Skip to main content
Quick fixes for common problems.

Common API Errors

”Invalid Vault API Key”

The Problem: Your X-API-KEY header doesn’t match. The Fix:
  1. Your Vault API Key was provided when you first signed up
  2. If you didn’t save it, contact Ozura support to retrieve it
  3. Copy the key exactly (no extra spaces)
  4. Make sure it’s in the X-API-KEY header (not X-OZURA-API-KEY)

“Invalid Merchant API Key”

The Problem: Your X-OZURA-API-KEY header doesn’t match. The Fix:
  1. Go to Dashboard → Settings → API Keys
  2. Copy your Merchant API Key exactly
  3. Paste it in the X-OZURA-API-KEY header (not X-API-KEY)

“merchantId is required”

The Fix: Add it to your request body: 
{
  "merchantId": "your_merchant_id"
}

“successUrl is required”

The Fix: Include all three required URLs: 
{
  "successUrl": "https://yoursite.com/success",
  "cancelUrl": "https://yoursite.com/cancel",
  "errorUrl": "https://yoursite.com/error"
}

“Payment processing is not available for this merchant.”

This error appears on the checkout page after the customer clicks Pay Now. What it means: The Merchant API Key (X-OZURA-API-KEY) used to create the session does not have sale permission for the merchantId in the request. The card was never charged. The Fix:
  1. Verify your merchantId exactly matches what’s in your Ozura Dashboard
  2. Verify the X-OZURA-API-KEY you are using is authorized for that merchantId
  3. Create a new checkout session with the corrected credentials

”Authentication failed. Please start a new checkout session.”

This error appears on the checkout page after the customer fills in their card details and clicks Pay Now. What it means: The session’s tokenization credential (issued at session creation) was rejected by the vault. This is not a card number issue — the error happens before any card data is processed. Most likely causes:
  1. Session is older than 30 minutes. The credential expires 30 minutes from when the session was created. If the customer (or developer) took longer than that to fill in the form and submit, the credential will be expired. Create a new session and redirect the customer to the new checkout URL.
  2. Merchant API key lacks sale permission for the merchantId. The X-OZURA-API-KEY used to create the session does not have sale permission for the merchantId in the request. This surfaces as a “Payment processing is not available for this merchant” error on the checkout page (not a card issue — the error occurs before the card is charged). Verify that the Merchant API Key you are using is authorized for the merchantId you are passing in the session body.
  3. Vault key environment mismatch. The X-API-KEY used to create the session is a staging vault key, but the Checkout deployment is configured for the production vault (or vice versa). Keys and the checkout environment must match.
  4. Vault key lacks tokenize permission. The vault API key does not have tokenization rights. Verify your key has the correct permissions in the Ozura Dashboard.
The Fix: Verify your merchantId matches the Merchant API Key, then create a new checkout session and send the customer to the new URL.

”Session not found”

The Fix:
  • Sessions expire after 30 minutes – create a new one
  • Check you’re using the correct sessionId
  • Make sure you’re hitting the right environment (test vs production)

“Session has expired”

The Fix: Create a new session. Sessions expire after 30 minutes for security.

”Session already completed”

The Fix: Check your records – the payment went through! If customer needs to pay again, create a new session.

CORS Errors

”Access-Control-Allow-Origin” error in browser

The Fix: Set parentOrigin to your exact website URL: 
{
  "embedMode": "popup",
  "parentOrigin": "https://yoursite.com"
}
Important:
  • Include https:// (not just yoursite.com)
  • No trailing slash
  • Exact match required

Popup/Iframe Issues

The Fix:
  1. Popup must open from a user click (not automatically)
  2. Ask user to allow popups for your site
  3. Consider using redirect mode as fallback:
const popup = window.open(checkoutUrl, 'checkout', 'width=500,height=700');
if (!popup || popup.closed) {
  // Fallback to redirect
  window.location.href = checkoutUrl;
}

Iframe not loading

The Fix:
  1. Check browser console for CSP errors
  2. Add Ozura to your CSP config: 
    frame-src 'self' https://checkout.ozura.com;
  3. Consider using popup or redirect mode instead

Not receiving postMessage events

The Fix: 
window.addEventListener('message', (event) => {
  if (event.origin !== 'https://checkout.ozura.com') return;
  // Handle event
});

Cart/Itemization Issues

”Cannot use both amount and items”

The Fix: Choose one: 
// ✅ Correct: Items only (no amount)
{
  "items": [
    { "productId": "sku_001", "name": "T-Shirt", "price": 25.00, "quantity": 2 }
  ]
}

// ✅ Correct: Amount only (no items)
{
  "amount": "50.00"
}

“Mixed taxExempt values in items”

The Fix: All items must have the same taxExempt value: 
// ✅ Correct: All tax-exempt
{
  "items": [
    { "productId": "A", "name": "Item A", "price": 10, "quantity": 1, "taxExempt": true },
    { "productId": "B", "name": "Item B", "price": 20, "quantity": 1, "taxExempt": true }
  ]
}

“price has X decimal places but Y only allows Z”

The Fix: Match the currency’s decimal precision:
CurrencyAllowed DecimalsValid Example
USD, EUR, GBP (and most others)229.99
JPY, KRW, VND (and other zero-decimal currencies)02999 (no decimals)
KWD, BHD, OMR, IQD, JOD, LYD, TND329.990

Still Stuck?

Contact Ozura support with:
  • Your Merchant ID
  • Session ID (if applicable)
  • The exact error message
  • Steps to reproduce