Guides
Start typing to search…

Payments Integration Solutions

tZero Pay offers Four payment solutions:

1. Embedded

Embed a fully customizable payment interface directly on your website to accept cards and alternative payment methods.

2. Hosted

Payments are processed through a dedicated payment page hosted and secured by tZero Pay.

3. Payment Links

Generate payment links to seamlessly accept payments across various channels, including email, text, and social media.

4. Server-to-server

The customer interacts solely with your website. All communication between your systems and tZero Pay occurs via secure server-to-server API calls.


Below is a guide to help you choose the best method by explaining how each one works and its ideal applications.

Key Requirements

Obtain a Secret Key

Before integrating with the Payment Gateway API, you need to generate a Secret Key. This key authenticates your API requests and defines the actions (permissions) your system can perform.

Create a Secret Key from the tZero Pay Client Portal

  1. Go to Settings → Developer → API Keys → Add Keys.
  2. Generate a Secret Key

Fill in the required fields:

  • Name – A friendly label (e.g., Test Processing Key).
  • Description – Purpose of the key (e.g., To process transactions).
  • Status – Set to Active to start using the key immediately.
  1. Assign Permissions

Select the actions this key is allowed to perform:

  • Authorisation – Allows creating a payment authorisation (hold funds).
  • Capture – Allows capturing an authorised payment.
  • Void – Allows voiding an authorised but un-captured transaction.
  • Refund – Allows refunding a completed payment.
📘

Best Practice: Only enable the permissions required for your use case to follow the principle of least privilege.

  1. Configure Access Scope

Define which Clients / Entities the key can access.

  • Example: Client 1 → Client Test1 → Entity Orphan.
  • A key can be restricted to a specific client or entity for tenant-based isolation.
  1. Save & Secure the Key
  • Click Save.
  • Copy the generated Secret Key.
  • Store it securely (e.g., in a vault or environment variable).

  1. Use the Secret Key in API Requests

Include the secret key in the Authorization header for all API requests:

POST /payment/authorise
Host: sandboxurl
X-Secret-Key: sk_8e5f700cfdde447ea9b651736dec3e5f
Content-Type: application/json
📘
  • Rotate keys periodically for security.
  • You can deactivate or delete keys at any time in the portal under Developer → API Keys.

Use the Sandbox environment to test the integration.

Use our test cards to simulate different payment flows, to ensure your integration is set up correctly and behaving as expected.


SchemeCard Number
MasterCard5555555555554444
Visa4242424242424242

Updated about 2 months ago