> ## Documentation Index
> Fetch the complete documentation index at: https://docs.payzah.site/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Payzah Payment Gateway API: Authentication & Endpoints

> Authenticate with a Base64-encoded private key, set the correct base URL for your environment, and include the required headers on every request.

The Payzah Payment Gateway API uses a simple key-based authentication scheme. Every request you send must carry your private key, Base64-encoded, in the `Authorization` header alongside a `Content-Type: application/json` header. You choose between the test and production base URLs depending on your integration stage. All request and response bodies are JSON.

## Authentication

Payzah authenticates your requests by reading the `Authorization` header. You must Base64-encode your private key and pass it as the header value — no `Bearer` prefix, no additional wrapper.

<Warning>
  Never expose your private key in client-side code, public repositories, or
  error logs. Treat it with the same care as a password. If you suspect your
  key has been compromised, contact Payzah support immediately to rotate it.
</Warning>

The examples below show how to build the header in PHP and with cURL:

```php theme={null}
<?php
$privateKey  = 'your_private_key_here';
$encodedKey  = base64_encode($privateKey);

$headers = [
    'Content-Type: application/json',
    'Authorization: ' . $encodedKey,
];

$ch = curl_init('https://development.payzah.net/ws/paymentgateway/index');
curl_setopt($ch, CURLOPT_HTTPHEADER,     $headers);
curl_setopt($ch, CURLOPT_POST,           true);
curl_setopt($ch, CURLOPT_POSTFIELDS,     json_encode($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);
```

```bash theme={null}
curl --request POST \
  --url https://development.payzah.net/ws/paymentgateway/index \
  --header 'Content-Type: application/json' \
  --header "Authorization: $(echo -n 'your_private_key_here' | base64)" \
  --data '{
    "trackid": "ORDER-1001",
    "amount": "11.250",
    "currency": "414",
    "success_url": "https://yourstore.com/success",
    "error_url": "https://yourstore.com/error"
  }'
```

## Base URLs

Use the **test** base URL while you are building and validating your integration. Switch to the **production** base URL only when you are ready to accept live payments.

| Environment | Base URL                           |
| ----------- | ---------------------------------- |
| Test        | `https://development.payzah.net`   |
| Production  | `https://payzah.net/production770` |

All endpoint paths are identical across environments — only the base URL changes.

## Required Request Headers

Include both of the following headers on every API request:

| Header          | Value                                                           |
| --------------- | --------------------------------------------------------------- |
| `Content-Type`  | `application/json`                                              |
| `Authorization` | `base64_encode($privateKey)` — your private key, Base64-encoded |

## Next Steps

Once your headers are in place, choose the payment initialization method that fits your checkout flow:

* **[Initialize Transit](/api-reference/initialize-transit)** — redirect customers to Payzah's hosted payment page, which supports all payment methods including Apple Pay (`payment_type=3`).
* **[Initialize Direct](/api-reference/initialize-direct)** — embed a direct link for K-Net (`payment_type=1`) or Credit Card (`payment_type=2`) without a hosted page.
* **[Payment Status](/api-reference/payment-status)** — verify a transaction's outcome after the customer is redirected back to your site.