API Authentication
For any request initiated by the merchant, we request the merchant to pass certain data in headers of the request. This helps us validate that the request truly originated from a trust worthy entiry.
The header should consist of the following keys :
| Key | Value | Description | Optional |
|---|---|---|---|
| X-ZAMP-MerchantId | This will be shared for each merchant by the Zamp Onboarding team | This UUID uniquely identifies the merchant on our platform | N |
| X-ZAMP-Signature | This is a Base64 encoding of the SHA256 Hash of apiKey:merchantSecret. Both of these paraments will be shared to the merchant by the Zamp Onboarding team | This helps Zamp authenticate any particular incoming requests | N |
| X-ZAMP-Locale | Language code in which the session should be orchestrated in for the end user (en, ar). Language codes will be as per ISO 639-1 standard. | This helps Zamp provides a customised expirience for the end user. In absence of this field, the end user would be interacting with the English language | Y |
| X-ZAMP-OS | OS (android, ios, web, m-web) | N/A | Y |
| X-ZAMP-OS-Version | OS Version | N/A | Y |
| X-ZAMP-Idempotency-Key | string | Unique Key which will make all POST requests Idempotent. In absence of this key, idempotency will not be checked for. | Y |
X-ZAMP-Signature Generation Steps
For each request made by the merchant to the Zamp servers, the merchant needs to attach a unique signature X-ZAMP-Signature to authenticate the identity. The following is a JS code block on how to generate this signature.
const sha_message = CryptoJS.SHA256(`${ZAMP_API_KEY}:${ZAMP_SECRET}`);
const x_zamp_signature = CryptoJS.enc.Base64.stringify(sha_message);
We request all merchants to keep the secret key safe. The secret key as well as the API Key for different enviornments will be different.
Environments
Zamp provides two enviornments :
Stage : We request merchants to use this enviorment to perform any kind of testing. The testing may be on test net as well as main net in this enviornment. The base url of this enviornment is : https://api-stg.zamp.finance/
Production : This is the live enviornment. All transactions on this enviornment are live and on the main net. Before you go live on this envrionment with your customers, we request you to do test transactions here as well. The base url of this enviornment is : https://api.zamp.finance/