Developers
Typed, sandbox-first, three integration shapes - call it inline, redirect to a hosted page, or share a billable URL. Webhooks signed with HMAC-SHA256. Same key works across all three.
<script src="https://js.zevpaycheckout.com/v1/inline.js"></script>
<script>
const zp = new ZevPay.ZevPayCheckout();
document.getElementById("pay").onclick = () =>
zp.checkout({
apiKey: "pk_live_…",
email: "ada@acme.ng",
amount: 250000, // ₦2,500 in kobo
onSuccess: (ref) => fetch("/api/confirm/" + ref),
});
</script>Quickstart
All three use the same key, the same webhook shape, and settle into the same ledger. Pick what fits your stack.
01 · Inline
Open a modal over your page. SPAs, custom checkout UX, marketplaces.
Full Inline guide →<script src="https://js.zevpaycheckout.com/v1/inline.js"></script>
<script>
const zp = new ZevPay.ZevPayCheckout();
document.getElementById("pay").onclick = () =>
zp.checkout({
apiKey: "pk_live_…",
email: "ada@acme.ng",
amount: 250000, // ₦2,500 in kobo
onSuccess: (ref) => fetch("/api/confirm/" + ref),
});
</script>02 · Standard
Redirect to a hosted page. WordPress, Shopify, no-JS sites.
Full Standard guide →curl https://api.zevpaycheckout.com/v1/transactions/initialize \
-H "Authorization: Bearer sk_live_…" \
-d '{
"email": "ada@acme.ng",
"amount": 250000,
"callback_url": "https://acme.ng/return"
}'
# → { "authorization_url": "https://checkout.zevpaycheckout.com/…" }
# Redirect, customer pays, returns. Verify the reference server-side:
curl https://api.zevpaycheckout.com/v1/transactions/verify/ZVP_a1b2c3 \
-H "Authorization: Bearer sk_live_…"curl https://api.zevpaycheckout.com/v1/invoices \
-H "Authorization: Bearer sk_live_…" \
-d '{
"customer": { "email": "ada@acme.ng", "name": "Adaeze Okonkwo" },
"due_date": "2026-07-14",
"line_items": [
{ "name": "Custom embroidery", "qty": 2, "amount": 1250000 },
{ "name": "Express delivery", "qty": 1, "amount": 350000 }
]
}'
# → { "url": "https://invoice.zevpaycheckout.com/inv_a1b2…" }
# Share the URL via WhatsApp / email / SMS. Webhook fires on payment.Webhooks
Every webhook carries an x-zevpay-signature header - HMAC-SHA256 of the raw body using your webhook secret. Compare with timingSafeEqual; never with ===.
import { createHmac, timingSafeEqual } from "node:crypto";
export function verify(req) {
const sig = req.headers["x-zevpay-signature"];
const mac = createHmac("sha256", process.env.ZP_WEBHOOK_SECRET);
mac.update(req.rawBody);
const expected = mac.digest();
return timingSafeEqual(Buffer.from(sig, "hex"), expected);
}End to end
Customer
Card, bank transfer, ZevPay ID, or QR. The auth runs on our PCI-DSS infrastructure.
ZevPay
Funds confirmed by NIBSS / acquirer. Webhook payload composed and signed with HMAC-SHA256.
Your API
POST to your endpoint within ~120ms of confirmation. Verify, mark order paid, fulfil.
Reference
Built for builders
Sandbox keys appear in your dashboard the moment you sign up. Switch to live with a config swap.