API Reference

Complete reference documentation for all ZoPay API endpoints. All endpoints require authentication using API keys and HMAC signatures.

💡

Base URLs: Sandbox: http://localhost:9000 | Production: https://api.zopay.com. All /api/v1/* endpoints require the 6 authentication headers. See Using the API for details.

Authentication

All /api/v1/* endpoints require the following headers:

x-zo-key - Your API key
x-zo-timestamp - Unix timestamp in seconds
x-zo-nonce - Unique random string (UUID recommended)
x-zo-origin - Your verified domain or allowed IP
x-zo-signature - HMAC-SHA256 signature
x-zo-version - API version ("1.0")

For detailed authentication instructions, see Using the API.

Collections

POST/api/v1/wallets/quote

Create a quote for a collection or disbursement transaction

Details

POST/api/v1/wallets/collect

Execute a collection (receive payment from customer)

Details

GET/api/v1/wallets/transactions/:id

Get transaction status and details

Details

Disbursements

POST/api/v1/disbursements/execute

Execute a disbursement (send payment to recipient)

Details

GET/api/v1/disbursements/:id

Get disbursement status and details

Details

GET/api/v1/disbursements

List all disbursements with filters and pagination

Details

POST/api/v1/disbursements/bulk

Process multiple disbursements from a CSV file

Details

Refunds

POST/api/v1/refunds

Create a refund for a completed transaction

Details

GET/api/v1/refunds/:id

Get refund status and details

Details

Wallet

GET/wallet/summary

Get wallet balance summary and overview

GET/wallet/activity

Get recent wallet activity and transactions

Response Codes

Code	Description
`200 OK`	Request successful
`201 Created`	Resource created successfully
`202 Accepted`	Request accepted for processing
`400 Bad Request`	Invalid request parameters
`401 Unauthorized`	Authentication failed
`403 Forbidden`	IP/domain not allowlisted or access denied
`404 Not Found`	Resource not found
`409 Conflict`	Resource already exists or conflict
`429 Too Many Requests`	Rate limit exceeded
`500 Internal Server Error`	Server error

Rate Limiting

The default rate limit is 100 requests per minute per merchant. When exceeded, you'll receive a 429 Too Many Requests response with a retry_after header indicating how many seconds to wait.

💡

Rate Limit Best Practice: Implement exponential backoff when handling 429 responses. Wait for the duration specified in the retry_after header before retrying your request.

Detailed Documentation

For detailed endpoint documentation with request/response examples, see:

Collections Documentation - Complete guide for receiving payments
Disbursements Documentation - Complete guide for sending payments
Refunds Documentation - Complete guide for processing refunds
Webhooks Documentation - Real-time event notifications

API Reference

Complete reference documentation for all ZoPay API endpoints. All endpoints require authentication using API keys and HMAC signatures.

💡

Base URLs: Sandbox: http://localhost:9000 | Production: https://api.zopay.com. All /api/v1/* endpoints require the 6 authentication headers. See Using the API for details.

Authentication

All /api/v1/* endpoints require the following headers:

x-zo-key - Your API key
x-zo-timestamp - Unix timestamp in seconds
x-zo-nonce - Unique random string (UUID recommended)
x-zo-origin - Your verified domain or allowed IP
x-zo-signature - HMAC-SHA256 signature
x-zo-version - API version ("1.0")

For detailed authentication instructions, see Using the API.

Collections

POST/api/v1/wallets/quote

Create a quote for a collection or disbursement transaction

Details

POST/api/v1/wallets/collect

Execute a collection (receive payment from customer)

Details

GET/api/v1/wallets/transactions/:id

Get transaction status and details

Details

Disbursements

POST/api/v1/disbursements/execute

Execute a disbursement (send payment to recipient)

Details

GET/api/v1/disbursements/:id

Get disbursement status and details

Details

GET/api/v1/disbursements

List all disbursements with filters and pagination

Details

POST/api/v1/disbursements/bulk

Process multiple disbursements from a CSV file

Details

Refunds

POST/api/v1/refunds

Create a refund for a completed transaction

Details

GET/api/v1/refunds/:id

Get refund status and details

Details

Wallet

GET/wallet/summary

Get wallet balance summary and overview

GET/wallet/activity

Get recent wallet activity and transactions

Response Codes

Code	Description
`200 OK`	Request successful
`201 Created`	Resource created successfully
`202 Accepted`	Request accepted for processing
`400 Bad Request`	Invalid request parameters
`401 Unauthorized`	Authentication failed
`403 Forbidden`	IP/domain not allowlisted or access denied
`404 Not Found`	Resource not found
`409 Conflict`	Resource already exists or conflict
`429 Too Many Requests`	Rate limit exceeded
`500 Internal Server Error`	Server error

Rate Limiting

The default rate limit is 100 requests per minute per merchant. When exceeded, you'll receive a 429 Too Many Requests response with a retry_after header indicating how many seconds to wait.

💡

Rate Limit Best Practice: Implement exponential backoff when handling 429 responses. Wait for the duration specified in the retry_after header before retrying your request.

Detailed Documentation

For detailed endpoint documentation with request/response examples, see:

Collections Documentation - Complete guide for receiving payments
Disbursements Documentation - Complete guide for sending payments
Refunds Documentation - Complete guide for processing refunds
Webhooks Documentation - Real-time event notifications