Developer
Masjid Fikra Public API
Server-to-server REST API for masjids on Masjid Fikra. Use a secret API key minted in the portal under Settings → Developer to read your masjid data and start checkout sessions on your masjid's connected Stripe account.
Authentication
Every request must include a secret bearer key in the Authorization header:
Authorization: Bearer mfk_sec_live_<your-key>
Mint a key in the portal at Settings → Developer. Each key is scoped to a single masjid, can be rotated with a 7-day grace window, and exposes only the scopes you select.
Servers
https://api.masjidfikra.com/v1— Productionhttps://api-dev.masjidfikra.com/v1— Dev
Scopes
Scopes are pinned to each API key at mint time. Any /v1 endpoint that requires a scope the key doesn't carry returns 403 INSUFFICIENT_SCOPE.
| read:masjid | Read masjid identity + contact info. |
| read:donation_types | Read configured donation buckets. |
| read:membership_tiers | Read public membership tiers. |
| read:donations | Read donation history (PII included). |
| read:members | Read member roster (PII included). |
| read:forms | Read form definitions and submissions. |
| read:events | Read calendar events. |
| write:checkout | Create Stripe Checkout sessions. |
| write:forms | Submit forms on behalf of a user. |
| prayer.read | Read computed adhan + iqamah times (for displays, mosque finders, voice assistants). |
Pagination
List endpoints return { data, hasMore, nextCursor }. To fetch the next page, call the same endpoint with ?starting_after=<nextCursor>. Records are ordered createdAt DESC, id DESC.
Endpoints
/v1/checkout/donation/v1/checkout/membership/v1/donation-types/v1/donations/v1/donations/{id}/v1/events/v1/forms/v1/forms/{type}/v1/forms/{type}/submissions/v1/masjid/v1/masjids/{slug}/prayer-times/v1/masjids/{slug}/prayer-times/today/v1/members/v1/members/{id}/v1/membership-tiersExamples
List donations
curl https://api.masjidfikra.com/v1/donations?limit=10 \ -H "Authorization: Bearer mfk_sec_live_<your-key>"
Start a donation checkout session
curl -X POST https://api.masjidfikra.com/v1/checkout/donation \
-H "Authorization: Bearer mfk_sec_live_<your-key>" \
-H "Content-Type: application/json" \
-d '{
"donationTypeId": "00000000-0000-0000-0000-000000000000",
"amountCents": 5000,
"donorEmail": "donor@example.com",
"successUrl": "https://iswamasjid.org/thanks",
"cancelUrl": "https://iswamasjid.org/donate"
}'Note: successUrl and cancelUrl must exactly match a redirect URI registered on the API key in the portal.
Fetch prayer times (next 7 days)
curl https://api.masjidfikra.com/v1/masjids/<slug>/prayer-times?end=2026-05-07 \ -H "Authorization: Bearer mfk_sec_live_<your-key>"
Times are returned as HH:MM 24-hour strings in the masjid's local timezone (not UTC). Each day carries a source field: computed means the time came straight from the calculation method, override means at least one prayer was hand-edited by the masjid for that date, and manual means the masjid uses method=manual and the entire row is taken from per-day stored values. Sample response:
{
"masjid": { "slug": "iswa", "name": "ISWA Masjid", "timezone": "America/New_York" },
"config": { "method": "ISNA", "latitude": 42.36, "longitude": -71.06 },
"days": [
{
"date": "2026-05-01",
"adhan": {
"fajr": "04:45",
"sunrise": "06:01",
"dhuhr": "12:48",
"asr": "16:42",
"maghrib": "19:35",
"isha": "21:01"
},
"iqama": {
"fajr": "05:00", "dhuhr": "13:00", "asr": "17:00",
"maghrib": "19:40", "isha": "21:15"
},
"jumuah": [],
"source": "computed"
}
]
}Spec
The full machine-readable OpenAPI 3.1 spec lives at api.masjidfikra.com/v1/openapi.json. Drop it into Postman, Insomnia, or any code generator.