Authentication

The ZuriPay API supports two authentication methods: API keys for server-to-server payment integrations and JWT tokens for dashboard/user-facing applications.

API-KEYServer-to-Server

API key authentication

API keys are the primary authentication method for payment processing. They are passed in the Authorization header as a Bearer token.

API key formats

  • Test keys: sk_test_* or pk_test_*
  • Live keys: sk_live_* or pk_live_*

Test keys operate in sandbox mode and do not process real payments. Live keys process real transactions and require business verification.

Key types

  • Secret keys (sk_*): Used for server-side operations. Never expose these in client-side code.
  • Public keys (pk_*): Used for client-side operations like checkout initialization.

Using API keys

curl -X POST https://api.zuripay.app/v1/transactions \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 1000,
    "email": "[email protected]",
    "currency": "USD"
  }'

Security Best Practice: Never expose secret API keys (sk_*) in client-side code, mobile apps, or public repositories. Use them only in secure server environments.

JWTDashboard/User Access

JWT authentication

JWT authentication is used for user-facing applications like the ZuriPay Dashboard. Obtain tokens via the login endpoint.

Login

Authenticate a user and receive access and refresh tokens.

Required headers

  • Name
    User-Type
    Type
    string
    Description

    Type of user authenticating: user or adminuser.

  • Name
    Content-Type
    Type
    string
    Description

    Must be application/json.

Required attributes

  • Name
    email
    Type
    string
    Description

    User's email address (or use username instead).

  • Name
    password
    Type
    string
    Description

    User's password.

Request

POST
/v1/auth/login
curl -X POST https://api.zuripay.app/v1/auth/login \
  -H "User-Type: user" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your_password"
  }'

Response

{
  "result": "success",
  "message": "You have successfully logged in!",
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Environments

ZuriPay provides two environments for different stages of your integration:

EnvironmentBase URLAPI Keys
Test/Sandboxhttps://staging.zuripay.appsk_test_* / pk_test_*
Live/Productionhttps://api.zuripay.appsk_live_* / pk_live_*

The environment is automatically determined by the API key prefix. Test keys route to the sandbox environment, while live keys route to production.

Going live

To switch from test to live mode:

  1. Complete business verification in the dashboard
  2. Submit a Go Live Request under Settings > API Keys
  3. Replace your test keys with live keys in your server configuration

Test mode simulates payment flows without processing real transactions. All test transactions use the same API endpoints -- only the API key determines the environment.

Was this page helpful?