Skip to main content
Learn the reviewed public payment flow in the current repo: create charges, verify outcomes, refund when needed, and reuse saved payment methods for recurring billing.
Some older payment docs still reference a hosted-checkout initialize flow. The live reviewed public contract in this repo is the charges, refunds, and tokens surface documented here.

What You’ll Learn

  • create customer-present charges
  • verify charge status
  • process refunds
  • tokenize payment methods safely
  • run recurring merchant-initiated renewals
  • handle webhooks for real-time updates

Prerequisites

Before starting, ensure you have:
  • Zentra developer account (Create account)
  • your API keys from the dashboard
  • a webhook endpoint configured
  • a stable idempotency strategy in your backend

Payment Flow Overview

Step 1: Tokenize a Payment Method

Tokenize the payment method so your backend does not need to store raw payment credentials. Reviewed public token routes:
  • POST /api/v1/payments/tokens/card
  • POST /api/v1/payments/tokens/bank-account
  • GET /api/v1/payments/customers/{customer_id}/tokens

Step 2: Create a Customer-Present Charge

Create the initial charge with a stable reference and an idempotency key.

Step 3: Verify the Charge

Verify the final status before you mark the order as paid.
For setup charges, verification is also the step that makes a saved payment token ready for later merchant_initiated renewals.

Step 4: Handle Webhooks

Set up webhooks for reliable payment confirmation and refunds.

Step 5: Process Refunds

Use POST /api/v1/payments/refunds with a stable business reference and idempotency key.

Step 6: Run Recurring Renewals

After a verified customer-present setup charge, later renewals can reuse the same token:
Recurring renewals should fail closed if the token was never primed by a verified customer-present charge.

Best Practices

  • keep all amounts in integer minor units
  • make every charge and refund idempotent
  • verify server-side before updating business state
  • treat webhooks as replay-safe and signature-verified
  • never store raw PAN or CVV in your own application

Next Steps

Payments Overview

Review the current charge, refund, and token contract.

Handling Webhooks

Build replay-safe event processing.