1. Payin Initiate API POST

Description: Initiates a transaction from customer to merchant via secure channel.

📍 Endpoint
https://stanzape.com/api/uat/payin/init/
🔐 Headers
Content-Type: application/json
"X-Signature: " . base64_encode(hash_hmac('sha256', $json_body, $shared_secret, true))
🌐 Cross-Language HMAC Logic

🌐 Cross-Language HMAC Logic

Language Core Logic
Node.js crypto.createHmac('sha256', key).update(message).digest('base64')
Python base64.b64encode(hmac.new(key, msg, hashlib.sha256).digest()).decode()
Java Base64.getEncoder().encodeToString(mac.doFinal(message.getBytes()))
PHP base64_encode(hash_hmac('sha256', $message, $key, true))
📤 Request JSON Body
{
  "orderdata": {
    "orderid": "ORD2025010112562223",
    "userid": "1111199999",
    "mobile": "1111199999",
    "email": "test@gmail.com"
  },
  "paymentdata": {
    "amount": 100.00,
    "currency": "INR",
    "mode": "PAY"
  },
  "merchantdata": {
    "mid": "XXXXXX02",
    "authkey": "XXXXXXXXXXXXXXstanzakey"
  }
}
📋 Parameter Breakdown
FieldTypeRequiredDescription
orderidStringYesUnique order reference
useridStringYesCustomer or User ID
mobileStringYesCustomer phone number
emailStringYesEmail address of customer
amountDecimalYesAmount to charge
currencyStringYesCurrency (e.g., INR)
modeStringYesPayment mode (UPI_INTENT)
midStringYesMerchant ID issued by StanzaPe
authkeyStringYesAuthentication token for API access
✅ Success Response
{
  "status": "STANZA001",
  "message": "Transaction successful",
  "transactionid": "TXN1234567890",
  "orderid": "ORD2025010112562223",
  "amount": 100.00,
  "currency": "INR",
  "timestamp": "2025-07-23T22:15:00+05:30",
  "paymenturl": "upi://pay?pa=xxx@upi&pn=Merchant&am=100" / "https://stanzape.com/pay?id=ORD2025010112562223"
}
❌ Error Response
{
  "message": "STANZA002", /*Status Code*/
  "message": "Error Msg"
}
📟 HTTP Response Codes
StatusCodeMeaning
STANZA001Request processed successfully
⚠️STANZA002Bad Request – Invalid or missing params
🔐STANZA003Unauthorized – Invalid auth key
💥STANZA004Server error – try again later

🔐 Signature Security

All API calls must include an X-Signature header. The value should be an HMAC SHA256 hash of the raw JSON body using your shared secret key.

"X-Signature: " . base64_encode(hash_hmac('sha256', $json_body, $shared_secret, true))
🛡️ Security Guidelines:

📩 Webhook Response

After a successful transaction, StanzaPe will send a webhook notification to your registered webhook URL.

📨 Sample Webhook JSON
{
  "status": "STANZA001",
  "message": "Callback Sent Successfully",
  "data": {
    "orderid": "ORD2025010112562223",
    "status": "TXN_SUCCESS",/"TXN_FAILURE",/"PENDING",
    "amount": "100.00",
    "utr": "287314698139"
  }
}

🔎 Payin Status Check API POST

Description: Check the transaction status using the orderid.

📍 Endpoint
https://stanzape.com/api/uat/payin/status/
🔐 Headers
Content-Type: application/json
"X-Signature: " . base64_encode(hash_hmac('sha256', $json_body, $shared_secret, true))
📤 Request JSON Body
{
  "request": {
    "orderid": "ORD2025010112562223"
  },
  "merchantdata": {
      "mid": "XXXXXX02",
      "authkey": "XXXXXXXXXXXXXXstanzakey"
  }
}
✅ Sample Success Response
{
  "status": "STANZA001",
  "message": "Order Found",
  "order": {
    "orderid": "ORD2025010112562223",
    "amount": "100.00",
    "status": "TXN_SUCCESS",/"TXN_FAILURE",/"PENDING",
    "created_at": "2025-07-23T22:15:00+05:30",
    "utr": "287314698139"
  }
}
❌ Sample Failure Response
{
  "status": "STANZA002",
  "message": "Error Msg"
}

📬 Need Help?

If you're facing issues or need integration support, Email: support@stanzape.com or connect with our team.