{"info":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","description":"<html><head></head><body><img src=\"https://zuato.com/Zuato.png\">\n\n<hr>\n<h2 id=\"about-zuato\">About Zuato</h2>\n<p>Zuato Financial Services is a <strong>UAE-based FinTech company</strong> specializing in payment acquiring solutions for businesses of all sizes. We partner with leading banks and global payment schemes to deliver reliable, fast, and secure payment processing.</p>\n<p>Our mission is simple: <strong>make accepting payments effortless, flexible, and accessible</strong> for every merchant across the region.</p>\n<p>From Mini-POS machines to SoftPOS apps, payment links, QR codes, and recurring payment solutions, Zuato offers a complete suite of acquiring tools. With a single integration, you unlock access to multiple banks, payment networks, and digital wallets — no complexity, no delays, just seamless transactions.</p>\n<hr>\n<h2 id=\"whats-inside-this-collection\">What's Inside This Collection</h2>\n<p>This Postman collection is organized into <strong>8 categories</strong> covering everything you need to integrate with the Zuato Payment Gateway:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>#</th>\n<th>Category</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>1</td>\n<td><strong>Gateway Integration</strong></td>\n<td>Core payment API — create links, retrieve orders</td>\n</tr>\n<tr>\n<td>2</td>\n<td><strong>API Sandbox Access</strong></td>\n<td>Sandbox credentials, test environment setup</td>\n</tr>\n<tr>\n<td>3</td>\n<td><strong>Supported Wallets</strong></td>\n<td>Apple Pay, Google Pay, Samsung Pay, BOTIM, PayBy, Alipay &amp; more</td>\n</tr>\n<tr>\n<td>4</td>\n<td><strong>Website Checklist</strong></td>\n<td>Card scheme compliance requirements</td>\n</tr>\n<tr>\n<td>5</td>\n<td><strong>Response Codes</strong></td>\n<td>HTTP codes &amp; order/refund status reference</td>\n</tr>\n<tr>\n<td>6</td>\n<td><strong>Test Card Details</strong></td>\n<td>Test cards for sandbox environment</td>\n</tr>\n<tr>\n<td>7</td>\n<td><strong>Refund / Payout API</strong></td>\n<td>Submit and manage refund requests</td>\n</tr>\n<tr>\n<td>8</td>\n<td><strong>E-Commerce Platforms</strong></td>\n<td>Shopify, WooCommerce &amp; WordPress integration guides</td>\n</tr>\n</tbody>\n</table>\n</div><hr>\n<h2 id=\"base-url\">Base URL</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-html\">https://payments.zuato.com\n\n</code></pre>\n<h2 id=\"authentication\">Authentication</h2>\n<p>All API requests require two custom headers:</p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-html\">X-ACCESS-KEY: ak_live_xxxxxxxxx\nX-SECRET-KEY: sk_live_xxxxxxxxx\nContent-Type: application/json\n\n</code></pre>\n<hr>\n<h2 id=\"support\">Support</h2>\n<ul>\n<li><p><strong>Email:</strong> <a href=\"mailto:support@zuato.com\">support@zuato.com</a></p>\n</li>\n<li><p><strong>Portal:</strong> <a href=\"https://payments.zuato.com/api-reference/\">https://payments.zuato.com/api-reference/</a></p>\n</li>\n<li><p><strong>Security:</strong> Never expose your Secret Key in client-side code</p>\n</li>\n</ul>\n<hr>\n<p><em>Version: v101.0</em></p>\n<p><em>Last Updated: January 2026</em></p>\n<p><em>Confidential — For Integration Partners Only © 2024 Zuato Financial Services. All rights reserved.</em></p>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"53730376","collectionId":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","publishedId":"2sBXwsKpBi","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"fff","highlight":"1a4c49"},"publishDate":"2026-06-10T17:49:17.000Z"},"item":[{"name":"1. Gateway Integration","item":[{"name":"Create Payment Link","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["// Auto-generate a unique order ID if not set","// This prevents duplicate order ID rejections (HTTP 409)","const timestamp = Date.now();","const randomSuffix = Math.random().toString(36).substring(2, 7).toUpperCase();","const uniqueOrderId = `ORD-${timestamp}-${randomSuffix}`;","","// Only auto-generate if the variable is using the placeholder","if (!pm.collectionVariables.get('merchant_order_ref') || ","    pm.collectionVariables.get('merchant_order_ref') === 'ORD-13001') {","    pm.collectionVariables.set('merchant_order_ref', uniqueOrderId);","    console.log('Auto-generated unique order reference:', uniqueOrderId);","}","","console.log('Pre-request: Using merchant_order_ref =', pm.collectionVariables.get('merchant_order_ref'));","console.log('Pre-request: Sending to', pm.collectionVariables.get('base_url') + '/api/payment-links/create/');"],"id":"896cbaf3-0478-4a7e-9483-c446a306a06c"}},{"listen":"test","script":{"type":"text/javascript","exec":["// ─── STATUS CODE VALIDATION ───","pm.test('Status code is 200 OK', function () {","    pm.response.to.have.status(200);","});","","// ─── RESPONSE TIME ───","pm.test('Response time is under 5000ms', function () {","    pm.expect(pm.response.responseTime).to.be.below(5000);","});","","// ─── CONTENT TYPE ───","pm.test('Content-Type is application/json', function () {","    pm.expect(pm.response.headers.get('Content-Type')).to.include('application/json');","});","","// ─── PARSE RESPONSE ───","let jsonResponse;","pm.test('Response body is valid JSON', function () {","    jsonResponse = pm.response.json();","    pm.expect(jsonResponse).to.be.an('object');","});","","if (jsonResponse) {","    // ─── SUCCESS FLAG ───","    pm.test('Response contains success: true', function () {","        pm.expect(jsonResponse).to.have.property('success');","        pm.expect(jsonResponse.success).to.be.true;","    });","","    // ─── ORDER OBJECT ───","    pm.test('Response contains order object', function () {","        pm.expect(jsonResponse).to.have.property('order');","        pm.expect(jsonResponse.order).to.be.an('object');","    });","","    // ─── ORDER ID ───","    pm.test('Order ID is present and is a string', function () {","        pm.expect(jsonResponse.order).to.have.property('id');","        pm.expect(jsonResponse.order.id).to.be.a('string');","        pm.expect(jsonResponse.order.id).to.not.be.empty;","    });","","    // ─── ORDER STATUS ───","    pm.test('Order status is CREATED', function () {","        pm.expect(jsonResponse.order.status).to.equal('CREATED');","    });","","    // ─── CHECKOUT URL ───","    pm.test('checkoutUrl is present and is a valid URL', function () {","        pm.expect(jsonResponse).to.have.property('checkoutUrl');","        pm.expect(jsonResponse.checkoutUrl).to.be.a('string');","        pm.expect(jsonResponse.checkoutUrl).to.include('https://');","    });","","    // ─── SAVE ORDER ID FOR SUBSEQUENT REQUESTS ───","    if (jsonResponse.order && jsonResponse.order.id) {","        pm.collectionVariables.set('order_id', jsonResponse.order.id);","        console.log('✅ Saved order_id to collection variable:', jsonResponse.order.id);","        console.log('✅ checkoutUrl:', jsonResponse.checkoutUrl);","        console.log('ℹ️  Redirect your customer to the checkoutUrl above.');","        console.log('ℹ️  After payment, call GET /api/orders/details/{order_id}/ to verify.');","    }","}","","// ─── AMOUNT VALIDATION ───","pm.test('Order amount matches request', function () {","    if (jsonResponse && jsonResponse.order) {","        pm.expect(jsonResponse.order.amount).to.equal(250);","    }","});","","// ─── CURRENCY VALIDATION ───","pm.test('Order currency is AED', function () {","    if (jsonResponse && jsonResponse.order) {","        pm.expect(jsonResponse.order.currency).to.equal('AED');","    }","});"],"id":"2b70bf06-41f7-4657-aeaf-6413f585ab55"}}],"id":"de7009a2-1a74-406f-b252-7e55b2c92f22","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx","description":"<p>Your production Access Key from the Zuato dashboard. Prefixed with ak_live_. Required on every request.</p>\n","type":"text"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx","description":"<p>Your production Secret Key from the Zuato dashboard. Prefixed with sk_live_. Keep this confidential — never expose in client-side code. Required on every request.</p>\n","type":"text"},{"key":"Content-Type","value":"application/json","description":"<p>Must always be set to application/json for all Zuato API requests.</p>\n","type":"text"}],"body":{"mode":"raw","raw":"{\n  \"order\": {\n    \"id\": \"ORD-13001\",\n    \"amount\": 250,\n    \"currency\": \"AED\"\n  },\n  \"customer\": {\n    \"firstName\": \"John\",\n    \"lastName\": \"Doe\",\n    \"email\": \"john@example.com\",\n    \"phone\": \"+971501234567\"\n  },\n  \"returnUrl\": \"https://payments.zuato.com/payment/returnHome/\",\n  \"returnSuccUrl\": \"https://yoursite.com/payment/success/\",\n  \"returnErrorUrl\": \"https://yoursite.com/payment/failed/\"\n}","options":{"raw":{"language":"json"}}},"url":"https://payments.zuato.com/api/payment-links/create/","description":"<h1 id=\"create-payment-link\">Create Payment Link</h1>\n<h2 id=\"purpose\">Purpose</h2>\n<p>Creates a new payment order and returns a hosted checkout URL. Share this URL with your customer or redirect them to it to complete payment on Zuato's secure, PCI DSS certified checkout page.</p>\n<hr />\n<h2 id=\"endpoint\">Endpoint</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>POST https://payments.zuato.com/api/payment-links/create/\n\n</code></pre><hr />\n<h2 id=\"request-body\">Request Body</h2>\n<h3 id=\"order-object--required\">order (object) — Required</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>order.id</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Your unique merchant order reference. Must be unique for every transaction. Duplicates return HTTP 409.</td>\n</tr>\n<tr>\n<td><code>order.amount</code></td>\n<td>number</td>\n<td>✅ Yes</td>\n<td>Payment amount in the specified currency. Positive number only.</td>\n</tr>\n<tr>\n<td><code>order.currency</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>ISO 4217 three-letter currency code. E.g. <code>AED</code>, <code>USD</code>, <code>EUR</code>.</td>\n</tr>\n</tbody>\n</table>\n</div><h3 id=\"customer-object--required\">customer (object) — Required</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>customer.firstName</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Customer's first name.</td>\n</tr>\n<tr>\n<td><code>customer.lastName</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Customer's last name.</td>\n</tr>\n<tr>\n<td><code>customer.email</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Customer's email address. Used for payment receipt delivery.</td>\n</tr>\n<tr>\n<td><code>customer.phone</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Customer's phone number including country code. E.g. <code>+971501234567</code>.</td>\n</tr>\n</tbody>\n</table>\n</div><h3 id=\"return-urls--required\">Return URLs — Required</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>returnUrl</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td><strong>FIXED — Do not change.</strong> Must be <code>https://payments.zuato.com/payment/returnHome/</code>. Modifying this breaks dashboard status updates.</td>\n</tr>\n<tr>\n<td><code>returnSuccUrl</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Your application's success page. Customer is redirected here after successful payment. Must use HTTPS.</td>\n</tr>\n<tr>\n<td><code>returnErrorUrl</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Your application's failure/error page. Customer is redirected here on failed or cancelled payment. Must use HTTPS.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"success-response-200-ok\">Success Response (200 OK)</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"success\": true,\n  \"order\": {\n    \"id\": \"ord_abcd1234\",\n    \"amount\": 250,\n    \"currency\": \"AED\",\n    \"status\": \"CREATED\"\n  },\n  \"checkoutUrl\": \"https://payments.zuato.com/payment/process/ord_abcd1234/\"\n}\n\n</code></pre>\n<h3 id=\"response-fields\">Response Fields</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>success</code></td>\n<td>boolean</td>\n<td><code>true</code> if payment link was created successfully.</td>\n</tr>\n<tr>\n<td><code>order.id</code></td>\n<td>string</td>\n<td>Zuato-generated unique order ID. Use this for the Get Order Details call.</td>\n</tr>\n<tr>\n<td><code>order.amount</code></td>\n<td>number</td>\n<td>Payment amount as submitted.</td>\n</tr>\n<tr>\n<td><code>order.currency</code></td>\n<td>string</td>\n<td>Currency code as submitted.</td>\n</tr>\n<tr>\n<td><code>order.status</code></td>\n<td>string</td>\n<td>Always <code>CREATED</code> immediately after link creation.</td>\n</tr>\n<tr>\n<td><code>checkoutUrl</code></td>\n<td>string</td>\n<td><strong>Hosted checkout URL.</strong> Redirect your customer to this URL to complete payment.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"what-happens-next\">What Happens Next?</h2>\n<ol>\n<li><p>Redirect your customer to the <code>checkoutUrl</code></p>\n</li>\n<li><p>Customer completes payment on Zuato's hosted checkout</p>\n</li>\n<li><p>Customer is redirected to your <code>returnSuccUrl</code> (success) or <code>returnErrorUrl</code> (failure)</p>\n</li>\n<li><p><strong>Immediately call</strong> <strong><code>GET /api/orders/details/{order_id}/</code></strong> <strong>server-side to verify the payment status</strong></p>\n</li>\n<li><p>Only fulfil the order when status is <code>paid</code></p>\n</li>\n</ol>\n<hr />\n<h2 id=\"important-notes\">Important Notes</h2>\n<ul>\n<li><p>The <code>order.id</code> (your merchant reference) must be <strong>unique per transaction</strong></p>\n</li>\n<li><p>The <code>returnUrl</code> must <strong>always</strong> be <code>https://payments.zuato.com/payment/returnHome/</code> — do not modify</p>\n</li>\n<li><p><strong>Never fulfil an order based solely on the client-side redirect</strong> — always verify server-side</p>\n</li>\n<li><p>The test script in this request auto-saves the returned <code>order_id</code> to the collection variable for use in the Get Order Details request</p>\n</li>\n</ul>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"path":["api","payment-links","create",""],"host":["https://payments.zuato.com"],"query":[],"variable":[]}},"response":[{"id":"6fad3ef2-79fe-46ae-af5b-de6ba58e6741","name":"200 OK — Payment Link Created Successfully","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"order\": {\n    \"id\": \"ORD-13001\",\n    \"amount\": 250,\n    \"currency\": \"AED\"\n  },\n  \"customer\": {\n    \"firstName\": \"John\",\n    \"lastName\": \"Doe\",\n    \"email\": \"john@example.com\",\n    \"phone\": \"+971501234567\"\n  },\n  \"returnUrl\": \"https://payments.zuato.com/payment/returnHome/\",\n  \"returnSuccUrl\": \"https://yoursite.com/payment/success/\",\n  \"returnErrorUrl\": \"https://yoursite.com/payment/failed/\"\n}"},"url":"https://payments.zuato.com/api/payment-links/create/"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": true,\n  \"order\": {\n    \"id\": \"ord_abcd1234\",\n    \"amount\": 250,\n    \"currency\": \"AED\",\n    \"status\": \"CREATED\"\n  },\n  \"checkoutUrl\": \"https://payments.zuato.com/payment/process/ord_abcd1234/\"\n}"},{"id":"373b87ca-f229-4a18-bd1d-7144433b95e0","name":"400 Bad Request — Missing or Invalid Parameters","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"order\": {\n    \"id\": \"ORD-13001\"\n  }\n}"},"url":"https://payments.zuato.com/api/payment-links/create/"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": false,\n  \"error\": \"Missing required fields: order.amount, order.currency, customer.firstName, customer.email\"\n}"},{"id":"6c180bad-f5da-4f33-bef7-99c3a6348de5","name":"401 Unauthorized — Invalid API Keys","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_invalid"},{"key":"X-SECRET-KEY","value":"sk_live_invalid"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{}"},"url":"https://payments.zuato.com/api/payment-links/create/"},"status":"Unauthorized","code":401,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": false,\n  \"error\": \"Unauthorized. API keys are missing, invalid, or expired.\"\n}"},{"id":"bad7c05d-4cd6-48e0-bc90-c82f570a1f26","name":"409 Conflict — Duplicate Order ID","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"order\": {\n    \"id\": \"ORD-13001\",\n    \"amount\": 250,\n    \"currency\": \"AED\"\n  },\n  \"customer\": {\n    \"firstName\": \"John\",\n    \"lastName\": \"Doe\",\n    \"email\": \"john@example.com\",\n    \"phone\": \"+971501234567\"\n  },\n  \"returnUrl\": \"https://payments.zuato.com/payment/returnHome/\",\n  \"returnSuccUrl\": \"https://yoursite.com/payment/success/\",\n  \"returnErrorUrl\": \"https://yoursite.com/payment/failed/\"\n}"},"url":"https://payments.zuato.com/api/payment-links/create/"},"status":"Conflict","code":409,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": false,\n  \"error\": \"Conflict. An order with ID ORD-13001 already exists. Each transaction must use a unique order ID.\"\n}"}],"_postman_id":"de7009a2-1a74-406f-b252-7e55b2c92f22"},{"name":"Get Order Details","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["// Verify that an order_id has been set before making this call","const orderId = pm.collectionVariables.get('order_id');","if (!orderId || orderId === 'ord_abcd1234') {","    console.warn('⚠️  Warning: order_id collection variable is using the placeholder value.');","    console.warn('⚠️  Run the Create Payment Link request first to auto-populate the order_id.');","    console.warn('⚠️  Or manually set the order_id variable to a valid Zuato order ID (format: ord_xxxx).');","} else {","    console.log('✅ Using order_id:', orderId);","    console.log('ℹ️  Fetching order details from:', pm.collectionVariables.get('base_url') + '/api/orders/details/' + orderId + '/');","}"],"id":"86b76498-30b2-4c00-a63a-da2a67a38e74"}},{"listen":"test","script":{"type":"text/javascript","exec":["// ─── STATUS CODE ───","pm.test('Status code is 200 OK', function () {","    pm.response.to.have.status(200);","});","","// ─── RESPONSE TIME ───","pm.test('Response time is under 3000ms', function () {","    pm.expect(pm.response.responseTime).to.be.below(3000);","});","","// ─── PARSE RESPONSE ───","let jsonResponse;","pm.test('Response body is valid JSON', function () {","    jsonResponse = pm.response.json();","    pm.expect(jsonResponse).to.be.an('object');","});","","if (jsonResponse) {","    // ─── SUCCESS FLAG ───","    pm.test('Response contains success: true', function () {","        pm.expect(jsonResponse.success).to.be.true;","    });","","    // ─── DATA OBJECT ───","    pm.test('Response contains data object', function () {","        pm.expect(jsonResponse).to.have.property('data');","        pm.expect(jsonResponse.data).to.be.an('object');","    });","","    if (jsonResponse.data) {","        // ─── ORDER ID ───","        pm.test('data.order_id is present', function () {","            pm.expect(jsonResponse.data).to.have.property('order_id');","        });","","        // ─── ORDER NUMBER ───","        pm.test('data.order_no is present', function () {","            pm.expect(jsonResponse.data).to.have.property('order_no');","        });","","        // ─── AMOUNT ───","        pm.test('data.amount is a positive number', function () {","            pm.expect(jsonResponse.data.amount).to.be.a('number');","            pm.expect(jsonResponse.data.amount).to.be.above(0);","        });","","        // ─── STATUS ───","        pm.test('data.status is a valid order status', function () {","            const validStatuses = ['CREATED', 'pending', 'paid', 'failed'];","            pm.expect(validStatuses).to.include(jsonResponse.data.status);","        });","","        // ─── CUSTOMER OBJECT ───","        pm.test('data.customer object is present with required fields', function () {","            pm.expect(jsonResponse.data).to.have.property('customer');","            pm.expect(jsonResponse.data.customer).to.have.property('name');","            pm.expect(jsonResponse.data.customer).to.have.property('email');","            pm.expect(jsonResponse.data.customer).to.have.property('phone');","        });","","        // ─── CREATED AT ───","        pm.test('data.created_at is a valid ISO 8601 timestamp', function () {","            pm.expect(jsonResponse.data).to.have.property('created_at');","            const date = new Date(jsonResponse.data.created_at);","            pm.expect(date.toString()).to.not.equal('Invalid Date');","        });","","        // ─── PAYMENT STATUS LOGIC ───","        const status = jsonResponse.data.status;","        console.log('📦 Order Status:', status);","        if (status === 'paid') {","            console.log('✅ Payment confirmed. Safe to fulfil order.');","        } else if (status === 'pending') {","            console.log('⏳ Payment pending. Do not fulfil yet. Poll again after a short delay.');","        } else if (status === 'failed') {","            console.log('❌ Payment failed. Prompt customer to retry or use alternative payment method.');","        } else if (status === 'CREATED') {","            console.log('🔗 Payment link created but customer has not yet initiated payment.');","        }","    }","}"],"id":"ca9e81f5-e52a-4c7c-83b5-888a54541c39"}}],"id":"957124be-78c0-47aa-b8e5-72455e6b4f3c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx","description":"<p>Your production Access Key. Required on every request.</p>\n","type":"text"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx","description":"<p>Your production Secret Key. Required on every request. Keep confidential.</p>\n","type":"text"},{"key":"Content-Type","value":"application/json","description":"<p>Must be application/json for all Zuato API requests.</p>\n","type":"text"}],"url":"https://payments.zuato.com/api/orders/details/ord_abcd1234/","description":"<h1 id=\"get-order-details\">Get Order Details</h1>\n<h2 id=\"purpose\">Purpose</h2>\n<p>Retrieve the complete payment and order details for a given order ID. This endpoint should always be called <strong>server-side</strong> after the customer returns from the hosted checkout to verify the payment status before fulfilling the order.</p>\n<p><strong>⚠️ Critical:</strong> Never rely solely on the client-side redirect to confirm payment. Server-side verification is mandatory.</p>\n<hr />\n<h2 id=\"endpoint\">Endpoint</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>GET https://payments.zuato.com/api/orders/details/{order_id}/\n</code></pre><hr />\n<h2 id=\"path-parameters\">Path Parameters</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Parameter</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>order_id</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>The Zuato-generated order ID returned in the Create Payment Link response. Format: <code>ord_xxxx</code>. This is NOT your merchant order reference — it is the <code>order.id</code> returned by the API.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"success-response-200-ok\">Success Response (200 OK)</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"success\": true,\n  \"data\": {\n    \"order_id\": \"ord_abcd1234\",\n    \"order_no\": \"ORD-13001\",\n    \"amount\": 250,\n    \"status\": \"paid\",\n    \"customer\": {\n      \"name\": \"John Doe\",\n      \"email\": \"john@example.com\",\n      \"phone\": \"+971501234567\"\n    },\n    \"created_at\": \"2024-01-15T10:30:00Z\"\n  }\n}\n</code></pre>\n<h3 id=\"response-fields\">Response Fields</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>data.order_id</code></td>\n<td>string</td>\n<td>Zuato-assigned unique order ID.</td>\n</tr>\n<tr>\n<td><code>data.order_no</code></td>\n<td>string</td>\n<td>Your original merchant order reference passed during payment link creation.</td>\n</tr>\n<tr>\n<td><code>data.amount</code></td>\n<td>number</td>\n<td>The transaction amount.</td>\n</tr>\n<tr>\n<td><code>data.status</code></td>\n<td>string</td>\n<td>Payment status: <code>CREATED</code>, <code>pending</code>, <code>paid</code>, or <code>failed</code>.</td>\n</tr>\n<tr>\n<td><code>data.customer.name</code></td>\n<td>string</td>\n<td>Customer's full name.</td>\n</tr>\n<tr>\n<td><code>data.customer.email</code></td>\n<td>string</td>\n<td>Customer's email address.</td>\n</tr>\n<tr>\n<td><code>data.customer.phone</code></td>\n<td>string</td>\n<td>Customer's phone number.</td>\n</tr>\n<tr>\n<td><code>data.created_at</code></td>\n<td>string</td>\n<td>ISO 8601 timestamp of order creation.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"order-status-values\">Order Status Values</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Status</th>\n<th>Stage</th>\n<th>Action</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>CREATED</code></td>\n<td>Initial</td>\n<td>Payment link generated, customer not yet paid.</td>\n</tr>\n<tr>\n<td><code>pending</code></td>\n<td>Processing</td>\n<td>Payment in progress — poll again, do NOT fulfil yet.</td>\n</tr>\n<tr>\n<td><code>paid</code></td>\n<td>Final ✅</td>\n<td>Payment confirmed — safe to fulfil the order.</td>\n</tr>\n<tr>\n<td><code>failed</code></td>\n<td>Final ❌</td>\n<td>Payment failed — prompt customer to retry.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"⚠️-integration-note\">⚠️ Integration Note</h2>\n<p>The <code>order_id</code> collection variable is automatically populated when you run the <strong>Create Payment Link</strong> request. If you are calling this endpoint independently, replace <code>ord_abcd1234</code> with a valid Zuato order ID in the format <code>ord_xxxx</code>.</p>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"path":["api","orders","details","ord_abcd1234",""],"host":["https://payments.zuato.com"],"query":[],"variable":[]}},"response":[{"id":"0d957ccc-25c9-4ebc-8bee-fca357da8d9f","name":"200 OK — Order Details (Paid)","originalRequest":{"method":"GET","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"url":"https://payments.zuato.com/api/orders/details/ord_abcd1234/"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": true,\n  \"data\": {\n    \"order_id\": \"ord_abcd1234\",\n    \"order_no\": \"ORD-13001\",\n    \"amount\": 250,\n    \"status\": \"paid\",\n    \"customer\": {\n      \"name\": \"John Doe\",\n      \"email\": \"john@example.com\",\n      \"phone\": \"+971501234567\"\n    },\n    \"created_at\": \"2024-01-15T10:30:00Z\"\n  }\n}"},{"id":"78e7e0a4-8216-4fcd-b62b-4171aa3bb7ca","name":"200 OK — Order Details (Pending)","originalRequest":{"method":"GET","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"url":"https://payments.zuato.com/api/orders/details/ord_abcd1234/"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": true,\n  \"data\": {\n    \"order_id\": \"ord_abcd1234\",\n    \"order_no\": \"ORD-13001\",\n    \"amount\": 250,\n    \"status\": \"pending\",\n    \"customer\": {\n      \"name\": \"John Doe\",\n      \"email\": \"john@example.com\",\n      \"phone\": \"+971501234567\"\n    },\n    \"created_at\": \"2024-01-15T10:30:00Z\"\n  }\n}"},{"id":"fbb04244-417a-49dd-aeac-01dd1f2bae12","name":"404 Not Found — Order ID Does Not Exist","originalRequest":{"method":"GET","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"url":"https://payments.zuato.com/api/orders/details/ord_invalid999/"},"status":"Not Found","code":404,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": false,\n  \"error\": \"Order not found. The specified order ID does not exist or is not associated with this merchant account.\"\n}"}],"_postman_id":"957124be-78c0-47aa-b8e5-72455e6b4f3c"}],"id":"4c4f85d2-1986-4f7d-ae8b-b0fe035c8335","description":"<h1 id=\"gateway-integration\">Gateway Integration</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>The Zuato Payment Gateway API enables merchants to programmatically create payment links, redirect customers to a secure hosted checkout, and retrieve order details to verify payment status. All communication is over HTTPS using JSON.</p>\n<hr />\n<h2 id=\"integration-methods-available\">Integration Methods Available</h2>\n<h3 id=\"1-hosted-payment-page\">1. Hosted Payment Page</h3>\n<p>Our Hosted Payment Pages handle the entire card capture and payment process on Zuato's PCI DSS certified infrastructure.</p>\n<p><strong>Key Features:</strong></p>\n<ul>\n<li><p>Responsive layout optimized for mobile devices</p>\n</li>\n<li><p>Easy customization using CSS</p>\n</li>\n<li><p>Option to save cards for returning customers</p>\n</li>\n<li><p>Supports Google Analytics tracking</p>\n</li>\n<li><p>No PCI DSS certification required on your end</p>\n</li>\n</ul>\n<h3 id=\"2-quicklinks\">2. QuickLinks</h3>\n<p>Create simple one-click payment links for single products or events.</p>\n<ul>\n<li><p>Specify availability dates and stock control</p>\n</li>\n<li><p>Publishable on website, email, social media, or as QR codes</p>\n</li>\n</ul>\n<h3 id=\"3-mobile-api\">3. Mobile API</h3>\n<p>Process payments from mobile applications via the Hosted Payment Page API interface.</p>\n<ul>\n<li>No PCI certification required</li>\n</ul>\n<h3 id=\"4-remote-api\">4. Remote API</h3>\n<p>Direct server-to-server transaction processing.</p>\n<ul>\n<li><p>PCI certification required for card capture</p>\n</li>\n<li><p>3D Secure (MPI) integration required</p>\n</li>\n<li><p>Refunds, voids, and recurring transaction management available without PCI certification</p>\n</li>\n</ul>\n<blockquote>\n<p><strong>Note:</strong> Remote API is not enabled by default. Contact <a href=\"https://mailto:support@zuato.com\">support@zuato.com</a> to request access. </p>\n</blockquote>\n<hr />\n<h2 id=\"payment-flow\">Payment Flow</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>[1] Get API Keys → [2] Create Payment Link → [3] Customer Pays → [4] Verify Order\n\n</code></pre><p><strong>Step 1:</strong> Obtain your Access Key and Secret Key from <a href=\"https://payments.zuato.com/api-reference/\">https://payments.zuato.com/api-reference/</a></p>\n<p><strong>Step 2:</strong> POST order and customer data to <code>/api/payment-links/create/</code> to generate a hosted checkout URL</p>\n<p><strong>Step 3:</strong> Redirect the customer to the <code>checkoutUrl</code> returned in the response</p>\n<p><strong>Step 4:</strong> After the customer returns, call <code>GET /api/orders/details/{order_id}/</code> server-side to verify payment status</p>\n<hr />\n<h2 id=\"base-url\">Base URL</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>https://payments.zuato.com\n\n</code></pre><h2 id=\"authentication-headers-required-on-every-request\">Authentication Headers (required on every request)</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"X-ACCESS-KEY\": \"ak_live_xxxxxxxxx\",\n  \"X-SECRET-KEY\": \"sk_live_xxxxxxxxx\",\n  \"Content-Type\": \"application/json\"\n}\n\n</code></pre>\n<hr />\n<h2 id=\"best-practices\">Best Practices</h2>\n<ul>\n<li><p><strong>Always verify server-side.</strong> Never rely on client-side redirects to confirm payment. Call the order details endpoint from your backend.</p>\n</li>\n<li><p><strong>Use unique order IDs.</strong> Generate a unique <code>order.id</code> for every request — duplicates are rejected with HTTP 409.</p>\n</li>\n<li><p><strong>Do not modify returnUrl.</strong> Must always be <code>https://payments.zuato.com/payment/returnHome/</code></p>\n</li>\n<li><p><strong>Handle all statuses.</strong> Implement logic for <code>paid</code>, <code>pending</code>, and <code>failed</code>.</p>\n</li>\n<li><p><strong>Secure your credentials.</strong> Store in environment variables or a secrets manager. Never commit to version control.</p>\n</li>\n<li><p><strong>Use HTTPS.</strong> All <code>returnSuccUrl</code> and <code>returnErrorUrl</code> values must use HTTPS.</p>\n</li>\n<li><p><strong>Implement idempotency.</strong> Check if an order already exists before creating a duplicate on network timeout.</p>\n</li>\n</ul>\n","_postman_id":"4c4f85d2-1986-4f7d-ae8b-b0fe035c8335","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"2. API Sandbox Access","item":[{"name":"Sandbox — Create Payment Link","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["// Sandbox pre-request validation","const sandboxKey = pm.collectionVariables.get('sandbox_access_key');","if (!sandboxKey || sandboxKey === 'ak_test_xxxxxxxxx') {","    console.warn('⚠️  Sandbox access key is not configured.');","    console.warn('⚠️  Email support@zuato.com to request sandbox credentials.');","    console.warn('⚠️  Then set sandbox_access_key and sandbox_secret_key in collection variables.');","} else {","    console.log('✅ Sandbox access key configured. Using sandbox environment.');","    console.log('ℹ️  Endpoint:', pm.collectionVariables.get('sandbox_base_url') + '/api/payment-links/create/');","}","","// Auto-generate unique sandbox order ID","const sandboxOrderId = 'SANDBOX-ORD-' + Date.now();","pm.collectionVariables.set('sandbox_merchant_order_ref', sandboxOrderId);","console.log('Generated sandbox order ID:', sandboxOrderId);"],"id":"2d40d5c1-f817-404a-8c7e-17f6205c4522"}},{"listen":"test","script":{"type":"text/javascript","exec":["pm.test('Sandbox: Status code is 200 OK', function () {","    pm.response.to.have.status(200);","});","","pm.test('Sandbox: Response is valid JSON', function () {","    pm.response.to.be.json;","});","","const jsonResponse = pm.response.json();","","pm.test('Sandbox: success is true', function () {","    pm.expect(jsonResponse.success).to.be.true;","});","","pm.test('Sandbox: checkoutUrl is returned', function () {","    pm.expect(jsonResponse).to.have.property('checkoutUrl');","    pm.expect(jsonResponse.checkoutUrl).to.include('https://');","});","","if (jsonResponse.order && jsonResponse.order.id) {","    pm.collectionVariables.set('sandbox_order_id', jsonResponse.order.id);","    console.log('✅ Sandbox order_id saved:', jsonResponse.order.id);","    console.log('✅ Sandbox checkoutUrl:', jsonResponse.checkoutUrl);","    console.log('ℹ️  Use test cards from Section 6 to complete the sandbox payment.');","}"],"id":"bf3444b1-186d-4440-8264-70ee7c33538d"}}],"id":"1a793c7a-b66c-4c7b-b676-806e2e2c8205","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_test_xxxxxxxxx","description":"<p>Sandbox Access Key. Prefixed with ak_test_. Provided by Zuato upon sandbox account creation.</p>\n","type":"text"},{"key":"X-SECRET-KEY","value":"sk_test_xxxxxxxxx","description":"<p>Sandbox Secret Key. Prefixed with sk_test_. Keep confidential even in test environments.</p>\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n  \"order\": {\n    \"id\": \"{{sandbox_merchant_order_ref}}\",\n    \"amount\": 100,\n    \"currency\": \"AED\"\n  },\n  \"customer\": {\n    \"firstName\": \"Test\",\n    \"lastName\": \"User\",\n    \"email\": \"testuser@sandbox.com\",\n    \"phone\": \"+971509999999\"\n  },\n  \"returnUrl\": \"https://payments.zuato.com/payment/returnHome/\",\n  \"returnSuccUrl\": \"https://yoursite.com/sandbox/success/\",\n  \"returnErrorUrl\": \"https://yoursite.com/sandbox/failed/\"\n}","options":{"raw":{"language":"json"}}},"url":"https://sandbox.payments.zuato.com/api/payment-links/create/","description":"<h1 id=\"sandbox--create-payment-link\">Sandbox — Create Payment Link</h1>\n<h2 id=\"purpose\">Purpose</h2>\n<p>Test the payment link creation flow in the sandbox environment using test credentials and test card numbers. No real money is charged.</p>\n<h2 id=\"pre-requisites\">Pre-requisites</h2>\n<ul>\n<li>Sandbox credentials provisioned by Zuato (email <a href=\"mailto:support@zuato.com\">support@zuato.com</a>)</li>\n<li><code>sandbox_access_key</code> and <code>sandbox_secret_key</code> set in collection variables</li>\n</ul>\n<h2 id=\"after-running-this-request\">After Running This Request</h2>\n<ol>\n<li>Copy the <code>checkoutUrl</code> from the response</li>\n<li>Open it in a browser</li>\n<li>Use test card details from <strong>Section 6 — Test Card Details</strong> to simulate payment</li>\n<li>Run <strong>Sandbox — Get Order Details</strong> to verify the resulting status</li>\n</ol>\n<h2 id=\"notes\">Notes</h2>\n<ul>\n<li>Use amounts in AED for UAE sandbox testing</li>\n<li>The <code>sandbox_order_id</code> variable is automatically saved for use in the Get Order Details sandbox request</li>\n<li>All sandbox transactions appear in your sandbox dashboard but do not involve real funds</li>\n</ul>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"path":["api","payment-links","create",""],"host":["https://sandbox.payments.zuato.com"],"query":[],"variable":[]}},"response":[],"_postman_id":"1a793c7a-b66c-4c7b-b676-806e2e2c8205"},{"name":"Sandbox — Get Order Details","event":[{"listen":"test","script":{"type":"text/javascript","exec":["pm.test('Sandbox: Status code is 200 OK', function () {","    pm.response.to.have.status(200);","});","","const jsonResponse = pm.response.json();","","pm.test('Sandbox: Response contains data object', function () {","    pm.expect(jsonResponse).to.have.property('data');","});","","pm.test('Sandbox: Order status is a valid value', function () {","    if (jsonResponse.data) {","        const validStatuses = ['CREATED', 'pending', 'paid', 'failed'];","        pm.expect(validStatuses).to.include(jsonResponse.data.status);","        console.log('Sandbox order status:', jsonResponse.data.status);","    }","});"],"id":"1045cedb-7190-4d42-9e7c-37c52a9d9baf"}}],"id":"e410285a-5702-4acd-8a5e-f48de7c35a10","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"X-ACCESS-KEY","value":"ak_test_xxxxxxxxx","description":"<p>Sandbox Access Key.</p>\n","type":"text"},{"key":"X-SECRET-KEY","value":"sk_test_xxxxxxxxx","description":"<p>Sandbox Secret Key.</p>\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"url":"https://sandbox.payments.zuato.com/api/orders/details/{{sandbox_order_id}}/","description":"<h1 id=\"sandbox--get-order-details\">Sandbox — Get Order Details</h1>\n<p>Retrieve order details in the sandbox environment. Use this after completing a test payment on the sandbox checkout to verify your status handling logic.</p>\n<h2 id=\"pre-requisites\">Pre-requisites</h2>\n<ul>\n<li>Run <strong>Sandbox — Create Payment Link</strong> first (auto-populates <code>sandbox_order_id</code>)</li>\n<li>Complete a test payment using test card details from Section 6</li>\n</ul>\n<h2 id=\"expected-status-after-test-payment\">Expected Status After Test Payment</h2>\n<ul>\n<li>Successful test card → <code>paid</code></li>\n<li>Declined test card → <code>failed</code></li>\n<li>Not yet completed → <code>pending</code> or <code>CREATED</code></li>\n</ul>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"path":["api","orders","details","{{sandbox_order_id}}",""],"host":["https://sandbox.payments.zuato.com"],"query":[],"variable":[]}},"response":[],"_postman_id":"e410285a-5702-4acd-8a5e-f48de7c35a10"}],"id":"1f2747b8-1ff9-498d-a473-f95157979b0d","description":"<h1 id=\"api-sandbox-access\">API Sandbox Access</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>The Zuato Sandbox environment is an isolated test environment that mirrors production functionality without processing real money. Use the sandbox to:</p>\n<ul>\n<li>Develop and test your integration end-to-end</li>\n<li>Validate your request/response handling logic</li>\n<li>Test error scenarios and edge cases</li>\n<li>Run QA and regression testing before going live</li>\n</ul>\n<hr />\n<h2 id=\"how-to-get-sandbox-access\">How to Get Sandbox Access</h2>\n<p>Sandbox credentials are not automatically provisioned. To request access:</p>\n<ol>\n<li><strong>Email:</strong> <a href=\"mailto:support@zuato.com\">support@zuato.com</a></li>\n<li><strong>Subject:</strong> Sandbox Access Request</li>\n<li><strong>Include in your email:</strong><ul>\n<li>Business/company name</li>\n<li>Integration type (Hosted Payment Page / API / E-Commerce Platform)</li>\n<li>Developer contact name and email</li>\n<li>Expected go-live date</li>\n</ul>\n</li>\n</ol>\n<p>The Zuato technical team will provision your sandbox account and send credentials within 1–2 business days.</p>\n<hr />\n<h2 id=\"sandbox-vs-production\">Sandbox vs Production</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Aspect</th>\n<th>Sandbox</th>\n<th>Production</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>Base URL</strong></td>\n<td><code>https://sandbox.payments.zuato.com</code></td>\n<td><code>https://payments.zuato.com</code></td>\n</tr>\n<tr>\n<td><strong>Access Key prefix</strong></td>\n<td><code>ak_test_</code></td>\n<td><code>ak_live_</code></td>\n</tr>\n<tr>\n<td><strong>Secret Key prefix</strong></td>\n<td><code>sk_test_</code></td>\n<td><code>sk_live_</code></td>\n</tr>\n<tr>\n<td><strong>Real money processed</strong></td>\n<td>❌ No</td>\n<td>✅ Yes</td>\n</tr>\n<tr>\n<td><strong>Test cards work</strong></td>\n<td>✅ Yes</td>\n<td>❌ No</td>\n</tr>\n<tr>\n<td><strong>Dashboard</strong></td>\n<td>Sandbox dashboard</td>\n<td>Production dashboard</td>\n</tr>\n<tr>\n<td><strong>API endpoints</strong></td>\n<td>Same paths</td>\n<td>Same paths</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"sandbox-credentials\">Sandbox Credentials</h2>\n<p>Set your sandbox keys in the collection variables:</p>\n<ul>\n<li><code>sandbox_access_key</code> → your <code>ak_test_</code> key</li>\n<li><code>sandbox_secret_key</code> → your <code>sk_test_</code> key</li>\n</ul>\n<p>All requests in this folder use the <code>https://sandbox.payments.zuato.com</code> variable so you can switch environments without changing individual requests.</p>\n<hr />\n<h2 id=\"important-notes\">Important Notes</h2>\n<ul>\n<li><strong>Transactions in sandbox are not real.</strong> No actual charges or refunds occur.</li>\n<li><strong>Use test cards only</strong> (see Section 6 — Test Card Details) in the sandbox environment.</li>\n<li><strong>Do not use production API keys</strong> in the sandbox environment.</li>\n<li><strong>Do not use sandbox API keys</strong> in production.</li>\n</ul>\n","_postman_id":"1f2747b8-1ff9-498d-a473-f95157979b0d","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"3. Supported Wallets","item":[{"name":"Create Payment Link (Wallets Auto-Enabled)","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["// Wallet-enabled payment link — same endpoint as standard payment","// Wallets are automatically presented on the hosted checkout page","console.log('ℹ️  This request creates a standard payment link.');","console.log('ℹ️  All supported wallets are automatically presented on the checkout page.');","console.log('ℹ️  Supported: Apple Pay | Google Pay | Samsung Pay | BOTIM | PayBy | Alipay');","console.log('ℹ️  No additional wallet-specific integration code is required.');","","// Auto-generate a unique order ID","const walletOrderId = 'WALLET-ORD-' + Date.now();","pm.collectionVariables.set('merchant_order_ref', walletOrderId);","console.log('Generated wallet order ID:', walletOrderId);"],"id":"dd076d89-8b4d-4476-987e-69c2f371d372"}},{"listen":"test","script":{"type":"text/javascript","exec":["pm.test('Status code is 200 OK', function () {","    pm.response.to.have.status(200);","});","","const jsonResponse = pm.response.json();","","pm.test('Payment link created successfully', function () {","    pm.expect(jsonResponse.success).to.be.true;","});","","pm.test('checkoutUrl is present', function () {","    pm.expect(jsonResponse).to.have.property('checkoutUrl');","});","","if (jsonResponse.order && jsonResponse.order.id) {","    pm.collectionVariables.set('order_id', jsonResponse.order.id);","    console.log('✅ Checkout URL (all wallets available):', jsonResponse.checkoutUrl);","    console.log('ℹ️  When the customer opens this URL, they will see:');","    console.log('   🍎 Apple Pay (on Safari/iOS)');","    console.log('   🤖 Google Pay (on Chrome/Android)');","    console.log('   📱 Samsung Pay (on Samsung devices)');","    console.log('   💬 BOTIM Wallet');","    console.log('   💳 PayBy Wallet');","    console.log('   🔴 Alipay');","    console.log('   💳 Standard card payment');","}"],"id":"d39638e3-4d96-470f-ace6-a0897ceb44fa"}}],"id":"a8c3fa0e-e8c0-40ba-b1ac-700d981bede2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx","description":"<p>Your production Access Key.</p>\n","type":"text"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx","description":"<p>Your production Secret Key.</p>\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n  \"order\": {\n    \"id\": \"ORD-13001\",\n    \"amount\": 350,\n    \"currency\": \"AED\"\n  },\n  \"customer\": {\n    \"firstName\": \"Ahmed\",\n    \"lastName\": \"Al Rashid\",\n    \"email\": \"ahmed@example.ae\",\n    \"phone\": \"+971501234567\"\n  },\n  \"returnUrl\": \"https://payments.zuato.com/payment/returnHome/\",\n  \"returnSuccUrl\": \"https://yoursite.com/payment/success/\",\n  \"returnErrorUrl\": \"https://yoursite.com/payment/failed/\"\n}","options":{"raw":{"language":"json"}}},"url":"https://payments.zuato.com/api/payment-links/create/","description":"<h1 id=\"create-payment-link--all-wallets-auto-enabled\">Create Payment Link — All Wallets Auto-Enabled</h1>\n<h2 id=\"purpose\">Purpose</h2>\n<p>This request is <strong>identical</strong> to the standard Create Payment Link request. No additional parameters are needed to enable wallet payments.</p>\n<p>When the customer opens the <code>checkoutUrl</code> returned in this response, Zuato's hosted checkout automatically detects the customer's device and browser and presents all applicable wallet options alongside standard card payment.</p>\n<hr />\n<h2 id=\"wallets-automatically-available-on-checkout\">Wallets Automatically Available on Checkout</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Wallet</th>\n<th>Availability Condition</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Apple Pay</td>\n<td>Customer on Safari/iOS with Apple Pay configured</td>\n</tr>\n<tr>\n<td>Google Pay</td>\n<td>Customer on Chrome/Android with GPay set up</td>\n</tr>\n<tr>\n<td>Samsung Pay</td>\n<td>Customer on Samsung device with Samsung Pay configured</td>\n</tr>\n<tr>\n<td>BOTIM Wallet</td>\n<td>Customer has BOTIM app installed</td>\n</tr>\n<tr>\n<td>PayBy Wallet</td>\n<td>Customer has PayBy app installed</td>\n</tr>\n<tr>\n<td>Alipay</td>\n<td>Customer has Alipay app</td>\n</tr>\n<tr>\n<td>Card Payment</td>\n<td>Always available as fallback</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"✅-developer-action-required\">✅ Developer Action Required</h2>\n<p>None beyond sending this standard payment link request. All wallet handling, authentication, and processing is managed by Zuato's platform.</p>\n<hr />\n<h2 id=\"after-payment\">After Payment</h2>\n<p>Regardless of whether the customer paid via wallet or card, the order verification flow is identical:</p>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>GET /api/orders/details/{order_id}/\n</code></pre><p>The response <code>data.status</code> will reflect <code>paid</code>, <code>pending</code>, or <code>failed</code> for all payment methods.</p>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"path":["api","payment-links","create",""],"host":["https://payments.zuato.com"],"query":[],"variable":[]}},"response":[],"_postman_id":"a8c3fa0e-e8c0-40ba-b1ac-700d981bede2"}],"id":"5cec995d-f1af-401e-92ea-cec50763a902","description":"<h1 id=\"supported-wallets\">Supported Wallets</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>Zuato supports all major digital wallets out of the box. When you integrate using the standard payment link flow (Create Payment Link endpoint), <strong>wallet options are automatically presented</strong> to the customer on the hosted checkout page — no separate integration is required for each wallet.</p>\n<hr />\n<h2 id=\"key-benefit--single-integration-all-wallets\">Key Benefit — Single Integration, All Wallets</h2>\n<p>With a single cURL request to <code>/api/payment-links/create/</code>, your customers will automatically see all supported wallet options on the checkout page. Our system handles the entire wallet interaction, authentication, and payment processing on your behalf.</p>\n<p><strong>You do not need to:</strong></p>\n<ul>\n<li><p>Register separately with each wallet provider</p>\n</li>\n<li><p>Write separate integration code per wallet</p>\n</li>\n<li><p>Handle wallet authentication or tokens</p>\n</li>\n<li><p>Manage wallet-specific SDKs</p>\n</li>\n</ul>\n<p><strong>We handle everything for you.</strong></p>\n<hr />\n<h2 id=\"supported-wallets-1\">Supported Wallets</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Wallet</th>\n<th>Provider</th>\n<th>Region</th>\n<th>Type</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><strong>Apple Pay</strong></td>\n<td>Apple Inc.</td>\n<td>UAE &amp; Global</td>\n<td>Device-based NFC + in-app</td>\n</tr>\n<tr>\n<td><strong>Google Pay (GPay)</strong></td>\n<td>Google LLC</td>\n<td>UAE &amp; Global</td>\n<td>Android NFC + in-app</td>\n</tr>\n<tr>\n<td><strong>Samsung Pay</strong></td>\n<td>Samsung Electronics</td>\n<td>UAE &amp; Global</td>\n<td>NFC + MST</td>\n</tr>\n<tr>\n<td><strong>BOTIM Wallet</strong></td>\n<td>Etisalat / e&amp;</td>\n<td>UAE</td>\n<td>Local super-app wallet</td>\n</tr>\n<tr>\n<td><strong>PayBy Wallet</strong></td>\n<td>PayBy</td>\n<td>UAE</td>\n<td>Local digital wallet</td>\n</tr>\n<tr>\n<td><strong>Alipay Wallet</strong></td>\n<td>Ant Group</td>\n<td>China &amp; UAE</td>\n<td>QR-based payments</td>\n</tr>\n<tr>\n<td><strong>Additional Wallets</strong></td>\n<td>Various</td>\n<td>Region-dependent</td>\n<td>Contact support for full list</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"how-it-works\">How It Works</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>[1] You call POST /api/payment-links/create/\n       ↓\n[2] Zuato generates a hosted checkout URL\n       ↓\n[3] Customer opens the checkoutUrl\n       ↓\n[4] Checkout detects device capabilities and displays:\n    → Apple Pay (Safari/iOS)\n    → Google Pay (Chrome/Android)\n    → Samsung Pay (Samsung devices)\n    → BOTIM Wallet\n    → PayBy Wallet\n    → Alipay\n    → Standard card payment\n       ↓\n[5] Customer selects their preferred wallet and authenticates\n       ↓\n[6] Zuato processes the transaction and updates order status\n       ↓\n[7] Customer redirected to your returnSuccUrl or returnErrorUrl\n       ↓\n[8] You verify via GET /api/orders/details/{order_id}/\n\n</code></pre><hr />\n<h2 id=\"apple-pay-requirements\">Apple Pay Requirements</h2>\n<ul>\n<li><p>Customer must be on an Apple device with Safari</p>\n</li>\n<li><p>Apple Pay must be set up with at least one card on the device</p>\n</li>\n<li><p>Your <code>returnSuccUrl</code> domain must use HTTPS</p>\n</li>\n<li><p>No additional merchant registration required when using Zuato's hosted checkout</p>\n</li>\n</ul>\n<h2 id=\"google-pay-requirements\">Google Pay Requirements</h2>\n<ul>\n<li><p>Customer must be on Android or Chrome browser</p>\n</li>\n<li><p>A Google account with a saved payment method</p>\n</li>\n<li><p>Automatically rendered on compatible devices</p>\n</li>\n</ul>\n<h2 id=\"samsung-pay-requirements\">Samsung Pay Requirements</h2>\n<ul>\n<li><p>Samsung device with Samsung Pay configured</p>\n</li>\n<li><p>Supports NFC and MST (Magnetic Secure Transmission)</p>\n</li>\n</ul>\n<h2 id=\"botim-wallet-requirements\">BOTIM Wallet Requirements</h2>\n<ul>\n<li><p>Customer must have the BOTIM app installed and wallet funded</p>\n</li>\n<li><p>Available primarily in the UAE</p>\n</li>\n</ul>\n<h2 id=\"payby-wallet-requirements\">PayBy Wallet Requirements</h2>\n<ul>\n<li><p>Customer must have the PayBy app installed</p>\n</li>\n<li><p>Account must be verified and funded</p>\n</li>\n<li><p>Available in the UAE</p>\n</li>\n</ul>\n<h2 id=\"alipay-requirements\">Alipay Requirements</h2>\n<ul>\n<li><p>Customer must have the Alipay app</p>\n</li>\n<li><p>Primarily used by Chinese nationals and tourists in the UAE</p>\n</li>\n<li><p>QR-code based flow on the checkout page</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"no-additional-integration-needed\">No Additional Integration Needed</h2>\n<p>The wallet payment request below uses the <strong>exact same endpoint</strong> as a standard card payment. The only difference is that the customer selects a wallet on the checkout page instead of entering card details. Everything else is handled by Zuato's platform.</p>\n","_postman_id":"5cec995d-f1af-401e-92ea-cec50763a902","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"4. Website Checklist","item":[{"name":"Website Compliance Check (Informational)","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["// This is an informational request — it does not call a live API endpoint.","// It serves as a structured checklist reference within the collection.","console.log('📋 ZUATO WEBSITE COMPLIANCE CHECKLIST');","console.log('=====================================');","console.log('');","console.log('✅ GENERAL CONTENT');","console.log('  □ Business activity matches licensed activity');","console.log('  □ URL matches Zuato application URL');","console.log('  □ No prohibited products/services');","console.log('  □ Product descriptions + pricing + currency displayed');","console.log('  □ Visa/Mastercard logos on homepage');","console.log('');","console.log('✅ REQUIRED PAGES');","console.log('  □ About Us — business nature described');","console.log('  □ Terms & Conditions — UAE domicile, OFAC, minors, cards');","console.log('  □ Privacy Policy — data protection, no third-party sharing');","console.log('  □ Delivery Policy — shipping, fees, timelines (physical goods)');","console.log('  □ Payment Confirmation — how customer is notified (services)');","console.log('  □ Refund Policy — 10-45 day timeline, scenarios covered');","console.log('  □ Cancellation Policy — conditions and timeframes');","console.log('  □ Contact Us — name, email, phone, PO Box, address, UAE');","console.log('');","console.log('📧 Questions? Contact support@zuato.com');"],"id":"f0e5804b-4eb7-4298-9000-4a8b6f7688ca"}},{"listen":"test","script":{"type":"text/javascript","exec":["// This request is informational — it targets a placeholder URL.","// Check the Postman console (View > Console) to see the full checklist output.","pm.test('Website checklist reference loaded', function () {","    console.log('✅ Checklist displayed in Postman console.');","    console.log('ℹ️  This is an informational folder — no live API is called.');","    console.log('ℹ️  Review the folder description for the full compliance checklist.');","    pm.expect(true).to.be.true;","});"],"id":"bb5ef109-721c-4d44-8f94-a9761a953fa6"}}],"id":"df3b6c45-a2d9-4fc5-877a-2a6c21515660","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://zuato.com","description":"<h1 id=\"website-compliance--informational-reference\">Website Compliance — Informational Reference</h1>\n<p>This request is <strong>informational only</strong> and does not call a Zuato payment API endpoint.</p>\n<p>It exists within the collection as a structured reference to the card scheme website compliance requirements that all merchants must meet before going live.</p>\n<h2 id=\"purpose\">Purpose</h2>\n<ul>\n<li>Provides a quick-reference checklist for developers and compliance teams</li>\n<li>Outputs a structured checklist to the Postman console when run</li>\n<li>Serves as a reminder during pre-launch QA</li>\n</ul>\n<h2 id=\"to-view-the-checklist\">To View the Checklist</h2>\n<ol>\n<li>Open Postman Console (View → Show Postman Console, or Ctrl+Alt+C)</li>\n<li>Click <strong>Send</strong> on this request</li>\n<li>Review the structured checklist output in the console</li>\n</ol>\n<h2 id=\"full-checklist-summary\">Full Checklist Summary</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Section</th>\n<th>Key Requirement</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>General Content</td>\n<td>Business activity, URL, card logos, no prohibited goods</td>\n</tr>\n<tr>\n<td>About Us</td>\n<td>Clear business description</td>\n</tr>\n<tr>\n<td>T&amp;C</td>\n<td>UAE domicile, OFAC, minors, card types, confidentiality</td>\n</tr>\n<tr>\n<td>Privacy Policy</td>\n<td>No data sharing/selling, security measures, third-party disclaimer</td>\n</tr>\n<tr>\n<td>Delivery Policy</td>\n<td>Shipping process, fees, timelines, proof of delivery</td>\n</tr>\n<tr>\n<td>Payment Confirmation</td>\n<td>Email/SMS/mail confirmation for service payments</td>\n</tr>\n<tr>\n<td>Refund Policy</td>\n<td>10-45 days to original method, scenarios defined</td>\n</tr>\n<tr>\n<td>Cancellation Policy</td>\n<td>Timeframes and conditions specified</td>\n</tr>\n<tr>\n<td>Contact Us</td>\n<td>Name, email, phone, PO Box, address, UAE</td>\n</tr>\n</tbody>\n</table>\n</div><h2 id=\"questions\">Questions?</h2>\n<p>Email <strong><a href=\"mailto:support@zuato.com\">support@zuato.com</a></strong> for compliance guidance.</p>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"protocol":"https","host":["zuato","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"df3b6c45-a2d9-4fc5-877a-2a6c21515660"}],"id":"64f3c040-c918-43c7-bbeb-3043b2aaff32","description":"<h1 id=\"website-checklist\">Website Checklist</h1>\n<blockquote>\n<p>⚠️ Please ensure your website meets ALL requirements listed below as per credit card scheme regulations (Visa, Mastercard). </p>\n</blockquote>\n<p>Website content requirements provide a smooth shopping experience for consumers and minimise cardholder disputes and chargebacks. Non-compliance may result in your merchant account being suspended or terminated.</p>\n<hr />\n<h2 id=\"✅-general-website-content\">✅ General Website Content</h2>\n<ul>\n<li><p>Website content reflects your licensed business activity</p>\n</li>\n<li><p>Website URL matches the one provided in your Zuato application — no other URL permitted</p>\n</li>\n<li><p>Website does not contain prohibited products or services</p>\n</li>\n<li><p>Website displays item/product/service descriptions, pricing, and transaction currency</p>\n</li>\n<li><p>Website displays accepted card logos (Visa, Mastercard, etc.) on the Home page</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"✅-about-us-page\">✅ About Us Page</h2>\n<ul>\n<li>Clearly describes the nature and activity of the business</li>\n</ul>\n<hr />\n<h2 id=\"✅-terms-and-conditions-tc\">✅ Terms and Conditions (T&amp;C)</h2>\n<p>Must include:</p>\n<ul>\n<li><p>\"United Arab Emirates is our country of domicile\" — with governing law stated as local UAE law</p>\n</li>\n<li><p>Accepted card types (Visa, Mastercard) and transaction currencies</p>\n</li>\n<li><p>Statement: \"We will not trade with or provide services to OFAC or sanctioned countries\"</p>\n</li>\n<li><p>Minors under 18 may not register or transact on the website</p>\n</li>\n<li><p>Cardholders must retain transaction records and comply with merchant policies</p>\n</li>\n<li><p>Users are responsible for maintaining the confidentiality of their accounts</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"✅-privacy-policy-pp\">✅ Privacy Policy (PP)</h2>\n<ul>\n<li><p>Cardholder details and personally identifiable information will not be stored, sold, shared, rented, or leased to third parties</p>\n</li>\n<li><p>Merchant will not pass card details to third parties</p>\n</li>\n<li><p>Merchant ensures data privacy and security through hardware and software measures, but cannot guarantee absolute online security</p>\n</li>\n<li><p>Merchant is not responsible for privacy policies of linked third-party websites</p>\n</li>\n<li><p>Website policies and T&amp;C may be updated occasionally — customers should check frequently for updates</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"✅-delivery-policy-physical-products\">✅ Delivery Policy (Physical Products)</h2>\n<ul>\n<li><p>Clearly describes the shipping process and conditions for items/goods</p>\n</li>\n<li><p>States delivery fees or free delivery options</p>\n</li>\n<li><p>States delivery times for local and international orders</p>\n</li>\n<li><p>Proof of delivery receipt signed or confirmed by the registered customer must be kept</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"✅-payment-confirmation-services\">✅ Payment Confirmation (Services)</h2>\n<ul>\n<li>Describes how customers will receive payment confirmation (email, SMS, or mail) and expected timing</li>\n</ul>\n<hr />\n<h2 id=\"✅-refund-policy\">✅ Refund Policy</h2>\n<ul>\n<li><p>Refunds are issued to the original payment method within 10–45 days (depending on issuing bank)</p>\n</li>\n<li><p>Clearly details return, refund, and cancellation policies</p>\n</li>\n<li><p>Covers scenarios: wrong product sent, defective product, damaged in shipping, product tampered</p>\n</li>\n<li><p>If no refund policy exists, this must be clearly communicated BEFORE purchase</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"✅-cancellation-policy\">✅ Cancellation Policy</h2>\n<ul>\n<li><p>Specifies the time frame and conditions for reporting cancellations or replacements</p>\n</li>\n<li><p>States conditions under which cancellation or replacement is allowed</p>\n</li>\n<li><p>If no cancellation policy exists, this must be clearly communicated before purchase</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"✅-contact-us-page\">✅ Contact Us Page</h2>\n<p>Must display ALL of the following:</p>\n<ul>\n<li><p>Company name</p>\n</li>\n<li><p>Email address</p>\n</li>\n<li><p>Phone numbers</p>\n</li>\n<li><p>P.O. Box</p>\n</li>\n<li><p>Office address</p>\n</li>\n<li><p>Country: UAE</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"consequences-of-non-compliance\">Consequences of Non-Compliance</h2>\n<p>Failure to meet card scheme website requirements may result in:</p>\n<ul>\n<li><p>Increased chargeback ratios</p>\n</li>\n<li><p>Merchant account suspension</p>\n</li>\n<li><p>Termination of payment processing services</p>\n</li>\n<li><p>Fines from card schemes (Visa/Mastercard)</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"pre-launch-checklist\">Pre-Launch Checklist</h2>\n<p>Before submitting your website for review, ensure:</p>\n<ol>\n<li><p>All 8 sections above are complete</p>\n</li>\n<li><p>All policies are accessible from the website footer</p>\n</li>\n<li><p>Card logos are visible on the homepage</p>\n</li>\n<li><p>Contact details are accurate and up to date</p>\n</li>\n<li><p>The website URL matches your Zuato application exactly</p>\n</li>\n</ol>\n<p>If you have questions about compliance requirements, contact: <a href=\"https://mailto:support@zuato.com\"><b>support@zuato.com</b></a></p>\n","_postman_id":"64f3c040-c918-43c7-bbeb-3043b2aaff32","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"5. Response Codes","item":[{"name":"Response Codes Reference (Informational)","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["console.log('📊 ZUATO API RESPONSE CODES REFERENCE');","console.log('=====================================');","console.log('');","console.log('HTTP STATUS CODES:');","console.log('  200 — OK               → Request successful');","console.log('  400 — Bad Request       → Fix request parameters');","console.log('  401 — Unauthorized      → Check API keys');","console.log('  404 — Not Found         → Check order_id / refund_id');","console.log('  409 — Conflict          → Duplicate order ID or refund');","console.log('  500 — Server Error      → Retry with backoff');","console.log('');","console.log('ORDER STATUS VALUES:');","console.log('  CREATED  → Link generated, customer not yet paid');","console.log('  pending  → Payment processing, do not fulfil yet');","console.log('  paid     → ✅ Payment confirmed, safe to fulfil');","console.log('  failed   → ❌ Payment failed, prompt retry');","console.log('');","console.log('REFUND STATUS VALUES:');","console.log('  pending  → Refund submitted, awaiting admin review');","console.log('  approved → ✅ Refund approved, funds being returned');","console.log('  rejected → ❌ Refund declined, check dashboard');"],"id":"55c6a1df-1d33-419f-baf4-48da7726e2d6"}},{"listen":"test","script":{"type":"text/javascript","exec":["pm.test('Response codes reference loaded', function () {","    console.log('✅ Response codes reference displayed in Postman console.');","    pm.expect(true).to.be.true;","});"],"id":"56813cc3-add3-426d-becd-bf17a2e8c9b0"}}],"id":"a121b760-327a-4a66-9e6b-8e39bd16df81","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://zuato.com","description":"<h1 id=\"response-codes--informational-reference\">Response Codes — Informational Reference</h1>\n<p>This request is <strong>informational only</strong>. It outputs the complete Zuato API response code and status reference to the Postman console when run.</p>\n<h2 id=\"to-view-the-reference\">To View the Reference</h2>\n<ol>\n<li>Open Postman Console (View → Show Postman Console)</li>\n<li>Click <strong>Send</strong></li>\n<li>Review the output in the console</li>\n</ol>\n<p>Alternatively, refer to the <strong>folder description</strong> above for the full reference table.</p>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"protocol":"https","host":["zuato","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"a121b760-327a-4a66-9e6b-8e39bd16df81"}],"id":"1fdffec4-e280-4080-8691-5a75b15a9d32","description":"<h1 id=\"response-codes\">Response Codes</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>All Zuato API responses follow standard HTTP status codes combined with a JSON response body containing a <code>success</code> boolean and either a <code>data</code> object (on success) or an <code>error</code> message (on failure).</p>\n<hr />\n<h2 id=\"http-status-codes\">HTTP Status Codes</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Code</th>\n<th>Status</th>\n<th>Meaning</th>\n<th>Action Required</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>200</code></td>\n<td>OK</td>\n<td>Request was successful</td>\n<td>Process the response data</td>\n</tr>\n<tr>\n<td><code>400</code></td>\n<td>Bad Request</td>\n<td>Missing or invalid parameters</td>\n<td>Check request body and fix errors</td>\n</tr>\n<tr>\n<td><code>401</code></td>\n<td>Unauthorized</td>\n<td>API keys missing, invalid, or expired</td>\n<td>Verify X-ACCESS-KEY and X-SECRET-KEY headers</td>\n</tr>\n<tr>\n<td><code>404</code></td>\n<td>Not Found</td>\n<td>The specified resource (order/refund) does not exist</td>\n<td>Check the order_id or refund_id value</td>\n</tr>\n<tr>\n<td><code>409</code></td>\n<td>Conflict</td>\n<td>Duplicate order ID submitted</td>\n<td>Generate a new unique order.id</td>\n</tr>\n<tr>\n<td><code>500</code></td>\n<td>Internal Server Error</td>\n<td>Zuato server-side error</td>\n<td>Retry after a brief delay; contact support if persistent</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"order-status-values\">Order Status Values</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Status</th>\n<th>Stage</th>\n<th>Description</th>\n<th>Merchant Action</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>CREATED</code></td>\n<td>Initial</td>\n<td>Payment link generated, customer not yet paid</td>\n<td>Await customer payment</td>\n</tr>\n<tr>\n<td><code>pending</code></td>\n<td>Processing</td>\n<td>Payment is being processed by the bank/wallet</td>\n<td>Poll again; do NOT fulfil order yet</td>\n</tr>\n<tr>\n<td><code>paid</code></td>\n<td>Final ✅</td>\n<td>Payment completed successfully</td>\n<td>Safe to fulfil the order</td>\n</tr>\n<tr>\n<td><code>failed</code></td>\n<td>Final ❌</td>\n<td>Payment was unsuccessful</td>\n<td>Prompt customer to retry or use alternative method</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"refund-status-values\">Refund Status Values</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Status</th>\n<th>Stage</th>\n<th>Description</th>\n<th>Merchant Action</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>pending</code></td>\n<td>Initial</td>\n<td>Refund submitted and queued for admin review</td>\n<td>Inform customer — refund under review</td>\n</tr>\n<tr>\n<td><code>approved</code></td>\n<td>Final ✅</td>\n<td>Refund approved — funds being returned to customer</td>\n<td>Notify customer of successful refund</td>\n</tr>\n<tr>\n<td><code>rejected</code></td>\n<td>Final ❌</td>\n<td>Refund request declined by admin team</td>\n<td>Check dashboard for reason; contact support</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"standard-response-envelope\">Standard Response Envelope</h2>\n<h3 id=\"success-response\">Success Response</h3>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"success\": true,\n  \"data\": { ... }\n}\n\n</code></pre>\n<h3 id=\"error-response\">Error Response</h3>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"success\": false,\n  \"error\": \"Human-readable error message explaining what went wrong\"\n}\n\n</code></pre>\n<hr />\n<h2 id=\"common-error-scenarios\">Common Error Scenarios</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Scenario</th>\n<th>HTTP Code</th>\n<th>Error Message Example</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Missing required field</td>\n<td>400</td>\n<td><code>\"Missing required fields: order.amount, order.currency\"</code></td>\n</tr>\n<tr>\n<td>Invalid currency code</td>\n<td>400</td>\n<td><code>\"Invalid currency code. Use ISO 4217 format (e.g. AED, USD)\"</code></td>\n</tr>\n<tr>\n<td>Refund amount exceeds original</td>\n<td>400</td>\n<td><code>\"Refund amount must be less than or equal to transaction amount (AED 250)\"</code></td>\n</tr>\n<tr>\n<td>Wrong or missing API key</td>\n<td>401</td>\n<td><code>\"Unauthorized. API keys are missing, invalid, or expired.\"</code></td>\n</tr>\n<tr>\n<td>Order not found</td>\n<td>404</td>\n<td><code>\"Order not found. The specified order ID does not exist.\"</code></td>\n</tr>\n<tr>\n<td>Duplicate order ID</td>\n<td>409</td>\n<td><code>\"Conflict. An order with this ID already exists.\"</code></td>\n</tr>\n<tr>\n<td>Refund already submitted</td>\n<td>409</td>\n<td><code>\"Conflict. A refund request already exists for this order.\"</code></td>\n</tr>\n<tr>\n<td>Server error</td>\n<td>500</td>\n<td><code>\"Internal server error. Please retry after a brief delay.\"</code></td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"retry-logic-recommendations\">Retry Logic Recommendations</h2>\n<ul>\n<li><p><strong>400 errors:</strong> Do not retry — fix the request parameters first</p>\n</li>\n<li><p><strong>401 errors:</strong> Do not retry — verify and regenerate your API keys</p>\n</li>\n<li><p><strong>404 errors:</strong> Do not retry — verify the order_id is correct</p>\n</li>\n<li><p><strong>409 errors:</strong> Do not retry — check if the order already exists before creating a new one</p>\n</li>\n<li><p><strong>500 errors:</strong> Retry with exponential backoff (wait 1s, 2s, 4s between retries); contact <a href=\"https://mailto:support@zuato.com\">support@zuato.com</a> if persistent</p>\n</li>\n</ul>\n","_postman_id":"1fdffec4-e280-4080-8691-5a75b15a9d32","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"6. Test Card Details","item":[{"name":"Test Card Reference (Informational)","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["console.log('💳 ZUATO SANDBOX TEST CARD REFERENCE');","console.log('=====================================');","console.log('');","console.log('⚠️  USE IN SANDBOX ENVIRONMENT ONLY');","console.log('');","console.log('✅ SUCCESSFUL PAYMENT CARDS:');","console.log('  4111 1111 1111 1111 — Visa (Success)');","console.log('  4242 4242 4242 4242 — Visa (Success)');","console.log('  5500 0000 0000 0004 — Mastercard (Success)');","console.log('  5555 5555 5555 4444 — Mastercard (Success)');","console.log('  3782 8224 6310 005  — Amex (Success, 15 digits)');","console.log('');","console.log('❌ DECLINED PAYMENT CARDS:');","console.log('  4000 0000 0000 0002 — Visa (Generic Decline)');","console.log('  4000 0000 0000 9995 — Visa (Insufficient Funds)');","console.log('  4000 0000 0000 0069 — Visa (Expired Card)');","console.log('  4000 0000 0000 0127 — Visa (Incorrect CVV)');","console.log('');","console.log('🔐 3D SECURE CARDS:');","console.log('  4000 0000 0000 3220 — Visa 3DS Required (OTP: 123456)');","console.log('  4000 0008 4000 1629 — Visa 3DS Success');","console.log('  4000 0008 4000 1280 — Visa 3DS Failure');","console.log('');","console.log('CARD DETAILS TO USE:');","console.log('  Expiry: Any future date (e.g., 12/26)');","console.log('  CVV: 123');","console.log('  Name: Test User');"],"id":"3d91ea5c-68d4-4ff0-b4e8-94a9829795d8"}},{"listen":"test","script":{"type":"text/javascript","exec":["pm.test('Test card reference loaded', function () {","    console.log('✅ Test card reference displayed in Postman console.');","    pm.expect(true).to.be.true;","});"],"id":"2ac6fd3c-d543-4c85-b7e6-199edec983a3"}}],"id":"8d1d522e-3b04-4d97-ae91-7df31da6f2e6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"https://zuato.com","description":"<h1 id=\"test-card-details--informational-reference\">Test Card Details — Informational Reference</h1>\n<p>This request outputs the complete Zuato sandbox test card reference to the Postman console when run.</p>\n<h2 id=\"usage\">Usage</h2>\n<ol>\n<li>Open Postman Console</li>\n<li>Click Send</li>\n<li>Review the test card list in the console</li>\n</ol>\n<p>Refer to the folder description for the full formatted reference table.</p>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"protocol":"https","host":["zuato","com"],"query":[],"variable":[]}},"response":[],"_postman_id":"8d1d522e-3b04-4d97-ae91-7df31da6f2e6"}],"id":"52e92a1a-0dab-4293-b11c-21ad54cdc629","description":"<h1 id=\"test-card-details\">Test Card Details</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>Use the following test card details in the <strong>sandbox environment only</strong> to simulate various payment scenarios. These cards will not work in the production environment and do not charge real money.</p>\n<hr />\n<h2 id=\"important-rules\">Important Rules</h2>\n<ul>\n<li><p>Test cards are <strong>only valid in the sandbox environment</strong> (<code>https://sandbox.payments.zuato.com</code>)</p>\n</li>\n<li><p><strong>Never use real card numbers</strong> in the sandbox environment</p>\n</li>\n<li><p><strong>Never use test card numbers</strong> in the production environment</p>\n</li>\n<li><p>Use any future expiry date (e.g., 12/26, 01/27)</p>\n</li>\n<li><p>Use any 3-digit CVV (e.g., 123) unless a specific CVV is listed</p>\n</li>\n<li><p>Use any name for the cardholder name field</p>\n</li>\n<li><p>Use any valid UAE or international billing address</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"successful-payment-test-cards\">Successful Payment Test Cards</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Card Number</th>\n<th>Network</th>\n<th>Scenario</th>\n<th>Notes</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>4111 1111 1111 1111</code></td>\n<td>Visa</td>\n<td>Successful payment</td>\n<td>Standard Visa test card</td>\n</tr>\n<tr>\n<td><code>4242 4242 4242 4242</code></td>\n<td>Visa</td>\n<td>Successful payment</td>\n<td>Common Visa test card</td>\n</tr>\n<tr>\n<td><code>5500 0000 0000 0004</code></td>\n<td>Mastercard</td>\n<td>Successful payment</td>\n<td>Standard Mastercard test card</td>\n</tr>\n<tr>\n<td><code>5555 5555 5555 4444</code></td>\n<td>Mastercard</td>\n<td>Successful payment</td>\n<td>Common Mastercard test card</td>\n</tr>\n<tr>\n<td><code>3782 8224 6310 005</code></td>\n<td>Amex</td>\n<td>Successful payment</td>\n<td>American Express (15 digits)</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"declined-payment-test-cards\">Declined Payment Test Cards</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Card Number</th>\n<th>Network</th>\n<th>Decline Reason</th>\n<th>Notes</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>4000 0000 0000 0002</code></td>\n<td>Visa</td>\n<td>Card declined (generic)</td>\n<td>Simulate a generic decline</td>\n</tr>\n<tr>\n<td><code>4000 0000 0000 9995</code></td>\n<td>Visa</td>\n<td>Insufficient funds</td>\n<td>Simulate insufficient balance</td>\n</tr>\n<tr>\n<td><code>4000 0000 0000 0069</code></td>\n<td>Visa</td>\n<td>Expired card</td>\n<td>Simulate expired card error</td>\n</tr>\n<tr>\n<td><code>4000 0000 0000 0127</code></td>\n<td>Visa</td>\n<td>Incorrect CVV</td>\n<td>Simulate wrong CVV</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"3d-secure-test-cards\">3D Secure Test Cards</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Card Number</th>\n<th>Network</th>\n<th>3DS Result</th>\n<th>Notes</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>4000 0000 0000 3220</code></td>\n<td>Visa</td>\n<td>3DS authentication required</td>\n<td>Use OTP: 123456</td>\n</tr>\n<tr>\n<td><code>4000 0008 4000 1629</code></td>\n<td>Visa</td>\n<td>3DS — Authenticated successfully</td>\n<td></td>\n</tr>\n<tr>\n<td><code>4000 0008 4000 1280</code></td>\n<td>Visa</td>\n<td>3DS — Authentication failed</td>\n<td>Simulates 3DS failure</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"test-card-usage-instructions\">Test Card Usage Instructions</h2>\n<ol>\n<li><p>Run <strong>Sandbox — Create Payment Link</strong> (Section 2) to generate a checkout URL</p>\n</li>\n<li><p>Open the <code>checkoutUrl</code> in your browser</p>\n</li>\n<li><p>On the checkout page, select <strong>Card Payment</strong></p>\n</li>\n<li><p>Enter the test card details:</p>\n<ul>\n<li><p><strong>Card Number:</strong> from the table above</p>\n</li>\n<li><p><strong>Expiry Date:</strong> any future date (e.g., 12/26)</p>\n</li>\n<li><p><strong>CVV:</strong> 123 (or as specified)</p>\n</li>\n<li><p><strong>Name:</strong> any name (e.g., Test User)</p>\n</li>\n</ul>\n</li>\n<li><p>Complete the payment</p>\n</li>\n<li><p>Run <strong>Sandbox — Get Order Details</strong> to check the resulting status</p>\n</li>\n</ol>\n<hr />\n<h2 id=\"expected-results\">Expected Results</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Card Type</th>\n<th>Expected Order Status</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Successful card</td>\n<td><code>paid</code></td>\n</tr>\n<tr>\n<td>Declined card</td>\n<td><code>failed</code></td>\n</tr>\n<tr>\n<td>3DS successful</td>\n<td><code>paid</code></td>\n</tr>\n<tr>\n<td>3DS failed</td>\n<td><code>failed</code></td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"questions\">Questions?</h2>\n<p>Contact <a href=\"https://mailto:support@zuato.com\"><b>support@zuato.com</b></a> for additional test scenarios or if test cards are not behaving as expected in the sandbox environment.</p>\n","_postman_id":"52e92a1a-0dab-4293-b11c-21ad54cdc629","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"7. Refund / Payout API","item":[{"name":"Submit Refund Request","event":[{"listen":"prerequest","script":{"type":"text/javascript","exec":["// Pre-request validation for refund submission","const orderId = pm.collectionVariables.get('order_id');","","if (!orderId || orderId === 'ord_abcd1234') {","    console.warn('⚠️  order_id is using the placeholder value.');","    console.warn('⚠️  Before submitting a refund:');","    console.warn('    1. Run Section 1 > Create Payment Link');","    console.warn('    2. Complete payment on the checkoutUrl');","    console.warn('    3. Verify status is paid via Get Order Details');","    console.warn('    4. Then run this refund request');","} else {","    console.log('✅ Submitting refund for order_id:', orderId);","    console.log('ℹ️  Ensure the order status is paid before submitting.');","    console.log('ℹ️  Endpoint:', pm.collectionVariables.get('base_url') + '/api/refunds/create/');","}"],"id":"fc07bed6-f80a-42f0-92f7-bcee0438edd4"}},{"listen":"test","script":{"type":"text/javascript","exec":["// ─── STATUS CODE ───","pm.test('Status code is 200 OK', function () {","    pm.response.to.have.status(200);","});","","// ─── RESPONSE TIME ───","pm.test('Response time is under 5000ms', function () {","    pm.expect(pm.response.responseTime).to.be.below(5000);","});","","// ─── PARSE RESPONSE ───","let jsonResponse;","pm.test('Response body is valid JSON', function () {","    jsonResponse = pm.response.json();","    pm.expect(jsonResponse).to.be.an('object');","});","","if (jsonResponse) {","    // ─── SUCCESS FLAG ───","    pm.test('Response contains success: true', function () {","        pm.expect(jsonResponse.success).to.be.true;","    });","","    // ─── MESSAGE ───","    pm.test('Response contains a message', function () {","        pm.expect(jsonResponse).to.have.property('message');","        pm.expect(jsonResponse.message).to.be.a('string');","    });","","    // ─── DATA OBJECT ───","    pm.test('Response contains data object', function () {","        pm.expect(jsonResponse).to.have.property('data');","        pm.expect(jsonResponse.data).to.be.an('object');","    });","","    if (jsonResponse.data) {","        // ─── REFUND ID ───","        pm.test('data.refund_id is present and is a number', function () {","            pm.expect(jsonResponse.data).to.have.property('refund_id');","            pm.expect(jsonResponse.data.refund_id).to.be.a('number');","        });","","        // ─── ORDER ID ───","        pm.test('data.order_id matches the submitted order', function () {","            pm.expect(jsonResponse.data).to.have.property('order_id');","        });","","        // ─── REFUND AMOUNT ───","        pm.test('data.refund_amount is a positive number', function () {","            pm.expect(jsonResponse.data.refund_amount).to.be.a('number');","            pm.expect(jsonResponse.data.refund_amount).to.be.above(0);","        });","","        // ─── TRANSACTION AMOUNT ───","        pm.test('data.transaction_amount is present', function () {","            pm.expect(jsonResponse.data).to.have.property('transaction_amount');","        });","","        // ─── REFUND AMOUNT ≤ TRANSACTION AMOUNT ───","        pm.test('Refund amount is not greater than transaction amount', function () {","            pm.expect(jsonResponse.data.refund_amount).to.be.at.most(jsonResponse.data.transaction_amount);","        });","","        // ─── STATUS ───","        pm.test('data.status is pending', function () {","            pm.expect(jsonResponse.data.status).to.equal('pending');","        });","","        // ─── CREATED AT ───","        pm.test('data.created_at is a valid ISO 8601 timestamp', function () {","            const date = new Date(jsonResponse.data.created_at);","            pm.expect(date.toString()).to.not.equal('Invalid Date');","        });","","        // ─── LOG REFUND DETAILS ───","        console.log('✅ Refund submitted successfully');","        console.log('📋 Refund ID:', jsonResponse.data.refund_id);","        console.log('📋 Order ID:', jsonResponse.data.order_id);","        console.log('💰 Refund Amount:', jsonResponse.data.refund_amount);","        console.log('💰 Original Amount:', jsonResponse.data.transaction_amount);","        console.log('📊 Status:', jsonResponse.data.status);","        console.log('⏰ Created At:', jsonResponse.data.created_at);","        console.log('ℹ️  Refund is pending admin review. Do not resubmit.');","        console.log('ℹ️  Inform your customer that the refund is under review.');","        console.log('ℹ️  Timeline: 10-45 business days depending on issuing bank.');","    }","}"],"id":"56fe9a74-bb99-437f-afac-67abadd0857e"}}],"id":"d61c2cef-341b-464a-bc62-ae8a38656cd1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx","description":"<p>Your production Access Key from the Zuato dashboard.</p>\n","type":"text"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx","description":"<p>Your production Secret Key. Keep confidential — never expose in client-side code.</p>\n","type":"text"},{"key":"Content-Type","value":"application/json","description":"<p>Must be application/json.</p>\n","type":"text"}],"body":{"mode":"raw","raw":"{\n  \"order_id\": \"ord_abcd1234\",\n  \"amount\": 50,\n  \"description\": \"Customer requested refund for partial return — Order ORD-13001\"\n}","options":{"raw":{"language":"json"}}},"url":"https://payments.zuato.com/api/refunds/create/","description":"<h1 id=\"submit-refund-request\">Submit Refund Request</h1>\n<h2 id=\"purpose\">Purpose</h2>\n<p>Submits a refund request against a successfully paid order. The refund is reviewed by the Zuato admin team before funds are returned to the customer's original payment method.</p>\n<hr />\n<h2 id=\"endpoint\">Endpoint</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>POST https://payments.zuato.com/api/refunds/create/\n\n</code></pre><hr />\n<h2 id=\"prerequisites\">Prerequisites</h2>\n<ol>\n<li><p>The order must have <code>status: paid</code> — verify via <code>GET /api/orders/details/{order_id}/</code></p>\n</li>\n<li><p>You must use the <strong>Zuato-generated order ID</strong> (<code>ord_xxxx</code>), not your merchant reference</p>\n</li>\n<li><p>Valid API credentials in the request headers</p>\n</li>\n</ol>\n<hr />\n<h2 id=\"request-body-parameters\">Request Body Parameters</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Parameter</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>order_id</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>The Zuato-generated order ID (<code>ord_xxxx</code>) of the paid transaction. This is the <code>order.id</code> value returned from the Create Payment Link response.</td>\n</tr>\n<tr>\n<td><code>amount</code></td>\n<td>number</td>\n<td>✅ Yes</td>\n<td>Refund amount in the original transaction currency. Must be &gt; 0 and ≤ original transaction amount.</td>\n</tr>\n<tr>\n<td><code>description</code></td>\n<td>string</td>\n<td>✅ Yes</td>\n<td>Clear, human-readable reason for the refund. Visible to admin team during review. Be specific for faster approval.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"amount-rules\">Amount Rules</h2>\n<ul>\n<li><p>✅ Full refund: <code>amount</code> = original transaction amount (e.g., 250 for a 250 AED order)</p>\n</li>\n<li><p>✅ Partial refund: <code>amount</code> &lt; original transaction amount (e.g., 50 for a partial return)</p>\n</li>\n<li><p>❌ Over-refund: <code>amount</code> &gt; original transaction amount → returns HTTP 400</p>\n</li>\n<li><p>❌ Zero amount: <code>amount</code> = 0 → returns HTTP 400</p>\n</li>\n<li><p>❌ Negative amount: <code>amount</code> &lt; 0 → returns HTTP 400</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"currency\">Currency</h2>\n<p>The refund currency is <strong>automatically inherited from the original order</strong>. You do not need to specify the currency in the refund request.</p>\n<hr />\n<h2 id=\"success-response-200-ok\">Success Response (200 OK)</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"success\": true,\n  \"message\": \"Refund request submitted successfully\",\n  \"data\": {\n    \"refund_id\": 1,\n    \"order_id\": \"ord_abcd1234\",\n    \"refund_amount\": 50,\n    \"transaction_amount\": 250,\n    \"description\": \"Customer requested refund for partial return\",\n    \"status\": \"pending\",\n    \"created_at\": \"2024-01-15T11:00:00Z\"\n  }\n}\n\n</code></pre>\n<h3 id=\"response-fields\">Response Fields</h3>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>success</code></td>\n<td>boolean</td>\n<td><code>true</code> if refund was submitted successfully</td>\n</tr>\n<tr>\n<td><code>message</code></td>\n<td>string</td>\n<td>Human-readable confirmation message</td>\n</tr>\n<tr>\n<td><code>data.refund_id</code></td>\n<td>integer</td>\n<td>Unique refund ID — store this for tracking</td>\n</tr>\n<tr>\n<td><code>data.order_id</code></td>\n<td>string</td>\n<td>The Zuato order ID the refund was raised against</td>\n</tr>\n<tr>\n<td><code>data.refund_amount</code></td>\n<td>number</td>\n<td>The refund amount submitted</td>\n</tr>\n<tr>\n<td><code>data.transaction_amount</code></td>\n<td>number</td>\n<td>The original transaction amount for reference</td>\n</tr>\n<tr>\n<td><code>data.description</code></td>\n<td>string</td>\n<td>The refund description as submitted</td>\n</tr>\n<tr>\n<td><code>data.status</code></td>\n<td>string</td>\n<td>Always <code>pending</code> immediately after submission</td>\n</tr>\n<tr>\n<td><code>data.created_at</code></td>\n<td>string</td>\n<td>ISO 8601 timestamp of when the refund was created</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"error-response-400--amount-exceeds-transaction\">Error Response (400 — Amount Exceeds Transaction)</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n  \"success\": false,\n  \"error\": \"Refund amount must be less than or equal to transaction amount (AED 250)\"\n}\n\n</code></pre>\n<hr />\n<h2 id=\"after-submitting-a-refund\">After Submitting a Refund</h2>\n<ul>\n<li><p><strong>Do not resubmit</strong> — duplicate requests return HTTP 409 Conflict</p>\n</li>\n<li><p><strong>Inform the customer</strong> that their refund is under review</p>\n</li>\n<li><p><strong>Monitor status</strong> via the Zuato admin dashboard</p>\n</li>\n<li><p><strong>Timeline:</strong> 10–45 business days depending on the customer's issuing bank</p>\n</li>\n<li><p><strong>Store the</strong> <strong><code>refund_id</code></strong> in your database for audit and tracking purposes</p>\n</li>\n</ul>\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}},"urlObject":{"path":["api","refunds","create",""],"host":["https://payments.zuato.com"],"query":[],"variable":[]}},"response":[{"id":"ba662a91-86f0-4a17-985b-17900098b0ca","name":"200 OK — Refund Submitted Successfully","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"order_id\": \"ord_abcd1234\",\n  \"amount\": 50,\n  \"description\": \"Customer requested refund for partial return\"\n}"},"url":"https://payments.zuato.com/api/refunds/create/"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": true,\n  \"message\": \"Refund request submitted successfully\",\n  \"data\": {\n    \"refund_id\": 1,\n    \"order_id\": \"ord_abcd1234\",\n    \"refund_amount\": 50,\n    \"transaction_amount\": 250,\n    \"description\": \"Customer requested refund for partial return\",\n    \"status\": \"pending\",\n    \"created_at\": \"2024-01-15T11:00:00Z\"\n  }\n}"},{"id":"dbcb9b20-b7c3-477d-b5ea-55e7094aae3e","name":"400 Bad Request — Refund Amount Exceeds Transaction","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"order_id\": \"ord_abcd1234\",\n  \"amount\": 999,\n  \"description\": \"Refund exceeding original amount\"\n}"},"url":"https://payments.zuato.com/api/refunds/create/"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": false,\n  \"error\": \"Refund amount must be less than or equal to transaction amount (AED 250)\"\n}"},{"id":"9fa2b735-ed40-49db-bf51-9386468c8b67","name":"409 Conflict — Refund Already Submitted","originalRequest":{"method":"POST","header":[{"key":"X-ACCESS-KEY","value":"ak_live_xxxxxxxxx"},{"key":"X-SECRET-KEY","value":"sk_live_xxxxxxxxx"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n  \"order_id\": \"ord_abcd1234\",\n  \"amount\": 50,\n  \"description\": \"Duplicate refund submission\"\n}"},"url":"https://payments.zuato.com/api/refunds/create/"},"status":"Conflict","code":409,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n  \"success\": false,\n  \"error\": \"Conflict. A refund request already exists for this order. Do not resubmit — check the Zuato dashboard for current status.\"\n}"}],"_postman_id":"d61c2cef-341b-464a-bc62-ae8a38656cd1"}],"id":"72596dae-f07c-4631-9421-c01997fcdfad","description":"<h1 id=\"refund--payout-api\">Refund / Payout API</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>The Zuato Refund API allows merchants to programmatically submit refund requests against successfully completed transactions. Once submitted, refund requests are reviewed and processed by the Zuato admin team before funds are returned to the customer's original payment method.</p>\n<hr />\n<h2 id=\"key-facts\">Key Facts</h2>\n<ul>\n<li><strong>Single endpoint</strong> handles all refund submissions</li>\n<li>Refund amounts must be <strong>≤ original transaction amount</strong></li>\n<li>Refunds are <strong>not instant</strong> — they require admin review</li>\n<li>Refunds are credited to the <strong>original payment method</strong> used by the customer</li>\n<li>Refund processing timeline: <strong>10–45 business days</strong> (depending on the issuing bank)</li>\n<li><strong>Partial and full refunds</strong> are both supported</li>\n</ul>\n<hr />\n<h2 id=\"refund-flow\">Refund Flow</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code>[1] Verify order status is 'paid' via GET /api/orders/details/{order_id}/\n       ↓\n[2] Submit refund via POST /api/refunds/create/\n       ↓\n[3] Refund enters 'pending' status — queued for admin review\n       ↓\n[4] Zuato admin team reviews the request in the admin panel\n       ↓\n[5] Refund approved → funds returned to customer's original payment method\n    OR Refund rejected → check dashboard for reason\n</code></pre><hr />\n<h2 id=\"prerequisites\">Prerequisites</h2>\n<ul>\n<li>Order must have <code>status: paid</code> before a refund can be submitted</li>\n<li>You must have the <strong>Zuato-generated order ID</strong> (<code>ord_xxxx</code>) — not your merchant reference</li>\n<li>Refund <code>amount</code> must be &gt; 0 and ≤ original transaction amount</li>\n<li>Same API credentials (X-ACCESS-KEY + X-SECRET-KEY) used for payments</li>\n</ul>\n<hr />\n<h2 id=\"refund-status-reference\">Refund Status Reference</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Status</th>\n<th>Description</th>\n<th>Merchant Action</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>pending</code></td>\n<td>Submitted, awaiting admin review</td>\n<td>Inform customer — under review</td>\n</tr>\n<tr>\n<td><code>approved</code></td>\n<td>Funds being returned to customer</td>\n<td>Notify customer of approval</td>\n</tr>\n<tr>\n<td><code>rejected</code></td>\n<td>Request declined</td>\n<td>Check dashboard for reason; contact support</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"best-practices\">Best Practices</h2>\n<ol>\n<li><strong>Always verify order status first</strong> before submitting a refund</li>\n<li><strong>Store the refund_id</strong> returned in the response for tracking</li>\n<li><strong>Write clear descriptions</strong> — the admin team reviews these during approval</li>\n<li><strong>Do not resubmit</strong> if you receive a timeout — check dashboard first (duplicates return 409)</li>\n<li><strong>Set customer expectations</strong> — refunds require admin review and bank processing time</li>\n<li><strong>All calls must be server-side</strong> — never expose API keys in frontend code</li>\n</ol>\n<hr />\n<h2 id=\"support\">Support</h2>\n<p>For refund-related issues: <strong><a href=\"mailto:support@zuato.com\">support@zuato.com</a></strong></p>\n","_postman_id":"72596dae-f07c-4631-9421-c01997fcdfad","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}},{"name":"8. E-Commerce Platforms","item":[],"id":"824a61e2-f4d0-4290-85f8-64a02203052e","description":"<h1 id=\"e-commerce-platform-integrations\">E-Commerce Platform Integrations</h1>\n<h2 id=\"overview\">Overview</h2>\n<p>Zuato supports seamless integration with major e-commerce platforms. For platform-based integrations (Shopify, WooCommerce, WordPress), please <strong>email us at</strong> <a href=\"https://mailto:support@zuato.com\"><b>support@zuato.com</b></a> with the details below and our team will reach out with the necessary integration files, plugins, and setup guide.</p>\n<hr />\n<h2 id=\"how-to-get-started\">How to Get Started</h2>\n<ol>\n<li><p><strong>Email:</strong> <a href=\"mailto:support@zuato.com\">support@zuato.com</a></p>\n</li>\n<li><p><strong>Subject:</strong> E-Commerce Platform Integration Request — [Your Platform Name]</p>\n</li>\n<li><p><strong>Include the required details</strong> for your platform (see below)</p>\n</li>\n</ol>\n<p>Our team will respond within <strong>1–2 business days</strong> with:</p>\n<ul>\n<li><p>Platform-specific plugin or app files</p>\n</li>\n<li><p>Step-by-step setup guide</p>\n</li>\n<li><p>Test credentials for your sandbox environment</p>\n</li>\n<li><p>A dedicated onboarding call if required</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"shopify-integration\">Shopify Integration</h2>\n<p>For Shopify, everything is app-based. Please provide:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Description</th>\n<th>Example</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Shopify Store URL</td>\n<td>Your full myshopify URL</td>\n<td><code>https://yourstore.myshopify.com</code></td>\n</tr>\n<tr>\n<td>Store Name</td>\n<td>Your store's display name</td>\n<td><code>My UAE Store</code></td>\n</tr>\n<tr>\n<td>Merchant Email</td>\n<td>Primary contact email</td>\n<td><code>owner@mystore.com</code></td>\n</tr>\n<tr>\n<td>Business Phone Number</td>\n<td>With country code</td>\n<td><code>+971501234567</code></td>\n</tr>\n<tr>\n<td>Country / Region</td>\n<td>Your business country</td>\n<td><code>UAE</code></td>\n</tr>\n<tr>\n<td>Shopify OAuth Permission</td>\n<td>Handled during app install</td>\n<td>App install approval</td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Note:</strong> The Shopify integration is fully app-based. Once the app is installed, Zuato handles the OAuth flow and payment routing automatically.</p>\n<hr />\n<h2 id=\"woocommerce-wordpress-plugin-integration\">WooCommerce (WordPress Plugin) Integration</h2>\n<p>For WooCommerce, we provide a WordPress plugin. Please provide:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Description</th>\n<th>Example</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Website URL</td>\n<td>Your full WooCommerce store URL</td>\n<td><code>https://yourstore.com</code></td>\n</tr>\n<tr>\n<td>Admin Email</td>\n<td>WooCommerce admin contact</td>\n<td><code>admin@yourstore.com</code></td>\n</tr>\n<tr>\n<td>Store Name</td>\n<td>Your store's display name</td>\n<td><code>My WooCommerce Store</code></td>\n</tr>\n<tr>\n<td>WordPress/WooCommerce Confirmation</td>\n<td>Confirm site runs WooCommerce</td>\n<td>Yes / WooCommerce v8.x</td>\n</tr>\n<tr>\n<td>Business Phone Number</td>\n<td>With country code</td>\n<td><code>+971501234567</code></td>\n</tr>\n<tr>\n<td>Country / Region</td>\n<td>Your business country</td>\n<td><code>UAE</code></td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Note:</strong> After receiving your details, we will provide a <code>.zip</code> plugin file that you install directly in your WordPress Admin → Plugins → Add New → Upload Plugin.</p>\n<hr />\n<h2 id=\"wordpress-non-woocommerce--custom-plugin-integration\">WordPress (Non-WooCommerce / Custom Plugin) Integration</h2>\n<p>For generic WordPress integrations or custom plugin/API embed setups:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Description</th>\n<th>Example</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Website URL</td>\n<td>Your WordPress site URL</td>\n<td><code>https://yoursite.com</code></td>\n</tr>\n<tr>\n<td>Admin Contact Email</td>\n<td>Site administrator email</td>\n<td><code>admin@yoursite.com</code></td>\n</tr>\n<tr>\n<td>Site Name</td>\n<td>Your website/project name</td>\n<td><code>My WordPress Site</code></td>\n</tr>\n<tr>\n<td>Integration Type</td>\n<td>Specify your integration method</td>\n<td>WordPress Custom / Plugin / API Embed</td>\n</tr>\n<tr>\n<td>Developer Contact Email</td>\n<td>If different from admin email</td>\n<td><code>dev@yourcompany.com</code></td>\n</tr>\n<tr>\n<td>Technical Contact Phone</td>\n<td>Developer or tech lead phone</td>\n<td><code>+971501234567</code></td>\n</tr>\n</tbody>\n</table>\n</div><p><strong>Note:</strong> For custom WordPress integrations, our team will provide direct API credentials and documentation tailored to your setup. A developer briefing call may be arranged.</p>\n<hr />\n<h2 id=\"platform-comparison\">Platform Comparison</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Platform</th>\n<th>Integration Method</th>\n<th>Setup Complexity</th>\n<th>Support Channel</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td>Shopify</td>\n<td>App-based (OAuth)</td>\n<td>Low — app install</td>\n<td><a href=\"https://mailto:support@zuato.com\">support@zuato.com</a></td>\n</tr>\n<tr>\n<td>WooCommerce</td>\n<td>WordPress Plugin (.zip)</td>\n<td>Medium — plugin upload + config</td>\n<td><a href=\"https://mailto:support@zuato.com\">support@zuato.com</a></td>\n</tr>\n<tr>\n<td>WordPress (Custom)</td>\n<td>API Embed / Custom Plugin</td>\n<td>Medium-High — developer required</td>\n<td><a href=\"https://mailto:support@zuato.com\">support@zuato.com</a></td>\n</tr>\n<tr>\n<td>Custom / Bespoke</td>\n<td>Direct API integration</td>\n<td>Developer-dependent</td>\n<td><a href=\"https://mailto:support@zuato.com\">support@zuato.com</a></td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"contact\">Contact</h2>\n<p><strong>Email:</strong> <a href=\"mailto:support@zuato.com\">support@zuato.com</a><br /><strong>Subject format:</strong> <code>E-Commerce Integration Request — [Shopify / WooCommerce / WordPress] — [Your Store Name]</code></p>\n","_postman_id":"824a61e2-f4d0-4290-85f8-64a02203052e","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]},"isInherited":true,"source":{"_postman_id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","id":"b2a4a16f-6b92-403b-b409-1f4a8e7350cc","name":"Zuato's API Integration Reference","type":"collection"}}}],"auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-ACCESS-KEY"},{"key":"value","value":"ak_live_xxxxxxxxx"}]}},"variable":[{"key":"base_url","value":"https://payments.zuato.com","type":"string","description":"Production base URL for the Zuato Payment Gateway API. All endpoints are relative to this URL. Do not modify unless instructed by the Zuato technical team."},{"key":"sandbox_base_url","value":"https://sandbox.payments.zuato.com","type":"string","description":"Sandbox / test environment base URL. Use this during development and QA. Transactions made here do not process real money. Contact support@zuato.com to request sandbox credentials."},{"key":"access_key","value":"ak_live_xxxxxxxxx","type":"string","description":"Your production Access Key obtained from the Zuato dashboard at https://payments.zuato.com/api-reference/. Replace this with your actual key before making live requests."},{"key":"secret_key","value":"sk_live_xxxxxxxxx","type":"string","description":"Your production Secret Key obtained from the Zuato dashboard. IMPORTANT: This key is shown only once at creation time and cannot be retrieved again. Store it securely in a secrets manager or environment variable. Never commit to version control or expose in client-side code."},{"key":"sandbox_access_key","value":"ak_test_xxxxxxxxx","type":"string","description":"Sandbox Access Key for testing. Provided by Zuato upon sandbox account creation. Contact support@zuato.com to obtain sandbox credentials."},{"key":"sandbox_secret_key","value":"sk_test_xxxxxxxxx","type":"string","description":"Sandbox Secret Key for testing. Treat with the same security as production keys even in test environments."},{"key":"order_id","value":"ord_abcd1234","type":"string","description":"A Zuato-generated order ID returned from the Create Payment Link endpoint. Used as a path parameter when retrieving order details or submitting refunds. Format: ord_xxxx."},{"key":"merchant_order_ref","value":"ORD-13001","type":"string","description":"Your own unique order reference/ID that you pass when creating a payment link. Must be unique for every transaction. Recommended format: prefix + sequential number (e.g. ORD-13001) or a UUID."},{"key":"return_url_fixed","value":"https://payments.zuato.com/payment/returnHome/","type":"string","description":"FIXED — Do not modify this value. This is the Zuato system return URL that must always be passed as returnUrl. Changing this value will break dashboard status updates and payment reconciliation."},{"key":"return_success_url","value":"https://yoursite.com/payment/success/","type":"string","description":"CUSTOMISABLE — Your application's success page URL. The customer is redirected here after a successful payment. Must use HTTPS. Replace with your actual success page URL."},{"key":"return_error_url","value":"https://yoursite.com/payment/failed/","type":"string","description":"CUSTOMISABLE — Your application's failure/error page URL. The customer is redirected here if payment fails or is cancelled. Must use HTTPS. Replace with your actual failure page URL."}]}