Vault API
Reference for Ozura Vault endpoints. For integration steps and concepts, see the Vault Guides. Deployed backends may use different hostnames (e.g. Azure); the path segments below are correct regardless. There is no version prefix (e.g. no/v1).
Authentication
All requests require one of:- API Key —
X-API-Keyheader (server-to-server). Get an API key by creating an account at Ozura Vault. POST /tokenize and POST /test-tokens also require X-Pub-Key. For testing you can use:pk_prod_jys4le1jgncomgda_L8HbeakKLNRWdBXoX5A6QJUYOlhUkNle. Do not use this test pub key in production or with sensitive card data. For a production pub key, contact ammar@ozura.com. See Verify API Key. - JWT —
Authorization: Bearer <token>or cookie (user context).
Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /tokenize | Create a token from card or bank data |
| POST | /proxy/transaction | Forward request to a PSP with card data injected |
| GET | /api/applications/key | Verify API key and read permissions |
| — | Authentication | API key vs JWT, which endpoints use which |