Skip to main content
Before you write a single line of integration code, you need a Payzah merchant account and a private API key. This page walks you through registration, explains your security responsibilities, and shows you exactly how to pass your key in API requests.

Merchant Registration

To use the Payzah API, you must first register as a merchant:
1

Create Your Account

Visit payzah.com and complete the merchant registration form. Provide your business details accurately — they will appear on the hosted payment page shown to your customers.
2

Receive Your Private API Key

Once your account is approved, Payzah assigns you a private API key tied exclusively to your business. Store it immediately in a secure location.
3

Verify Your Setup

Confirm you can authenticate against the Payzah API using your key before proceeding to integration. A failed authentication at this stage means your key was not transmitted correctly — review the authorization format below.

Technical Requirements

Payzah’s REST API works with any environment capable of making HTTPS requests. Official support and examples are available for the following languages and platforms:

JSP

JavaServer Pages — suitable for Java EE web applications.

ASP.NET

Microsoft’s web framework for C# and VB.NET applications.

PHP

Widely supported server-side scripting for web applications.

Java

Standalone Java applications and frameworks such as Spring.
Even if your stack isn’t listed above, any language that can make HTTPS POST requests and handle JSON responses is compatible with the Payzah API.

API Key Security

Your private API key grants full access to payment operations on your account. Treat it with the same care as a password.
Never share your private API key. Do not commit it to version control, expose it in client-side code, or include it in public documentation. Your key is assigned to your business only — you are solely responsible for securing the environment in which it is stored and used.

If Your Key Is Compromised

If you suspect your API key has been exposed or misused, act immediately: Payzah will deactivate your current key and issue a new one. Until your compromised key is deactivated, any transactions registered through it on the Payzah platform remain the responsibility of your account.
Payzah is accountable only for transactions registered on its platform. Securing your server environment, API key storage, and application code is entirely your responsibility.

Authenticating API Requests

Every request to the Payzah API must include your private API key as a Base64-encoded value in the Authorization header.

Encoding Your Key

Encode your raw private API key using standard Base64 encoding: 
echo -n "your_private_api_key" | base64

Passing the Header

Include the encoded value in the Authorization header of every API request: 
POST /api/payment/initiate HTTP/1.1
Host: api.payzah.com
Authorization: your_base64_encoded_key
Content-Type: application/json

const response = await fetch("https://api.payzah.com/api/payment/initiate", {
  method: "POST",
  headers: {
    "Authorization": btoa("your_private_api_key"),
    "Content-Type": "application/json",
  },
  body: JSON.stringify(payload),
});

<?php
$apiKey = base64_encode("your_private_api_key");

$ch = curl_init("https://api.payzah.com/api/payment/initiate");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Authorization: " . $apiKey,
    "Content-Type: application/json",
]);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
Authorization
string
required
Your private API key encoded in Base64. This header is required on every API request. Requests without a valid Authorization header will be rejected.

Next Steps

Once your account is active and you understand your key security obligations, you’re ready to choose your integration method.

Integration Methods

Compare Transit Payment Page and Direct Integration to decide which approach fits your project.

Introduction

Return to the overview to revisit the full picture of how Payzah works.