Developer Space
The Developer Space in Zoho Payments allows you to securely integrate your business application with Zoho Payments. You can generate authentication keys and configure webhooks to authorise requests, manage payment events, and exchange data.
Authentication Keys
Zoho Payments supports two types of authentication keys: API Key and Signing Key. These allow you to authorise and validate communication between your application and Zoho Payments.
Note: Only users with Admin, Account Owner, or Developer roles have permission to access these keys.
API Key
API Keys are unique authentication tokens that securely connect your application (Zoho Payments) with external applications. Acting like a password, these keys ensure only authorised access to your app, processing legitimate requests between Zoho Payments and external APIs.
In Zoho Payments, API keys authenticate your account for secure access to the checkout widget, enabling you to receive payments from customers. Contact us if you need assistance with setting up APIs.
Scenario: You’re building an e-commerce platform, and you need to connect it to Zoho Payments for processing payments. By using the API key, your platform can send secure payment requests, while Zoho Payments can verify that the requests are legitimate and authorised by your app. The API key ensures that only your platform can interact with Zoho Payments, whether it’s sending payment requests, checking transaction status, or handling refunds.
To access API keys:
- Go to Settings and select Developer Space.
- Navigate to the Authentication Keys tab and click Generate API Key.
- Enter your Password and verify your identity.
Your API key will be generated, and you can use this to authenticate your checkout widget. You can view the key by clicking the Eye icon, and copy it by clicking the Copy icon next to it.
Regenerate API Key
You can regenerate your API key at any time if it has expired, if you suspect it has been compromised, or if you need to rotate it for security policies.
You’ll need to set an expiry for the current API key to regenerate a new API key. To set an expiry:
-
Go to Developer Space and navigate to the Authentication Keys tab.
-
Click Regenerate Key next to API Key.
-
In the pop-up that appears, choose when the current key should expire from the drop-down.
Note: If you select Now as the expiry, the current key will be immediately replaced by the new one. However, if you select any other expiry, you can use the current and the regenerated key.
- Click Set Expiry.
- Enter your Password and verify your identity.
Insight: If you had set a future expiry for the old key, you can find its expiry duration displayed under the old key.
You will have regenerated the API key. Ensure to update it in your application.
Signing Key
The Signing Key is used to verify the authenticity of payments received via payment links. It ensures that the data sent from Zoho Payments to your application is legitimate and hasn’t been tampered with.
To generate a new signing key:
- Go to Settings and select Developer Space.
- Navigate to the Authentication Keys tab and click Generate Signing Key.
- Enter your Password and verify your identity.
Your signing key will be generated, and you can use it to authenticate payment links. You can view the key by clicking the Eye icon, and copy it by clicking the Copy icon next to it.
Regenerate Signing Key
You can regenerate your signing key if it has expired, has been exposed, or if you need to rotate it as part of your compliance practices.
To regenerate your signing key:
-
Go to Developer Space and navigate to the Authentication Keys tab.
-
Click Regenerate Key next to Signing Key.
-
Enter your Password and verify your identity.
Your new signing key will be generated and must be updated in your application to continue verifying payment link data without interruptions.
Walkthrough of Zoho Payments personalized to your business needs