Create Payment Link

To create a payment link, you can use the following API endpoint. This allows you to initiate a payment process for a specified amount and currency.

HTTP Request



  • x-api-key: Your API key
  • Content-Type: application/json

Request Body

  "amount": "YOUR_AMOUNT_HERE",
  "currency": "USD",
  "email": "YOUR_EMAIL_HERE",
  "redirectUrl": ""

cURL Example

curl -X POST '' \\
-H 'x-api-key: XXXXXXXXXX' \\
-H 'Content-Type: application/json' \\
-d '{
  "amount": "YOUR_AMOUNT_HERE",
  "currency": "USD",
  "email": "YOUR_EMAIL_HERE",
  "redirectUrl": ""

Webhook Notification

To receive a notification when a user completes a payment, you must set up a webhook URL in your profile. Once the payment is made, a POST request with the payment details will be sent to your webhook URL ONLY ONE TIME.

Webhook Payload

The webhook will send a POST request with the following information:

  • order_id: The Id of the payment link
  • secret: A secret code for verification
  • amount: The amount paid
  • ref: Sent with the payload, for example you can use it to Reference the user id in your system
  • status: Can be "fulfilled" or "timed_out", this will indicate whether the link is paid or not.
  • currency: The code of used currency.

Security Verification

To verify the authenticity of the webhook request, you need to calculate a verification code and compare it with the secret received from the API. Below is a PHP example of how to perform this verification.

PHP Example


$amount = 'your_amount'; // Replace with the actual amount
$order_id = 'your_order_id'; // Replace with the actual payment link ID
$kazawalletApiKey = 'your_kazawallet_api_key'; // Replace with the actual kazawallet API key
$kazawalletApiSecret = 'your_kazawallet_api_secret'; // Replace with the actual kazawallet API secret

// Create the secret string by concatenating the amount, order_id, and kazawalletApiKey
$secretString = $amount . ':::' . $order_id . ':::' . $kazawalletApiKey;

// Generate a SHA-256 hash of the secret string
$hashDigest = hash('sha256', $secretString, true);

// Generate an HMAC-SHA512 hash of the SHA-256 hash using the kazawalletApiSecret
$hmacDigest = hash_hmac('sha512', $hashDigest, $kazawalletApiSecret, true);

// Encode the HMAC-SHA512 hash in Base64
$hmacDigestBase64 = base64_encode($hmacDigest);

// Output the Base64-encoded HMAC-SHA512 signature
echo $hmacDigestBase64;


Verification Process

To ensure the security of the webhook notification, perform the following steps:

  1. Receive the webhook POST request with the order_id, secret, status and amount.
  2. The provided PHP code is just a dummy example to demonstrate how to calculate the HMAC-SHA512 signature based on the received order_id, status and amount, along with your kazawalletApiKey and kazawalletApiSecret.
  3. Compare the calculated HMAC-SHA512 signature with the secret received from the webhook.
  4. If they match, the request is authentic, and you can proceed with processing the payment confirmation.

Please ensure that your API key and secret are kept confidential and are not exposed in client-side code.