Skip to main content

Before You Begin

You need 3 things from your Ozura Dashboard:
WhatWhere to FindExample Format
Vault API KeyProvided at signup (save it securely!)(your unique key)
Merchant API KeyDashboard → Settings → API Keys(your unique key)
Merchant IDDashboard → Settings → Account(your merchant ID)

Domain Registration

If you plan to embed the checkout on your website (iframe or popup mode), your domain must be registered with Ozura for security purposes. How to register your domain:
  1. Contact your Ozura representative
  2. Provide your domain(s): https://yoursite.com, https://www.yoursite.com
  3. Wait for confirmation (usually within 1 business day)
Why is this required? For security, the checkout only accepts requests from registered domains. This prevents unauthorized sites from embedding your checkout page.
Don’t have your Vault API Key? This was provided when you first signed up. If you didn’t save it, contact Ozura support to retrieve it.Environment Variables 101: Never hardcode API keys in your code. Instead:
  • Create a .env file: VAULT_API_KEY=your_actual_key
  • Access it: process.env.VAULT_API_KEY (Node.js) or os.environ['VAULT_API_KEY'] (Python)
  • Never commit .env to git! Add it to .gitignore

Step 1: Create a Checkout Session

From your server (not browser), make this API call:
What’s “your server”? This is backend code — a Node.js app, PHP script, Python app, etc. If you only have static HTML, you cannot call this API directly (API keys would be exposed). Consider using Payment Links instead.
curl -X POST https://checkout.ozura.io/api/sessions/create \
  -H "Content-Type: application/json" \
  -H "X-API-KEY: YOUR_VAULT_API_KEY" \
  -H "X-OZURA-API-KEY: YOUR_MERCHANT_API_KEY" \
  -d '{
    "merchantId": "YOUR_MERCHANT_ID",
    "merchantName": "My Store",
    "amount": "25.00",
    "currency": "USD",
    "successUrl": "https://yoursite.com/thank-you",
    "cancelUrl": "https://yoursite.com/cart",
    "errorUrl": "https://yoursite.com/payment-failed"
  }'
Replace:
  • YOUR_VAULT_API_KEY → Your Vault API Key (provided at signup – contact support if lost)
  • YOUR_MERCHANT_API_KEY → Your Merchant API Key (Dashboard → Settings → API Keys)
  • YOUR_MERCHANT_ID → Your Merchant ID (Dashboard → Settings → Account)
  • URLs → Your actual website URLs
You’ll get back: 
{
  "success": true,
  "data": {
    "sessionId": "session_xxxxxxxxxxxxxx",
    "checkoutUrl": "https://checkout.ozura.io/checkout/session_xxxxxxxxxxxxxx"
  }
}

Step 2: Redirect Your Customer

Send the customer’s browser to the checkoutUrl: 
// === BROWSER CODE (your checkout button click handler) ===
// This runs in the customer's browser, NOT on your server
window.location.href = "https://checkout.ozura.io/checkout/session_xxxxxxxxxxxxxx";
The customer will see a secure payment form with your store name and the amount.
For local development, your URLs can use http://localhost. In production, always use HTTPS.

Step 3: Customer Pays

The customer:
  1. Enters their card details
  2. Clicks “Pay Now”
  3. Gets redirected back to your site

Step 4: Handle the Result

After payment, the customer lands on one of your URLs:
OutcomeWhere They GoWhat to Do (Your Responsibility)
Payment succeededYour successUrlShow confirmation, fulfill order (your business logic)
Payment failedYour errorUrlShow error, offer retry
Customer cancelledYour cancelUrlReturn to cart
Success URL includes payment details: 
https://yoursite.com/thank-you?transactionId=txn_123&amount=25.00&cardLastFour=4242
Important: Ozura automatically marks the session as “completed” before redirecting. However, you should still verify the session server-side (call GET /api/sessions/{sessionId}) before fulfilling orders to prevent URL spoofing. See Security for details.

That’s It!

You’re now accepting payments. What’s next?
I want to…Read this
Add product images and discounts to cartCreate Session → Cart Items
Keep customer on my site (popup/iframe)Integration Modes
Match checkout to my brand colorsCustomize Appearance
Test without real chargesTesting Guide
See all API optionsAPI Reference
Fix an errorTroubleshooting