Authorization#
ZamuPay™ Gateway uses the industry-standard OAuth 2.0 (Client Credentials Grant) protocol to secure all API communication.Before you can interact with our endpoints, you must obtain a temporary Access Token using your merchant credentials.
🔐 Protect your Credentials#
Your client_secret is a sensitive piece of information. Never share it in public repositories, client-side code, or insecure communication channels.
🏗️ The Auth Flow#
All requests to the ZamuPay API must include an Authorization header containing a valid Bearer Token.
🚦 Step-by-Step Integration#
1. Retrieve your Credentials#
Client ID: Your public identifier.
Client Secret: Your private key (keep this secret!).
2. Obtain an Access Token#
Send a POST request to our identity server.| Endpoint | Method |
|---|
https://api-sandbox.zamupay.com/v1/oauth/token | POST |
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"grant_type": "client_credentials"
}
3. Use the Bearer Token#
Once you receive the access_token, include it in every subsequent API request using the Bearer scheme.
🚥 Token Expiry & Errors#
| Issue | Reason | Solution |
|---|
401 Unauthorized | Invalid ID or Secret | Double-check your credentials in the dashboard. |
Token Expired | Token duration exceeded | Implement a refresh logic to request a new token. |
403 Forbidden | Valid token, but no permissions | Ensure your account has the correct scopes enabled. |
🆘 Need Help?#
If you're having trouble authenticating, please contact our technical team at support@zamupay.com.Modified at 2026-01-30 12:25:35
