API Authentication
For any request initiated by the merchant, we request the merchant to pass certain data in headers of the request. This helps us validate that the request truly originated from a trustworthy entity.
The header should consist of the following keys :
Request headers
| Name | Type | Description | Required |
|---|---|---|---|
| X-ZAMP-MerchantId | string | This will be shared for each merchant by the Zamp Onboarding team. This UUID uniquely identifies the merchant on our platform. | Yes |
| X-ZAMP-Signature | string | This is a Base64 encoding of the SHA256 Hash of apiKey:merchantSecret. Both of these parameters will be shared to the merchant by the Zamp Onboarding team. This helps Zamp authenticate any particular incoming requests. | Yes |
| X-ZAMP-Locale | string | Language code in which the session should be orchestrated in for the end user (en, ar). Language codes will be as per ISO 639-1 standard. This helps Zamp provide a customised experience for the end user. In absence of this field, the end user would be interacting with the English language. | No |
| X-ZAMP-OS | string | OS (android, ios, web, m-web) | No |
| X-ZAMP-OS-Version | string | OS Version | No |
| X-ZAMP-Idempotency-Key | string | Unique Key which will make all POST requests Idempotent. In absence of this key, idempotency will not be checked for. | No |
X-ZAMP-Signature Generation Steps
For each request made by the merchant to the Zamp servers, the merchant needs to attach a unique signature X-ZAMP-Signature to authenticate the identity. The following is a JS code block on how to generate this signature.
const sha_message = CryptoJS.SHA256(`${ZAMP_API_KEY}:${ZAMP_SECRET}`);
const x_zamp_signature = CryptoJS.enc.Base64.stringify(sha_message);
We request all merchants to keep the secret key safe. The secret key as well as the API Key for different environments will be different.
Environments
Zamp provides two environments :
Stage
We request merchants to use this environment to perform any kind of testing. The testing may be on test net as well as main net in this environment. The base url of this environment is : https://api-stg.zamp.finance/
Production
This is the live environment. All transactions on this environment are live and on the main net. Before you go live on this environment with your customers, we request you to do test transactions here as well. The base url of this environment is : https://api.zamp.finance/