Verify — KRA PIN
Extract a KRA PIN certificate and (optionally) cross-check the PIN against KRA records.
Endpoint
POSThttps://gateway.startappz.co.ke/api/v1/sandbox/verify-kra-pin
Swap sandbox for live once you have production credentials.
Authentication
Send your credentials as headers:
| Header | Value |
|---|---|
X-API-Key | Your public key |
X-API-Secret | Your secret (shown once at issue time) |
Request parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
file |
File (multipart) | required | Image / PDF of the KRA PIN certificate. |
Response parameters
All responses follow the standard envelope: { code, message, data }.
| Field | Type | Description |
|---|---|---|
code | String | Internal status code (e.g. 200.001). |
message | String | Human-readable status / error description. |
data | Object | Endpoint-specific payload (fields below). |
data.extracted.pin |
String | KRA PIN (`A123456789Z` format). |
data.extracted.taxpayer_name |
String | Registered taxpayer name. |
data.extracted.station |
String | Tax station. |
data.kra_validation.valid |
Boolean | True when the PIN exists in KRA records. |
Sandbox masking
By default, sandbox responses mask PII (names, IDs, dates, phone numbers). You can grant unmasked consent per key from your dashboard.