> ## Documentation Index
> Fetch the complete documentation index at: https://docs.payzah.site/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Payzah Account Setup: Merchant Registration and API Key

> Everything you need before writing integration code: register your business, secure your private API key, and format the Authorization header correctly.

Before you write a single line of integration code, you need a Payzah merchant account and a private API key. This page walks you through registration, explains your security responsibilities, and shows you exactly how to pass your key in API requests.

## Merchant Registration

To use the Payzah API, you must first register as a merchant:

<Steps>
  <Step title="Create Your Account">
    Visit [payzah.com](https://payzah.com) and complete the merchant registration form. Provide your business details accurately — they will appear on the hosted payment page shown to your customers.
  </Step>

  <Step title="Receive Your Private API Key">
    Once your account is approved, Payzah assigns you a private API key tied exclusively to your business. Store it immediately in a secure location.
  </Step>

  <Step title="Verify Your Setup">
    Confirm you can authenticate against the Payzah API using your key before proceeding to integration. A failed authentication at this stage means your key was not transmitted correctly — review the authorization format below.
  </Step>
</Steps>

## Technical Requirements

Payzah's REST API works with any environment capable of making HTTPS requests. Official support and examples are available for the following languages and platforms:

<CardGroup cols={2}>
  <Card title="JSP" icon="java">
    JavaServer Pages — suitable for Java EE web applications.
  </Card>

  <Card title="ASP.NET" icon="microsoft">
    Microsoft's web framework for C# and VB.NET applications.
  </Card>

  <Card title="PHP" icon="php">
    Widely supported server-side scripting for web applications.
  </Card>

  <Card title="Java" icon="mug-hot">
    Standalone Java applications and frameworks such as Spring.
  </Card>
</CardGroup>

<Tip>
  Even if your stack isn't listed above, any language that can make HTTPS POST requests and handle JSON responses is compatible with the Payzah API.
</Tip>

## API Key Security

Your private API key grants full access to payment operations on your account. Treat it with the same care as a password.

<Warning>
  **Never share your private API key.** Do not commit it to version control, expose it in client-side code, or include it in public documentation. Your key is assigned to your business only — you are solely responsible for securing the environment in which it is stored and used.
</Warning>

### If Your Key Is Compromised

If you suspect your API key has been exposed or misused, act immediately:

* **Email:** [info@payzah.com](mailto:info@payzah.com)
* **Phone:** +965 22410760 *(available during working hours)*

Payzah will deactivate your current key and issue a new one. Until your compromised key is deactivated, any transactions registered through it on the Payzah platform remain the responsibility of your account.

<Note>
  Payzah is accountable only for transactions registered on its platform. Securing your server environment, API key storage, and application code is entirely your responsibility.
</Note>

## Authenticating API Requests

Every request to the Payzah API must include your private API key as a Base64-encoded value in the `Authorization` header.

### Encoding Your Key

Encode your raw private API key using standard Base64 encoding:

```bash theme={null}
echo -n "your_private_api_key" | base64
```

### Passing the Header

Include the encoded value in the `Authorization` header of every API request:

```http theme={null}
POST /api/payment/initiate HTTP/1.1
Host: api.payzah.com
Authorization: your_base64_encoded_key
Content-Type: application/json
```

```javascript theme={null}
const response = await fetch("https://api.payzah.com/api/payment/initiate", {
  method: "POST",
  headers: {
    "Authorization": btoa("your_private_api_key"),
    "Content-Type": "application/json",
  },
  body: JSON.stringify(payload),
});
```

```php theme={null}
<?php
$apiKey = base64_encode("your_private_api_key");

$ch = curl_init("https://api.payzah.com/api/payment/initiate");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Authorization: " . $apiKey,
    "Content-Type: application/json",
]);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
```

<ParamField header="Authorization" type="string" required>
  Your private API key encoded in Base64. This header is required on every API request. Requests without a valid `Authorization` header will be rejected.
</ParamField>

## Next Steps

Once your account is active and you understand your key security obligations, you're ready to choose your integration method.

<CardGroup cols={2}>
  <Card title="Integration Methods" icon="code-branch" href="/getting-started/integration-methods">
    Compare Transit Payment Page and Direct Integration to decide which approach fits your project.
  </Card>

  <Card title="Introduction" icon="house" href="/introduction">
    Return to the overview to revisit the full picture of how Payzah works.
  </Card>
</CardGroup>