Documentation Index
Fetch the complete documentation index at: https://docs.ozura.com/llms.txt
Use this file to discover all available pages before exploring further.
POST /proxy/transaction
Send a request to your payment processor (PSP) with card data injected from a token. Your server never sees raw card data. Supports JSON, form-encoded, and XML bodies. For JSON, send token, cvc_session_id, and proxy_url in the body; for form/XML you may also send them via headers X-Token, X-Proxy-URL, and X-CVC-Session-ID (or in query/form).
Request
{
"token": "tok_a1b2c3d4e5f6",
"cvc_session_id": "550e8400-e29b-41d4-a716-446655440000",
"proxy_url": "https://api.stripe.com/v1/charges",
"request_data": {
"amount": 2000,
"currency": "usd",
"source": {
"number": "${cardNumber}",
"exp_month": "${expirationMonth}",
"exp_year": "${expirationYear}",
"cvc": "${cvv}"
}
},
"http_headers": {
"Authorization": "Bearer sk_test_xxx"
}
}
Request body
| Field | Type | Required | Description |
|---|
token | string | Yes | Token to use |
cvc_session_id | string | No | CVC session for CVV (if tokenized with CVV) |
proxy_url | string | Yes | Full PSP endpoint URL (HTTPS) |
request_data | object | Yes | Request body with placeholders (see below) |
http_headers | object | No | Headers to send (e.g. PSP API key) |
http_method | string | No | HTTP method (default: POST) |
Placeholders in request_data
Replaced with real card data before the request is sent:
| Placeholder | Value |
|---|
${cardNumber} | Full card number |
${expirationMonth} | 2-digit month (01–12) |
${expirationYear} | 2- or 4-digit year |
${cvv} or ${cvc} | Security code (if cvc_session_id provided) |
${accountNumber}, ${routingNumber}.
Response
200 OK
Proxy returns the PSP response wrapped:
{
"success": true,
"proxy_response": {
"status_code": 200,
"headers": { "content-type": "application/json" },
"body": {
"id": "ch_1234567890",
"object": "charge",
"amount": 2000,
"status": "succeeded"
}
}
}
Error responses
| Status | Example message |
|---|
| 400 | Invalid proxy URL |
| 404 | Token not found, CVC session expired or not found |
| 502 | Failed to proxy request (upstream error) |
| 504 | Request timeout |
Delete CVC session
DELETE /proxy/delete-cvc-session/ — Delete a CVC session by UUID (e.g. after a successful transaction). Auth: API key. Response: { "success": true, "message": "CVC session deleted!" }. Production CVC sessions have a 90-second TTL and are deleted after use in proxy; use this endpoint to delete explicitly when needed (e.g. test sessions).
See Status codes and Common errors.