Infozy Pay Developer Portal

Merchant-first payment integration docs covering authentication, idempotent payment creation, hosted checkout redirect, webhook verification, and refunds.

Quickstart

1. Configure API credentials per approved website. 2. Create payment with required `Idempotency-Key`. 3. Redirect user to hosted page. 4. Trust final state from backend/webhook flow.

Create Payment Request

POST /api/payments/create
Authorization: Bearer pk_xxx
x-api-secret: sk_xxx
x-timestamp: 1710000000
x-signature: <hmac_sha256>
Idempotency-Key: order-1001
Content-Type: application/json

Idempotency

`Idempotency-Key` is required on payment create. Reusing the same key with the same payload returns the same response. Reusing with a mutated payload returns conflict.

Idempotent Payment Payload

{
  "amount": 1299.00,
  "currency": "INR",
  "redirectUrl": "https://merchant.example.com/checkout/callback"
}

HMAC Signing

Signature is computed over: `METHOD + "\n" + PATH_WITH_QUERY + "\n" + RAW_BODY + "\n" + TIMESTAMP`. Use HMAC-SHA256 with your `sk_` secret.

Canonical String (Example)

POST
/api/payments/create
{"amount":1299,"currency":"INR"}
1710000000

Continue with route-specific docs:

Authentication Payments Webhooks Refunds