payments/:id/capture — capture an authorized payment (transactionId required)
  • POST /pf/v1/payments/:id/refund — refund a captured payment (amount optional for partial refund)
  • POST /pf/v1/payments/:id/void — void an authorized but uncaptured payment
  • GET /pf/v1/payments/:id — retrieve transaction status, provider response, and metadata
  • All endpoints return: transactionId, status, amount, currency, provider, pspResponseCode

Error Codes & Test Cards

Standard error codes and test card numbers for sandbox testing.

  • INSUFFICIENT_FUNDS: card declined due to insufficient funds — test with card 4111111111111112
  • CARD_DECLINED: generic card decline — test with card 4111111111111113
  • INVALID_CARD: card number/expiry/CVC invalid
  • 3DS_FAILED: 3D Secure authentication failed
  • PROVIDER_ERROR: upstream provider returned an error
  • TIMEOUT: provider did not respond within the timeout window
  • Success test card: 4111111111111111, expiry 12/2025, CVC 123

AI Assistant — Connect Claude & Cursor via MCP

FlyExpense provides a read-only MCP server so AI assistants can query your finance data in natural language. MCP server URL: https://flyexpense.com/mcp

  • claude.ai web (online): Settings → Connectors → Add custom connector → paste https://flyexpense.com/mcp → sign in with FlyExpense account (OAuth 2.1, no token needed)
  • Claude Desktop / Cursor: create an mcp_ token on the Developer page, add to MCP config as Authorization: Bearer <token>
  • AI assistants can query expenses, cards, bills, vendors, reports, and dashboard stats
  • Strictly read-only: AI cannot create, update, or delete any data
  • All access is org-isolated: assistants only see your organization's data

Webhooks

Subscribe to real-time events from FlyExpense to trigger automations in your own systems. All payloads are signed with HMAC-SHA256.

  • expense.submitted, expense.approved, expense.rejected
  • card.transaction, card.frozen, card.limit_exceeded
  • bill.received, bill.approved, bill.paid
  • approval.requested, approval.completed
  • Signed payloads with HMAC-SHA256 — validate the x-flyexpense-signature header
  • Configurable retry with exponential backoff on delivery failure

Frequently Asked Questions

What is the Payment Gateway API base URL?

The base URL for all Payment Gateway API requests is https://flyexpense.com/pf/v1. Use sandbox credentials for testing: Client ID pf_test_client_flyexpense_sandbox_2024.

How do I authenticate API requests?

All requests require three headers: x-client-id (your Client ID), x-timestamp (Unix timestamp in milliseconds), and x-signature (HMAC-SHA256 of timestamp + request body using your Client Secret).

How do I connect Claude AI to FlyExpense?

For claude.ai web, go to Settings → Connectors, add a custom connector, and paste https://flyexpense.com/mcp. You will sign in with OAuth and no token is needed. For Claude Desktop or Cursor, create an mcp_ token on the Developer page and add it to your MCP config as an Authorization: Bearer header.

Is the MCP server read-only?

Yes. The FlyExpense MCP server is strictly read-only. AI assistants can view cards, expenses, bills, and reports, but cannot create, update, or delete any data.

What languages do you have SDKs for?

We offer official SDKs for JavaScript/TypeScript, Python, and PHP. An OpenAPI spec is also available for generating clients in any language.

How do I get production API credentials?

Create a FlyExpense account, complete KYB verification, and navigate to the Developer page to generate production API keys. Sandbox credentials work immediately without signup.