Provision Kua HR companies, employees, and payroll runs from your own platform. REST, signed webhooks, sandbox-first.
Every endpoint, every example response, every webhook payload — interactively explorable.
No SDK install needed. The API speaks plain JSON over HTTPS, and the response shape is the same for every endpoint — so the parser you write today still works for the endpoint we ship next quarter.
Email engineering@kuahr.com for partner access, or generate a tenant key inside your Kua dashboard under Settings → Developer.
Build against sandbox-api.kuahr.com. The schema and code paths are identical to api.kuahr.com. No real Naira moves.
Authenticate with a Bearer token, send an Idempotency-Key, and get JSON back with the predictable success envelope.
curl -X POST https://sandbox-api.kuahr.com/api/v1/partner/companies \
-H "Authorization: Bearer pk_sandbox_abc12345..." \
-H "Idempotency-Key: $(uuidgen)" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Nigeria Ltd",
"rcNumber": "RC1234567",
"admin": {
"email": "founder@acme.ng",
"firstName": "Ada",
"lastName": "Okafor"
}
}'Swap pk_sandbox_ for pk_live_ and sandbox-api for api when you go live.
Everything an HR admin can do from the Kua dashboard, you can do from your own product. Your customers never need to leave your UI to get paid.
Create a Kua HR tenant on behalf of your customer in one call. Co-branded onboarding email is sent automatically.
Add, update, and offboard employees. Records are preserved for audit and payslip history.
Calculate gross, PAYE, pension, NHF, BIK, and net pay. Submission stays a deliberate human step in-dashboard.
Stop polling. Get HMAC-signed events for company.created, employee.added, payroll.run.completed and more.
Partner keys (pk_*) for platforms managing many companies. Tenant keys (ck_*) for a single company integrating its own systems.
Identical code paths to live, with stub disbursement. pk_sandbox_* keys can never touch real money.
Idempotency, signed webhooks, sandbox isolation, rate-limit headers — wired in from day one so you can spend your time on the integration, not the plumbing.
Keys are SHA-256 hashed at rest. Validation uses constant-time comparison against the prefix index.
Send the same Idempotency-Key on retries — same body replays the original response, different body returns 409.
Every delivery carries a t=…,v1=… signature header. Verify against the raw body inside a 5-minute window.
Spec ships with hand-written request and response examples for every endpoint, plus a top-level webhooks section.
HMAC-SHA256 over the raw request body, signed with your endpoint's secret. Reject anything more than five minutes old, and compare with a constant-time check.
X-Kua-Event: payroll.run.completed
X-Kua-Delivery-ID: 42198
X-Kua-Signature: t=1714387200,v1=8a4f8c1d…
// Verify
const signed = `${t}.${rawBody}`;
const expected = hmac("sha256", secret, signed);
crypto.timingSafeEqual(v1, expected); // → trueFor platforms managing payroll on behalf of many businesses.
For a single company syncing its own HR or accounting tools.
Everything you need is in the reference. Spec, examples, error codes, webhook payloads — all interactive.