Skip to main content

Commerce API

Let's explore zazpay solutions for creating sales.

Authentication

Zazpay's Commerce API uses OpenID Connect for authentication and OAuth 2.0 for authorization. This industry-standard approach ensures secure and standardized access to our API services.

Overview

  • OpenID Connect: Provides identity layer for authentication
  • OAuth 2.0: Handles authorization and access control
  • Bearer Tokens: Used for API requests after successful authentication

Required Credentials

Before integrating with zazpay's API, you'll need:

  • Client ID: Unique identifier for your application
  • Client Secret: Confidential credential for server-side applications
  • Redirect URI: Valid callback URL for authorization responses

Getting Started

To begin integration:

  1. Contact zazpay support to register your application
  2. Receive your client credentials
  3. Configure your redirect URIs
  4. Implement the OAuth 2.0 authorization flow Refer to the token guide in auth.md. The token server base URL is environment-specific and typically https://auth.server.zazpay.mx in production.

API Endpoints

Once you have obtained your access token, you can interact with our Commerce API using the following endpoints:

Create a Sale

POST /commerce/generate-sale

Creates a new sale request. This endpoint initiates the payment process and returns a sale ID that you can use to track the transaction.

Retrieve Sale Status

POST /commerce/transaction-status

Retrieves the current status of a sale using the folio.

Cancel a Sale

POST /commerce/cancel-transaction

Cancels a sale that hasn't been accepted yet.

POST /sale-link/generate

Creates a sale link for web component integration. This endpoint allows merchants to generate a payment link that can be embedded in their POS system using an iframe or webview.

See api-zazpay/web-component.md for request parameters, embedding guidance, and the GET /sale-link/validate endpoint.

Sandbox

See api-zazpay/sandbox.md for detailed sandbox behavior, test matrices, and the web component flow specifics.

Webhooks

See api-zazpay/webhooks.md for configuration, security (HMAC/Bearer), and payload fields.