API Reference

v1

ZuPayments has two API surfaces. The node API runs on your own treasury node (payments + admin); the platform API handles dashboard registration and reporting ingest. Money actions always go browser→node directly — the platform is never on that connection, and never holds a key.

Node — Session API

Auth: your site key (sk_…), server-side only.

EndpointPurpose
POST/v1/sessionsCreate a session. Requires Idempotency-Key. Returns session_id, token, checkout_url.
GET/v1/sessions/:session_idRetrieve a session and its status / payment.

See the Session API page for full request/response shapes.

Node — Webhooks

Your node POSTs signed events to your HTTPS endpoint as things happen — the reliable trigger for order fulfilment. Every envelope is { id, type, created_unix, livemode, idempotency_key, data.object }; livemode is always true (no sandbox exists).

EventFired when
session.createdA session is created.
payment.succeededSettlement confirmed on-chain — fulfil the order here.
payment.expiredThe 5-minute window elapsed unpaid.
session.cancelledCancelled via the API or the node admin UI.

Node — Admin API

/admin/v1/* — treasuries, sweeps, outbound transfers, backups, settings, wallets. Auth: an admin session (cookie + CSRF) or an action-key bearer, with a fresh X-ZP-TOTP on every money mutation.

Platform — Reporting ingest

POST/ingest/v1/events — your node pushes byte-exact, Ed25519-signed settlement events to the platform (node→platform only). The platform stores only your reporting public key.

All amounts are decimal strings. There is no sandbox — every request touches real ZKZ.

Full endpoint docs, schemas and error codes live in the documentation.