Api

API integration

We provide API for tracking crypto transactions

API Documentation

You shouldn't have any problems with integration, but if you do have any questions, contact us!

You can use our PHP library to work with the API. Click here for download

Authentication

AUTH
Initial Setup

The first thing to do is to go to "API KEYS" and fill Secret Key, Token and WebHook URL where to send notifications of incoming transactions.

All requests to the API require authentication using your API credentials (login, token, and signature).

Create Payment

POST
/pay/newtrack

Creates a new payment order for tracking.

Request Parameters
Parameter Type Description Required
login string Your login in the system Yes
amount float Amount of payment. Example: 1.00 Yes
token string Token from your account settings Yes
order_id string Unique order identifier (max 255 characters) Yes
signature string SHA256 signature. See Signature Calculation Yes
Responses
200 Successful Response
{
    "status": true,
    "id": 102,
    "error_code": 0,
    "hash_trans": "7bd6a219c417d53fab109375eafb613b",
    "order_id": "10",
    "url_to_pay": "https://zerocryptopay.com/pay/102/7bd6a219c417d53fab109375eafb613b"
}
400 Bad Request
{
    "status": false,
    "error_code": 11,
    "message": "Signature validation failed"
}
Response Fields
Field Type Description
status boolean Operation status (true/false)
id integer Unique payment tracking ID
error_code integer Error code (0 if successful)
hash_trans string Unique order hash code
order_id string Your provided order ID
url_to_pay string Payment URL for the customer
If the payment is successful, the user will eventually be redirected to Success URL by the GET request method with the id_order and track_id parameters.
Code Examples
var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://zerocryptopay.com/pay/newtrack',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  form: {
    'amount': '25.7',
    'token': '155c807bfb2a197d9c77535',
    'sign': 'd09a8a68c1d65df919f87d50d8bd78ef3195f1f9bbc84c50cf82c231ff12e22a',
    'login': 'LOGIN',
    'order_id': '202'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
$curl = curl_init();

curl_setopt_array($curl, array(
        CURLOPT_URL => "https://zerocryptopay.com/pay/newtrack",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 0,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => "POST",
        CURLOPT_POSTFIELDS => "amount=25.7&token=155c807bfb2a197d9c77535&sign=d09a8a68c1d65df919f87d50d8bd78ef3195f1f9bbc84c50cf82c231ff12e22a&login=LOGIN&order_id=202",
        CURLOPT_HTTPHEADER => array(
                "Content-Type: application/x-www-form-urlencoded"
        ),
));

$response = curl_exec($curl);

curl_close($curl);
echo $response;
curl --location --request POST 'https://zerocryptopay.com/pay/newtrack' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'amount=25.7' \
--data-urlencode 'token=155c807bfb2a197d9c77535' \
--data-urlencode 'sign=d09a8a68c1d65df919f87d50d8bd78ef3195f1f9bbc84c50cf82c231ff12e22a' \
--data-urlencode 'login=LOGIN' \
--data-urlencode 'order_id=309'

Signature Calculation

SECURITY
Signature Calculation
Signature for Creating Payment

Signature is formed from 4 values, concatenated without separators:

sha256(AMOUNT + SECRET_KEY + ORDER_ID + LOGIN)

Example:

  • Amount: 25
  • Secret Key: ASDIOFDUIHJS
  • Order ID: 9992
  • Login: MYLOGIN

Resulting string to hash: 25ASDIOFDUIHJS9992MYLOGIN

Signature: sha256(25ASDIOFDUIHJS9992MYLOGIN)

If the signature does not match the calculation on the Zerocryptopay server, the system will return an error in JSON format.
Signature for Status Check

Signature for status checking is formed from 5 values:

sha256(TOKEN + HASH_TRANS + SECRET_KEY + ID_TRACK + LOGIN)
Signature for WebHook Verification

Signature for WebHook verification is formed from 6 values:

sha256(TOKEN + AMOUNT_FOR_PAY + SECRET_KEY + HASH_TRANS + METHOD_PAY + LOGIN_ACCOUNT)
Code Examples for Signature Calculation
const crypto = require('crypto');

const postData = {
  amount: '100',
  secret_key: 'mysecretkey',
  order_id: '123456789',
  login: 'mylogin'
};

const sign = crypto.createHash('sha256')
                 .update(postData.amount + postData.secret_key + postData.order_id + postData.login)
                 .digest('hex');
$postdata = array(
  "amount" => "100",
  "secret_key" => "mysecretkey",
  "order_id" => "123456789",
  "login" => "mylogin"
);

$sign = hash("sha256", $postdata["amount"] . $postdata["secret_key"] . $postdata["order_id"] . $postdata["login"]);

echo $sign;

WebHook Notifications

POST
WebHook URL (your server endpoint)

ZeroCryptoPay will send POST notifications to your WebHook URL when payment status changes.

IPv4 Addresses

We use the following IP addresses for notification on the webhook URL (current ones will always be written on this page):

  • 176.124.192.233
WebHook Request Parameters
Parameter Type Description
id_track integer Payment tracking order ID, is unique
amount float The amount that was requested for tracking
amount_for_pay float The amount that the system will expect to receive
hash_trans string Order hash code, is unique
unixtime integer Unix timestamp of order creation
method_pay string Name of payment method
signature string SHA256 signature for verification
order_id string The value that was passed when the order was created
status string Payment status ("paid" for successful payment)
Expected WebHook Response

Your server should respond with a JSON containing the id_track:

{"id_track": 1000}
The system will attempt to send the notification up to 5 times. If the response doesn't match the required format, the next attempt will happen after 60 seconds.
WebHook Signature Verification

To verify the authenticity of WebHook requests, calculate the signature and compare it with the one received:

sha256(TOKEN + AMOUNT_FOR_PAY + SECRET_KEY + HASH_TRANS + METHOD_PAY + LOGIN_ACCOUNT)

PHP implementation example:

// Webhook data received
$webhookData = $_POST;

// Your configuration
$config = [
    'token' => 'your_token',
    'secret_key' => 'your_secret_key',
    'login' => 'your_login'
];

// Calculate expected signature
$signString = $config['token'] . 
              $webhookData['amount_for_pay'] . 
              $config['secret_key'] . 
              $webhookData['hash_trans'] . 
              $webhookData['method_pay'] . 
              $config['login'];
              
$expectedSignature = hash('sha256', $signString);

// Verify signature
if ($expectedSignature === $webhookData['signature'] && $webhookData['status'] === 'paid') {
    // Payment is verified
    echo json_encode(['id_track' => $webhookData['id_track']]);
} else {
    // Invalid signature
    http_response_code(400);
    echo 'Invalid signature';
}

Check Payment Status

POST
/pay/status

Manually check the status of a payment.

Request Parameters
Parameter Type Description Required
id_track integer Payment tracking order ID Yes
token string Token from your account settings Yes
hash_trans string Order hash code Yes
signature string SHA256 signature Yes
login string Your login in the system Yes
Signature Calculation
sha256(TOKEN + HASH_TRANS + SECRET_KEY + ID_TRACK + LOGIN)
Responses
200 Successful Response
{
    "status": true,
    "error_code": 0,
    "id_track": "29893",
    "amount": "27.633033",
    "amount_for_pay": "27.633270",
    "hash_trans": "646371ef7f22530ea69edf02c976c987",
    "unixtime": "1654447146",
    "signature": "f7520c356143321da25c2c16c37aadfb",
    "order_id": "d906250ddb19a3f323a6401d5277ff61",
    "event_status": "paid"
}
Response Fields
Field Type Description
status boolean Operation status (true/false)
error_code integer Error code (0 if successful)
id_track string Payment tracking order ID
amount string Original requested amount
amount_for_pay string Amount that should be paid
hash_trans string Order hash code
unixtime string Unix timestamp of order creation
signature string Response signature
order_id string Your provided order ID
event_status string Payment status ("paid", "unpaid", or "pending")

The signature in the response is calculated as:

sha256(TOKEN + AMOUNT_FOR_PAY + SECRET_KEY + HASH_TRANS + LOGIN)

You can use this signature to verify that the response is valid and has not been tampered with.

Code Examples
var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://zerocryptopay.com/pay/status/',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded',
  },
  form: {
    'id_track': '29893',
    'signature': '247b0bb910911f0d35d365fe46f352ca',
    'token': 'ac22221ac3355c807bfb2a197d9c77535',
    'hash_trans': 'd09a8a68c1d65df919f87d50d8bd7',
    'login': 'LOGIN'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_URL => "https://zerocryptopay.com/pay/status/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 0,
  CURLOPT_FOLLOWLOCATION => true,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "id_track=29893&signature=247b0bb910911f0d35d365fe46f352ca&token=ac22221ac3355c807bfb2a197d9c77535&hash_trans=d09a8a68c1d65df919f87d50d8bd7&login=LOGIN",
  CURLOPT_HTTPHEADER => array(
    "Content-Type: application/x-www-form-urlencoded",
  ),
));

$response = curl_exec($curl);
curl_close($curl);
echo $response;
curl --location --request POST 'https://zerocryptopay.com/pay/status/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'id_track=29893' \
--data-urlencode 'signature=247b0bb910911f0d35d365fe46f352ca' \
--data-urlencode 'token=ac22221ac3355c807bfb2a197d9c77535' \
--data-urlencode 'hash_trans=d09a8a68c1d65df919f87d50d8bd7' \
--data-urlencode 'login=LOGIN'

Error Codes

ERRORS
Error Codes Reference
Error Code Description
0 No errors (successful operation)
10 Insufficient funds on balance for payment processing
11 Signature for payment creation form did not pass the check
12 User with provided API credentials not found
13 Invalid signature on tracking status request
14 Tracking with the passed ID was not found
19 The order_id has already been used
20 Merchant account temporarily suspended

PHP Library

CLIENT
PHP Library Usage

You can use our PHP library for easier integration. Download the library.

Example Usage
// Initialize ZeroCryptoPay API client
$zerocryptopay = new Zerocryptopay([
    'base_api' => 'https://zerocryptopay.com'
]);

// Create payment
$paymentData = [
    'amount'     => 25.7,
    'secret_key' => 'your_secret_key',
    'token'      => 'your_token',
    'login'      => 'your_login',
    'order_id'   => 'order_' . time()
];

$response = $zerocryptopay->newPay($paymentData);

// Check payment status
$statusData = [
    'id_track'   => $response['id'],
    'hash_trans' => $response['hash_trans'],
    'secret_key' => 'your_secret_key',
    'token'      => 'your_token',
    'login'      => 'your_login'
];

$statusResponse = $zerocryptopay->getStatus($statusData);

// Process webhook notification
$webhookParams = $_POST;
$config = [
    'SumOrder'         => 25.7,
    'token'            => 'your_token',
    'secret_key'       => 'your_secret_key',
    'login_zerocrypt'  => 'your_login',
    'order_id'         => 'your_order_id'
];

$verificationResult = $zerocryptopay->verifPay($config, $webhookParams);

if ($verificationResult['status']) {
    // Payment verified
    echo json_encode(['id_track' => $webhookParams['id_track']]);
} else {
    // Invalid verification
    http_response_code(400);
    echo 'Invalid payment data';
}