Clean REST API, real-time webhooks, an official Node.js SDK, and practical code examples. Accept crypto payments with a few lines of code.
curl -X POST https://zateway.com/api/v1/payments \ -H "X-API-Key: zate_live_..." \ -H "Content-Type: application/json" \ -d '{"amount":"50.00","currency":"USDT","chain":"polygon"}'A single, consistent REST API for creating payments, managing webhooks, and querying transaction data.
https://zateway.com/api/v1
API key via X-API-Key header
JSON request & response bodies
| Method | Endpoint | Description |
|---|---|---|
| POST | /payments | Create a new payment session |
| GET | /payments/:id | Retrieve payment details |
| POST | /payment-links | Create a reusable payment link |
| GET | /payment-links | List your payment links |
| GET | /currencies | List supported currencies & chains |
| POST | /refunds | Create a refund request |
| GET | /status | Check API and chain listener health |
From zero to live payments in under five minutes.
Sign up and grab your API key from the Dashboard under Settings → API Keys. Your key starts with zate_live_.
Send a POST request to create a payment session. You'll receive a checkout URL to redirect your customer. Required fields: amount, currency, and chain. merchantWalletis optional when you've already configured a verified wallet in the dashboard.
curl -X POST https://zateway.com/api/v1/payments \ -H "X-API-Key: zate_live_..." \ -H "Content-Type: application/json" \ -d '{"amount": "50.00", "currency": "USDT", "chain": "polygon"}'Register a webhook URL in the Dashboard. We'll notify you when a payment is confirmed, failed, or expired.
{ "event": "payment.confirmed", "data": { "id": "pay_abc123", "amount": "50.00", "currency": "USDT", "chain": "polygon", "status": "confirmed", "txHash": "0xabc...def", "confirmedAt": "2026-03-25T12:00:00Z" }, "timestamp": "2026-03-25T12:00:05Z"}Subscribe to payment lifecycle events. Every webhook is signed with HMAC-SHA256 so you can verify authenticity.
| Event | Description |
|---|---|
| payment.confirmed | Payment has been confirmed on-chain |
| payment.failed | Payment failed or was rejected |
| payment.expired | Payment session expired without payment |
| payment.underpaid | Received amount is less than expected |
Every webhook includes three headers for verification: X-Zateway-Signature (format: sha256=<hmac>), X-Zateway-Timestamp (unix seconds), and X-Zateway-Nonce (unique string). Compute the signature over the raw request body with HMAC-SHA256(secret, timestamp.nonce.raw_body).
const crypto = require('crypto');function verifyWebhook(rawBody, headers, secret) { const signature = headers['x-zateway-signature']; const timestamp = headers['x-zateway-timestamp']; const nonce = headers['x-zateway-nonce']; if (!signature || !timestamp || !nonce) return false; // Check timestamp freshness (5 min window) const age = Math.abs(Date.now() / 1000 - parseInt(timestamp, 10)); if (age > 300) return false; // Verify HMAC over the raw request body const message = `${timestamp}.${nonce}.${rawBody}`; const expected = 'sha256=' + crypto.createHmac('sha256', secret) .update(message) .digest('hex'); return crypto.timingSafeEqual( Buffer.from(expected), Buffer.from(signature) );}All errors return a JSON object with a single error string field.
| Code | Status | Description |
|---|---|---|
| 400 | Bad Request | Invalid parameters or missing required fields |
| 401 | Unauthorized | Missing or invalid API key |
| 403 | Forbidden | API key lacks permission for this action |
| 404 | Not Found | Resource does not exist |
| 429 | Too Many Requests | Rate limit exceeded (varies by endpoint) |
| 500 | Internal Server Error | Something went wrong on our end |
Retry-After header.{ "error": "Amount must be a positive number"}Start building with Zateway today. Full API reference, guides, and support are just a click away.