Skip to main content

Quick Start

Get from zero to a tokenized card and a proxied request in a few steps.

Step 1: Get your API key and pub key

X-API-Key: Create an account at Ozura Vault. Your first project is a test project by default — create an application inside it to get your API key. To create a production project, use the project dropdown in the top-left → Create new project → enable the Production switch. X-Pub-Key: Required only for production vault API keys. If you’re using a test vault API key (test project), you can omit X-Pub-Key entirely. For a production pub key tied to your domain, contact ammar@ozura.com. Store your API key securely (e.g. in an environment variable) and never expose it in frontend code.
Vault base URLhttps://api.ozuravault.com for both sandbox and production; the environment is determined by your vault key (test vs production project). Note: vault.ozura.com is the Vault web app, not the API.

Step 2: Tokenize a card

From your backend, call POST /tokenize with the card data. For test vault API keys, only X-API-Key is required. For production vault API keys, also include X-Pub-Key: 
curl -X POST https://api.ozuravault.com/tokenize \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "X-Pub-Key: YOUR_PUB_KEY" \
  -d '{
    "type": "card",
    "data": {
      "cardNumber": "4111111111111111",
      "expirationMonth": "12",
      "expirationYear": "2028",
      "cvv": "123"
    }
  }'
See Sandbox for how to create a Test project at ozuravault.com and grab a test vault key.
You’ll get back a token and, because you sent CVV, a cvc_session_id. Store both; you’ll need them for the next step. Full request/response details: API Reference → POST /tokenize.

Step 3: Process a payment (proxy)

Send the token (and CVC session if you have one) to your payment processor via the proxy so your server never sees raw card data: 
curl -X POST https://api.ozuravault.com/proxy/transaction \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "token": "tok_...",
    "cvc_session_id": "550e8400-...",
    "proxy_url": "https://api.stripe.com/v1/charges",
    "request_data": {
      "amount": 2000,
      "currency": "usd",
      "source": {
        "number": "${cardNumber}",
        "exp_month": "${expirationMonth}",
        "exp_year": "${expirationYear}",
        "cvc": "${cvv}"
      }
    },
    "http_headers": { "Authorization": "Bearer sk_test_xxx" }
  }'
The proxy replaces ${cardNumber}, ${expirationMonth}, ${expirationYear}, and ${cvv} with real values and forwards the request. Full reference: API Reference → POST /proxy/transaction.

Step 4: Check audit logs (optional)

In the dashboard or via the audit-logs API you can confirm the tokenization and proxy calls. See Audit logs.

What’s next?

  • Card Payments — API, Elements, or Checkout for cards.
  • Bank Payments — API, Elements, or Checkout for bank accounts.
  • Proxy — How the proxy works and when to use it.
  • Error handling — How to handle errors and when to retry.

Test cards

Use these in sandbox:
BrandNumberCVCExpiry
Visa4111111111111111Any 3Any future
Mastercard5555555555554444Any 3Any future
Amex378282246310005Any 4Any future