In order to use the API you will need to first request your merchant credentials.
Once registered you will be provided with: - A Zip API key - To be used to place /charges - A Zip client_id and client_secret - to be used for linking customer accounts and refreshing tokens
Make sure to keep your API key and client_secret store securely, they should not be placed anywhere publicly available such as open source repositories or client side code.
var apiKey = read.from.config('ZipAPIKey'); request.headers.add("X-Zip-API-Key", apiKey);
|Content - Type||application/json||Yes|
|Authorization||Bearer + [customer access_token]||Yes|
- The Content-Type entity header is used to indicate the media type of the resource.
- The X-Zip-API-Key header is where you will pass your merchant API key. Details on where to find your API key are outlined in the 'Preparing for Integration' section of this documentation.
- The Idempotency-Key is a unique random string for each request. If a request times out or provides invalid response you can attempt to repeat exact same request with same idempotency key to avoid any duplication.
- The Authorization header is where you will pass your customer access_token obtained in the linking process.
The authenticating values for these calls (client_id and client_secret)are passed in the form body rather than the header.
Depending if you are creating a token or refreshing one, the customer auth code or the customer refresh_token are also passed in the form body of this request.
The authenticating values for this call client_id , is passed in the endpoint query string rather than the header.