Complete reference for all Ozura Checkout API endpoints.
Base URL
https://checkout.ozura.com
Environments: Use https://checkout.ozura.com for production. For staging, use the URL provided by your Ozura representative.
Authentication
All requests require these headers:
| Header | Description |
|---|
X-API-KEY | Your Vault API Key |
X-OZURA-API-KEY | Your Merchant API Key |
Content-Type | application/json |
Rate Limits
Rate limits are applied per API key to ensure fair usage. If you exceed rate limits, you’ll receive a 429 Too Many Requests response.
Create Session
Creates a checkout session and returns a checkout URL.
POST /api/sessions/create
Request Body
| Field | Type | Required | Default | Description |
|---|
merchantId | string | Yes | — | Your Merchant ID |
merchantName | string | Yes | — | Business name shown to customer |
amount | string/number | Yes* | — | Payment amount |
currency | string | No | "USD" | Currency code |
successUrl | string | Yes | — | Redirect after successful payment |
cancelUrl | string | Yes | — | “Go back” destination |
errorUrl | string | Yes | — | Redirect if payment fails |
embedMode | string | No | "redirect" | "redirect", "popup", "iframe", "new_tab" |
parentOrigin | string | Cond. | — | Required for popup and iframe |
metadata | object | No | {} | Custom data (max 10KB) |
appearance | object | No | {} | Styling options — see Customize Appearance and Appearance Reference |
items | array | No | — | Cart items (alternative to amount) |
checkoutMode | string | No | "payment" | "payment" or "donation" |
donationConfig | object | No | — | Donation settings |
idempotencyKey | string | No | — | Unique key for retry protection |
items is not provided and checkoutMode is "payment".
Response
{
"success": true,
"data": {
"sessionId": "session_xxxxxxxxxxxxxx",
"checkoutUrl": "https://checkout.ozura.com/checkout/session_xxxxxxxxxxxxxx",
"expiresAt": "2025-01-07T12:15:00.000Z",
"embedCode": "<script>...</script>",
"pricing": {
"subtotal": 55.00,
"tax": 0,
"shipping": 0,
"total": 55.00,
"currency": "USD"
}
}
}
Get Session
Retrieve session details. The session ID acts as the access token - no additional authentication headers are required.
GET /api/sessions/{sessionId}
Response
{
"success": true,
"data": {
"session": {
"id": "session_xxxxxxxxxxxxxx",
"status": "pending",
"amount": "25.00",
"currency": "USD",
"merchantId": "your_merchant_id",
"merchantName": "My Store"
},
"pricing": {
"subtotal": 25.00,
"tax": 0,
"shipping": 0,
"total": 25.00,
"currency": "USD"
}
}
}
Session Statuses
| Status | Description |
|---|
pending | Awaiting payment |
completed | Payment successful |
cancelled | Customer cancelled |
expired | Session timed out |
failed | Payment failed |
Cancel Session
Cancels a pending session. This endpoint is called automatically by the Ozura checkout page when the customer clicks “Cancel” — you do not need to call it from your server.
POST /api/sessions/{sessionId}/cancel
This endpoint is browser-facing. It is called by the checkout page using a short-lived internal session credential. It cannot be called from your server using your Vault API Key — requests with X-API-KEY are rejected. If a session is not cancelled explicitly, it expires automatically after 30 minutes.
Response
Create Payment Link
Creates a reusable payment URL.
POST /api/payment-links/create
Request Body
| Field | Type | Required | Default | Description |
|---|
merchantId | string | Yes | — | Your Merchant ID |
merchantName | string | Yes | — | Business name |
amount | string | Yes* | — | Payment amount |
currency | string | No | "USD" | Currency code |
successUrl | string | Yes | — | Redirect after payment |
cancelUrl | string | Yes | — | Redirect if cancelled |
errorUrl | string | Yes | — | Redirect if failed |
expiresInDays | number | No | 7 | Days until link expires |
usageLimit | number | No | null | Max payments (null = unlimited) |
items.
Response
{
"success": true,
"data": {
"paymentLinkId": "pl_xxxxxxxxxxxxxx",
"url": "https://checkout.ozura.com/pay/pl_xxxxxxxxxxxxxx",
"expiresAt": "2025-01-14T00:00:00.000Z"
}
}
Check Payment Link Availability
Check if a payment link is still valid. No authentication required.
GET /api/payment-links/{linkId}/check-availability
Response (Available)
{
"success": true,
"available": true,
"message": "Payment link is available"
}
Response (Unavailable)
{
"success": false,
"available": false,
"error": "Payment link usage limit reached"
}
Error Responses
All errors follow this format:
{
"success": false,
"error": "Error message",
"details": ["Optional array of specific errors"]
}
Common Error Codes
| Code | Meaning |
|---|
400 | Bad request (validation failed) |
401 | Invalid or missing API credentials |
404 | Session not found |
409 | Conflict (session already completed) |
410 | Session expired |
429 | Too many requests (rate limit exceeded) |
500 | Server error (retry recommended) |
