Paystack
Africa's Stripe — clean API, Stripe-owned, regionally licensed across NG, GH, KE, ZA, CI (+ Egypt/Rwanda in rollout)
Pick Paystack if you're an African business (especially NG/GH/KE/ZA/CI) that wants Stripe-grade developer experience for local payments — cards, mobile money, USSD, and bank transfers in one API; the trade-off is that merchant account reviews and settlement holds are a recurring complaint on NG accounts.
◆ Simple
NG, GH, KE, ZA, CI (+ EG & RW beta)
1.5% + ₦100 (NG), 1.95% (GH), 2.9% + R1 (ZA)
Paystack is a Stripe-owned African payments platform founded in Nigeria in 2015 (YC S16, acquired by Stripe in October 2020 for ~$200M). It is licensed and operational in Nigeria, Ghana, Kenya, South Africa, and Côte d'Ivoire, with regulatory approvals for Egypt and Rwanda in early-access rollout. Paystack powers 300k+ businesses, offers first-class support for cards (Visa/Mastercard/Verve/Amex), mobile money (GH/KE/CI), USSD, bank transfers, QR, and Apple Pay, plus products for Subscriptions, Transfers, Invoices, Payment Pages, Split Payments (marketplace), Terminal, and Virtual Terminal. In January 2026 it reorganised under a new parent holding company, The Stack Group.
Last full audit: April 15, 2026
Trust Score Breakdown
Account Stability
65/100Nigerian-account freezes and KYC re-verification loops are the dominant complaint theme. Accounts flagged against the Acceptable Use Policy have been closed without notice; CAC (Corporate Affairs Commission) registration is effectively required to unfreeze funds. Ghana, SA, and Kenya accounts report materially fewer stability complaints in public forums. Backed by Stripe's compliance and risk infrastructure which tightens the screens but increases false-positive pain for NG SMBs.
Developer Experience
90/100Widely praised as the 'Stripe of Africa' for API design — clean REST, webhooks with HMAC-SHA512 signatures, consistent error shapes, good changelog discipline, first-party SDKs for Node/Python/PHP/Ruby/Go/Laravel, and a sandbox that mirrors live behavior. Documentation at paystack.com/docs is comprehensive with integration recipes for Django/Next.js/Laravel/Rails. Known rough edges: Paystack does not allow localhost as a webhook URL (ngrok required), Next.js App Router raw-body pitfalls for signature verification, and webhook retries can deliver duplicates so handlers must be idempotent.
Payout Reliability
72/100Standard T+1 next-business-day settlement is the documented norm across NG, GH, KE, ZA, and CI and is broadly reliable for accounts in good standing. However, PissedConsumer and Trustpilot both surface a recurring pattern of settlement holds of 45+ days on Nigerian accounts triggered by risk/AUP reviews, with limited transparency on resolution timelines. Reports of 'payout under review since May 2025' with continued customer processing are not rare.
Support Quality
55/100Support is the most consistent complaint category. Trustpilot and PissedConsumer reviews cite multi-day silence on settlement-hold tickets, duplicate ticket creation without resolution, and repeated document requests. Better response times are reported for integration/API questions (developer-tagged tickets) than for risk/payout disputes. No published 24/7 phone line for merchants.
Track Record
86/100Founded 2015 (Paystack co-founders Shola Akinlade and Ezra Olubi); YC S16's first Nigerian startup. Acquired by Stripe in October 2020 for ~$200M. 12x payment volume growth since acquisition. Licensed in NG/GH/KE/ZA/CI, regulatory approvals secured for Egypt and Rwanda. January 2026 restructuring created The Stack Group as the parent holding company following group profitability. Strong uptime record on status.paystack.com.
Transparency
82/100Core pricing is clearly published per country at paystack.com/pricing (1.5% + ₦100 NG cap ₦2k; 1.95% GH; 2.9% + R1 ZA; 2.9% KES cards / 1.5% M-PESA; 3.2% VAT excl CI cards / 1.95% CI mobile money; 2.7% + EGP 2.5 EG). International rates (3.1–3.9%) and transfer fees are also published. Less transparent: chargeback fee (₦2,500 on NG) is not on the main pricing page — only in support docs — and settlement-hold criteria are not disclosed.
Availability Matrix
| Region | Countries | Currencies | Payout Timing |
|---|---|---|---|
| Nigeria (primary market) | Nigeria — merchants must have a Nigerian bank account; CAC (Corporate Affairs Commission) registration is required for most business models and strongly recommended to avoid payout holds. | NGN settlement; accepts NGN from domestic customers. USD accepted at 1% (cap ₦300) via supported channels. Cross-border card acceptance in 100+ presentment currencies. | T+1 next business day (standard). Faster settlement may be available to high-volume merchants. |
| Ghana | Ghana — merchants must have a registered Ghanaian business and GHS bank account. Mobile money (MTN, Vodafone, AirtelTigo) fully supported for both inbound and outbound. | GHS settlement. Currently Ghanaian businesses can only receive international payments in GHS. | T+1 next business day. |
| South Africa | South Africa — merchants must have SA registration and ZAR bank account. EFT supported alongside cards at a reduced 2% rate. | ZAR settlement. All fees are VAT-exclusive. | T+1 next business day. |
| Kenya | Kenya — merchants can settle in KES or USD. M-PESA (Safaricom) supported for both collections and disbursements; Lipa Na M-PESA max per-transaction KES 150,000 per Safaricom limits. | KES or USD settlement. | T+1 next business day. |
| Côte d'Ivoire | Côte d'Ivoire — licensed merchant acquirer. Mobile money (Orange, MTN, Moov, Wave) supported. | XOF settlement. All fees are VAT-exclusive. | T+1 next business day. |
| Egypt (early access) | Egypt — Payment Facilitator and PSP license from the Central Bank of Egypt. Early-access beta rollout; general availability pending. | EGP settlement. | Announced T+1; verify with Paystack onboarding for beta-merchant-specific schedule. |
| Rwanda (early access) | Rwanda — PSP authorisation from the National Bank of Rwanda. Early-access beta rollout. | RWF settlement. | Unpublished for beta merchants. |
| NOT available | Merchants outside the seven licensed markets above cannot sign up. Non-African businesses should use Stripe directly. Customers worldwide can pay into a Paystack-enabled African merchant via international cards or Apple Pay (priced at the higher international rate). | N/A | N/A |
Feature Snapshot
Cards (Visa, Mastercard, Verve, Amex)
All four schemes supported across all live markets. Verve is Nigeria-specific.
Bank Transfer (Pay with Bank)
Customer-initiated bank transfer channel in NG, GH, ZA.
USSD (Nigeria)
Nigeria-only channel; customer dials a USSD code to complete payment from mobile banking.
Mobile Money
Full support in GH (MTN, Vodafone, AirtelTigo), KE (M-PESA), CI (Orange, MTN, Moov, Wave). Not applicable in NG/ZA.
Apple Pay
Available to merchants in CI, GH, KE, NG, ZA for accepting payments from Apple Pay users in US/UK/Canada and other Apple Pay markets.
QR (Scan to Pay)
Customer scans a QR code inside their mobile banking app to pay. Supported in NG.
Subscriptions / Recurring
Plans + Subscriptions API for hourly/daily/weekly/monthly/yearly recurring charges with automatic retries.
Split Payments (Marketplace)
Single-split and Multi-split APIs credit subaccounts automatically per transaction — suitable for marketplaces and revenue-share.
Transfers / Payouts
Send money to bank accounts and mobile money wallets across all live markets via Transfers API.
Invoices
Create and send invoices from the dashboard or API; customer pays via hosted invoice page.
Payment Pages
No-code hosted payment pages for one-off or recurring collection, with Split Payments supported.
Storefront
No-code hosted storefront for selling products without building a site.
Webhooks (HMAC-SHA512)
Event webhooks signed via x-paystack-signature (HMAC-SHA512 of raw body with secret key). Retries every 3 min for 4 tries, then hourly for 72h.
Terminal / Virtual Terminal
In-person Terminal hardware plus Virtual Terminal (now live in CI, GH, KE, ZA) for merchant-initiated checkout links.
Direct Debit (Nigeria)
Recurring debit from Nigerian bank accounts via the local Direct Debit rails — priced at the local-transaction rate.
Pricing Breakdown
Security & Compliance
Integration Prompt
✂
Copy & use this 4568-char integration prompt
Production-ready prompt for Claude / GPT / Cursor — handles setup, security, webhooks & gotchas
Copy & use this 4568-char integration prompt
Production-ready prompt for Claude / GPT / Cursor — handles setup, security, webhooks & gotchas
You are building a Paystack integration for [Django / Next.js / Laravel / Rails / etc.]. Follow these rules exactly.
## Architecture
1. Use **Paystack Standard (redirect)** or **Paystack Inline (Popup)** — never build a custom card form. Paystack is PCI DSS Level 1; routing PAN data through your server removes that protection and makes YOU responsible for PCI scope.
2. Flow: `transaction/initialize` server-side → redirect/popup to `authorization_url` → customer pays → Paystack redirects to your `callback_url` with `?reference=...` → **your server calls `transaction/verify/{reference}` before fulfilling the order**. Never trust the client-returned reference.
3. Also subscribe to webhooks at `POST /paystack/webhook` for `charge.success`, `transfer.success`, `transfer.failed`, `subscription.create`, `invoice.payment_failed`, `chargeback.create`. Webhooks are the source of truth for async events; `verify` is the source of truth for the synchronous callback.
## Amounts (critical)
All amount fields are in the minor unit:
- NGN: kobo (₦1,000 = 100000)
- GHS: pesewas (GHS 10 = 1000)
- ZAR / KES: cents (R 10 = 1000)
- XOF: centimes (XOF 1,000 = 100000)
- EGP: piastres (EGP 10 = 1000)
Do all arithmetic in integer subunits. Never use floats for money.
## Webhook security (do not skip)
1. Verify `x-paystack-signature` = `HMAC-SHA512(raw_request_body, PAYSTACK_SECRET_KEY)` on every webhook. Use a constant-time comparison (`hmac.compare_digest` / `crypto.timingSafeEqual`).
2. Capture the **raw** request body before any JSON parsing:
- Django: build a middleware that stores `request.body` before any parser runs, OR disable `CSRF_TRUSTED_ORIGINS` on the webhook endpoint and read `request.body` directly in the view.
- Next.js App Router: `const raw = await req.text(); const body = JSON.parse(raw);` — never `await req.json()` first.
- Laravel: `$request->getContent()` before any middleware parses it.
- Express: `app.use('/paystack/webhook', express.raw({type: 'application/json'}), handler)`.
3. Additionally IP-allowlist Paystack's webhook IPs (fetch the current list from the Paystack dashboard — do not hardcode).
4. Return `200 OK` within 5 seconds. Queue any heavy work (email, fulfilment) to a background job — Paystack retries failed webhooks every 3 minutes for 4 attempts then hourly for 72 hours.
5. **Idempotency:** the same event may be delivered multiple times. Store `event.data.reference` (and `event.id` where present) in a processed-events table and short-circuit duplicates.
## Secrets
- Use `PAYSTACK_SECRET_KEY` server-side only (never exposed to browser bundles).
- Use `PAYSTACK_PUBLIC_KEY` only on the client for Inline/Popup init.
- Separate test and live keys; never commit either.
## Currency & country config
Each merchant country has different channels. Pass the correct `currency` (`NGN`/`GHS`/`ZAR`/`KES`/`XOF`/`EGP`) and, if constraining methods, the `channels` array (`['card','bank','mobile_money','ussd','bank_transfer','qr']`). Apple Pay requires extra domain verification via the dashboard.
## Development workflow
- Paystack does NOT accept `localhost` as a webhook URL. Use ngrok or Cloudflare Tunnel during local development and rotate the URL in the dashboard on each session, or keep a staging deploy with a stable URL.
- Test mode and live mode use separate secret keys. Test card PAN for NG: `4084 0840 8408 4081`.
## Subscriptions
- Create a `Plan` first, then create `Subscription` objects against customer email. Handle `subscription.disable`, `invoice.payment_failed`, and `invoice.create` webhooks to manage access state.
- For Nigeria, `Direct Debit` on local bank accounts is a first-class recurring channel at the local-transaction rate.
## Split payments (marketplace)
Use `Split` objects (`percentage` or `flat` types) attached to the transaction to route portions to multiple subaccounts in one charge. Platform fee lands in your main account automatically.
## Disputes (Nigeria)
Subscribe to `chargeback.create`. The CBN-mandated response window is **16 hours** — missing it auto-accepts the chargeback and deducts the amount plus a ₦2,500 fee. Page oncall on that event.
## Error handling
- Treat every non-2xx from Paystack as retryable with exponential backoff (3 attempts, 1s/5s/30s).
- Log `transaction/verify` responses — the `status`, `gateway_response`, `channel`, and `fees` fields are essential for reconciliation.
Deliver a minimal working integration: init → verify → webhook verified handler → idempotent fulfilment. Do not add features beyond those requested.
Replace [Django / Next.js / etc.] with your stack. Follows PCI DSS best practices and handles common edge cases.
Common Pitfalls
7 itemsNigerian settlement holds and KYC loops
Nigerian merchants routinely report payout holds of 30–60+ days triggered by risk or Acceptable Use Policy reviews. CAC (Corporate Affairs Commission) registration is effectively required for most business models; operating on personal/unregistered accounts is the #1 driver of freezes. Register the business with CAC before going live and keep BVN/ID docs ready for re-verification requests.
Support latency on risk/payout tickets
Trustpilot and PissedConsumer reviews repeatedly cite multi-day silence on settlement-hold escalations and repeated document requests. Integration/API tickets are handled faster. Plan for 3–10 business days when raising a payout dispute; CC the merchant success contact if you have one.
Webhook signature verification breaks on parsed bodies
Webhook signatures (HMAC-SHA512 of the raw body with your secret key) must be computed against the raw request body. Next.js App Router and Django's default JSON parsing consume the body before you can hash it. Always capture the raw body before any JSON parsing (bodyParser: false, request.body as stream, or middleware order) or verification will silently fail with 400s.
No localhost webhook URLs in dashboard
Paystack does not accept http://localhost as a webhook URL. Use ngrok, Cloudflare Tunnel, or a deployed staging endpoint during development. This catches first-time integrators off guard.
Idempotency on reference is mandatory
Webhook retries deliver the same charge.success event multiple times (every 3 min for 4 tries, then hourly for 72h until 200 OK). Handlers must be idempotent on the transaction reference, or you'll fulfill the same order twice. Never trust the client-returned reference — always call /transaction/verify from the server before fulfillment.
Amounts are in subunits (kobo/pesewas/cents)
All Paystack amount fields are in the currency's minor unit: kobo for NGN, pesewas for GHS, cents for ZAR/KES, centimes for XOF, piastres for EGP. ₦1,000 = 100000. Floating-point math on the client before conversion has caused production-hitting off-by-100 bugs.
Chargeback response window is 16h on Nigerian transactions
Per CBN regulation the response window was tightened from 24h to 16h. Missing the window auto-accepts the chargeback and deducts the full amount plus the ₦2,500 fee from your balance. Set up alerting on the chargeback.create webhook event.
Community Pulse
The developer community consistently praises Paystack's API design and documentation as the gold standard in African payments — the Stripe-acquisition DNA shows in clean REST semantics, reliable sandbox, and predictable webhook events. Complaints concentrate almost entirely on operational friction for Nigerian merchants: multi-week settlement holds, CAC-registration surprises, and slow responses on risk/payout tickets. Trustpilot, PissedConsumer, and Capterra reviews converge on the same split verdict — 'excellent product, frustrating when something goes wrong with your account.' Developers building across borders often pair Paystack with Flutterwave, using Paystack where it's live for cleaner integration and Flutterwave for markets Paystack doesn't yet cover.
Sentiment last updated: April 2026 · We summarize — never copy — community content. Links go to original threads.
Changelog
-
logo
downloaded from https://commons.wikimedia.org/wiki/File:Paystack_Logo.svg — rendered to 400×72 transparent PNG via resvg_py; avg brightness 51.1 (dark logo) so logo_bg left empty
-
pricing
initial pricing entries for all 6 live markets (NG/GH/ZA/KE/CI/EG) including local, international, transfer, and chargeback fees
-
availability
initial availability rows — 5 live markets (NG, GH, KE, ZA, CI) + 2 early-access (EG, RW) + NOT-available row
-
features
initial feature list — 15 features covering cards, bank, USSD, MoMo, Apple Pay, QR, Subs, Split, Transfers, Invoices, Pages, Storefront, Webhooks, Terminal, Direct Debit
-
security
initial security entries — PCI DSS L1, ISO 27001:2022, ISO 27701:2019, 3DS2, webhook HMAC-SHA512, 2FA, regulatory licenses
-
pitfalls
initial 7 pitfalls — NG settlement holds, support latency, webhook raw-body parsing, no localhost webhooks, idempotency on reference, subunit amounts, CBN 16h chargeback window
-
community_pulse
initial synthesis from Trustpilot, PissedConsumer, Capterra, developer blogs, and TechAfrica News (no direct Reddit threads indexed for Paystack-specific discussions)
-
trust_score
initial weighted trust score 74 — high marks for developer experience (90) and track record (86); lower for support (55) and account stability (65) driven by NG-specific complaints
-
integration_prompt
initial integration prompt covering init/verify flow, webhook HMAC-SHA512 with raw-body handling, subunit amounts, split payments, NG chargeback window
LearnWithHasan.com · Payment Gateway Index · No affiliate links · Builder-first