Authorization

ZamuPay™ Gateway uses the industry-standard OAuth 2.0 (Client Credentials Grant) protocol to secure all API communication.

Before you can interact with our endpoints, you must obtain a temporary Access Token using your merchant credentials.

[!IMPORTANT]
🔐 Protect your Credentials
Your client_secret is a sensitive piece of information. Never share it in public repositories, client-side code, or insecure communication channels.

🏗️ The Auth Flow

All requests to the ZamuPay API must include an Authorization header containing a valid Bearer Token.

🚦 Step-by-Step Integration

1. Retrieve your Credentials

Client ID: Your public identifier.

Client Secret: Your private key (keep this secret!).

2. Obtain an Access Token

Send a POST request to our identity server.

Endpoint	Method
`https://api-sandbox.zamupay.com/v1/oauth/token`	`POST`

Request Body:

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "grant_type": "client_credentials"
}

3. Use the Bearer Token

Once you receive the access_token, include it in every subsequent API request using the Bearer scheme.

Header Example:

🚥 Token Expiry & Errors

Issue	Reason	Solution
`401 Unauthorized`	Invalid ID or Secret	Double-check your credentials in the dashboard.
`Token Expired`	Token duration exceeded	Implement a refresh logic to request a new token.
`403 Forbidden`	Valid token, but no permissions	Ensure your account has the correct scopes enabled.

🆘 Need Help?

If you're having trouble authenticating, please contact our technical team at support@zamupay.com.

Overview

Authorization#

🔐 Protect your Credentials#

🏗️ The Auth Flow#

🚦 Step-by-Step Integration#

1. Retrieve your Credentials#

2. Obtain an Access Token#

3. Use the Bearer Token#

🚥 Token Expiry & Errors#

🆘 Need Help?#