v1
ZuPayments has two API surfaces. The node API runs on your own treasury node (payments + admin); the platform API handles dashboard registration and reporting ingest. Money actions always go browser→node directly — the platform is never on that connection, and never holds a key.
Auth: your site key (sk_…), server-side only.
| Endpoint | Purpose |
|---|---|
| POST/v1/sessions | Create a session. Requires Idempotency-Key. Returns session_id, token, checkout_url. |
| GET/v1/sessions/:session_id | Retrieve a session and its status / payment. |
See the Session API page for full request/response shapes.
Your node POSTs signed events to your HTTPS endpoint as things happen — the reliable trigger for order fulfilment. Every envelope is { id, type, created_unix, livemode, idempotency_key, data.object }; livemode is always true (no sandbox exists).
| Event | Fired when |
|---|---|
session.created | A session is created. |
payment.succeeded | Settlement confirmed on-chain — fulfil the order here. |
payment.expired | The 5-minute window elapsed unpaid. |
session.cancelled | Cancelled via the API or the node admin UI. |
/admin/v1/* — treasuries, sweeps, outbound transfers, backups, settings, wallets. Auth: an admin session (cookie + CSRF) or an action-key bearer, with a fresh X-ZP-TOTP on every money mutation.
POST/ingest/v1/events — your node pushes byte-exact, Ed25519-signed settlement events to the platform (node→platform only). The platform stores only your reporting public key.
Full endpoint docs, schemas and error codes live in the documentation.