Skip to main content
The Payzah Payment Gateway API uses a simple key-based authentication scheme. Every request you send must carry your private key, Base64-encoded, in the Authorization header alongside a Content-Type: application/json header. You choose between the test and production base URLs depending on your integration stage. All request and response bodies are JSON.

Authentication

Payzah authenticates your requests by reading the Authorization header. You must Base64-encode your private key and pass it as the header value — no Bearer prefix, no additional wrapper.
Never expose your private key in client-side code, public repositories, or error logs. Treat it with the same care as a password. If you suspect your key has been compromised, contact Payzah support immediately to rotate it.
The examples below show how to build the header in PHP and with cURL: 
<?php
$privateKey  = 'your_private_key_here';
$encodedKey  = base64_encode($privateKey);

$headers = [
    'Content-Type: application/json',
    'Authorization: ' . $encodedKey,
];

$ch = curl_init('https://development.payzah.net/ws/paymentgateway/index');
curl_setopt($ch, CURLOPT_HTTPHEADER,     $headers);
curl_setopt($ch, CURLOPT_POST,           true);
curl_setopt($ch, CURLOPT_POSTFIELDS,     json_encode($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);

curl --request POST \
  --url https://development.payzah.net/ws/paymentgateway/index \
  --header 'Content-Type: application/json' \
  --header "Authorization: $(echo -n 'your_private_key_here' | base64)" \
  --data '{
    "trackid": "ORDER-1001",
    "amount": "11.250",
    "currency": "414",
    "success_url": "https://yourstore.com/success",
    "error_url": "https://yourstore.com/error"
  }'

Base URLs

Use the test base URL while you are building and validating your integration. Switch to the production base URL only when you are ready to accept live payments.
EnvironmentBase URL
Testhttps://development.payzah.net
Productionhttps://payzah.net/production770
All endpoint paths are identical across environments — only the base URL changes.

Required Request Headers

Include both of the following headers on every API request:
HeaderValue
Content-Typeapplication/json
Authorizationbase64_encode($privateKey) — your private key, Base64-encoded

Next Steps

Once your headers are in place, choose the payment initialization method that fits your checkout flow:
  • Initialize Transit — redirect customers to Payzah’s hosted payment page, which supports all payment methods including Apple Pay (payment_type=3).
  • Initialize Direct — embed a direct link for K-Net (payment_type=1) or Credit Card (payment_type=2) without a hosted page.
  • Payment Status — verify a transaction’s outcome after the customer is redirected back to your site.