KRA — Validate PIN
Validate a KRA PIN against the live KRA API. JSON request, no file upload.
Endpoint
POSThttps://gateway.startappz.co.ke/api/v1/sandbox/kra-validate-pin
Swap sandbox for live once you have production credentials.
Authentication
Send your credentials as headers:
| Header | Value |
|---|---|
X-API-Key | Your public key |
X-API-Secret | Your secret (shown once at issue time) |
Request parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
kra_pin |
String | required | KRA PIN in `A123456789B` format. |
Response parameters
All responses follow the standard envelope: { code, message, data }.
| Field | Type | Description |
|---|---|---|
code | String | Internal status code (e.g. 200.001). |
message | String | Human-readable status / error description. |
data | Object | Endpoint-specific payload (fields below). |
data.valid |
Boolean | True when the PIN is registered with KRA. |
data.kra_pin |
String | Echo of the submitted PIN. |
data.taxpayer_name |
String | Registered taxpayer name. |
data.station |
String | Tax station. |
Sandbox masking
By default, sandbox responses mask PII (names, IDs, dates, phone numbers). You can grant unmasked consent per key from your dashboard.