Every API request requires authentication using your unique API token. Never expose this token in client-side code (like HTML or JavaScript) as it provides full access to create orders on your behalf.
Log in to your Merchant Dashboard → Navigate to Developers → Copy your API Token.
You can pass the token in two ways:
X-Api-Token: YOUR_API_TOKEN
user_token = "YOUR_API_TOKEN"
When a customer initiates a checkout, call this API from your backend server. This will generate a unique payment session and return a payment_url. You must redirect the customer to this URL to complete the payment.
| Parameter | Required | Description |
|---|---|---|
| user_token string | Required | Your unique authorization access token. |
| amount decimal | Required | The exact checkout amount in INR (e.g., 500.00). Max limit 100,000. |
| order_id string | Required | A unique order reference generated by your system (e.g., ORD-987654321). Cannot be duplicated. Max 100 chars. |
| redirect_url url | Required | The webhook/callback URL on your server where we will send payment updates via POST request. |
| customer_mobile string | Optional | 10-digit mobile number of the customer for reference. |
| description string | Optional | Order description or plan name shown to the customer. Max 255 chars. |
| remark1 string | Optional | Custom Note 1. Great for storing extra data like customer email (e.g. customer@gmail.com). |
| remark2 string | Optional | Custom Note 2. Good for internal tracking (e.g. Product XYZ). |
<?php $ch = curl_init('https://zozogateway.com/api/create-order'); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, [ 'user_token' => 'YOUR_API_TOKEN', 'amount' => 500, 'order_id' => 'ORD_' . time(), 'redirect_url' => 'https://your-site.com/callback', 'customer_mobile' => '9876543210', 'remark1' => 'customer@gmail.com', 'description' => 'Premium Plan', ]); $response = json_decode(curl_exec($ch), true); if ($response['status']) { // Redirect to payment gateway header('Location: ' . $response['payment_url']); exit; }
const axios = require('axios'); const createOrder = async () => { const res = await axios.post('https://zozogateway.com/api/create-order', { user_token: 'YOUR_API_TOKEN', amount: 500, order_id: 'ORD_12345', redirect_url: 'https://your-site.com/callback', customer_mobile: '9876543210', remark1: 'customer@gmail.com', description: 'Premium Plan' }); if (res.data.status) { // Redirect client to res.data.payment_url console.log(`Redirecting to: ${res.data.payment_url}`); } };
import requests def create_order(): payload = { 'user_token': 'YOUR_API_TOKEN', 'amount': 500, 'order_id': 'ORD_12345', 'redirect_url': 'https://your-site.com/callback', 'customer_mobile': '9876543210', 'remark1': 'customer@gmail.com', 'description': 'Premium Plan' } res = requests.post('https://zozogateway.com/api/create-order', data=payload) response = res.json() if response.get('status'): # Redirect client to URL return response['payment_url']
{ "status": true, "message": "Order created successfully", "payment_url": "https://zozogateway.com/pay/abcD...", "order_id": "ORD_123", "amount": "500.00" }
{ "status": false, "message": "Order ID already exists!" }
Once a customer completes or fails a payment, our system sends a POST request with the transaction payload payload to the redirect_url you specified during order creation. This is an automated server-to-server call.
redirect_url
{ "order_id": "ORD_12345", "amount": "500.00", "status": "SUCCESS", // SUCCESS or FAILURE "utr": "312345678901", // Bank UTR "payment_token": "abc12...", "vpa": "customer@upi", "method": "UPI", "customer_mobile": "9876543210", "remark1": "customer@gmail.com" }
<?php // read form-url-encoded or JSON payload $raw = file_get_contents('php://input'); $data = json_decode($raw, true) ?: $_POST; if ($data['status'] === 'SUCCESS') { $order_id = $data['order_id']; $utr = $data['utr']; // !IMPORTANT! Always cross-verify status // via the order-status API (Step 4) // before delivering your product or service. mark_order_completed($order_id); } http_response_code(200); echo "OK";
To prevent webhook spoofing, always verify the final status of the transaction via this endpoint before marking the order as completed in your database.
| Parameter | Required | Description |
|---|---|---|
| user_token | Required | Your API Token (pass in query param or Header). |
| order_id | Required | The exact order_id you passed during creation. |
<?php $orderId = 'ORD_12345'; $url = 'https://zozogateway.com/api/order-status' . '?user_token=YOUR_API_TOKEN' . '&order_id=' . urlencode($orderId); $response = json_decode(file_get_contents($url), true); if ($response['status'] && $response['payment_status'] === 'SUCCESS') { // Transaction is securely verified. // Complete fulfillment here. process_order($orderId); }
Payment confirmed, money captured.
Checkout generated, waiting for user.
Transaction cancelled or failed.