API Specification
API Specification
Environment
Below is a list of endpoints for API in both Sandbox and Production environments:
Sandbox: https://sandbox.zip.co/nz/api
Production: https://zip.co/nz/api
Authentication
The Zip Merchant API uses a secure token to identify and authorise merchants. In order to use the API, you will first need to register as a Zip partner.
Once registered, a set of client credentials will be provided.
Using the client credentials, use the token endpoint to generate a secure token - this must be provided in the Authorization header for all requests.
| KEY | VALUE | REQUIRED |
|---|---|---|
| Authorization | Bearer {Token} | Yes |
| Content-Type | application/json | Yes |
| Idempotency-Key | string | Where applicable |
-
The Authorization header is where you will pass your token. Details on how to generate a token are outlined in this Authentication section
-
The Content-Type entity header is used to indicate the media type of the resource
-
The Idempotency-Key is a unique random string for each request. If a request times out or provides invalid response you can attempt to repeat exact same request with same idempotency key to avoid any duplication
Method Overview
The following list of API methods are those that are part of the standard transaction flow:
| DESCRIPTION | METHOD | ENDPOINT |
|---|---|---|
| Create an order | POST | /order |
| Capture a charge (auth flow only) | POST | /order/{orderId}/capture |
| Void a charge (auth flow only) | POST | /order/{orderId}/void |
| Query an order | GET | /order/{orderId} |
The orderId is returned when creating an order - this must then be passed for the other methods
Postman Collection
You can test each of the API calls using the Postman Collection below:
Updated about 1 year ago