API Terms of Use

Ztake APIs enable You to collect payments via UPI, Cards, Netbanking, Wallets, initiate payouts & settlements, verify bank accounts and identity data, retrieve transaction logs, receive webhook notifications, generate tokens and manage users, and access merchant dashboards programmatically.

APIs must be used solely for legitimate business operations approved by Ztake.

You are responsible for securing API Keys, Access Tokens, and Secrets. Credentials must never be shared publicly, embedded in client-side code, or stored insecurely.

If You suspect key leakage, You must immediately rotate Your keys, inform Ztake, and review access logs. You must implement HTTPS, secure storage, authentication layers, and IP whitelisting. Failure to follow security practices may result in API suspension.

You may use Ztake APIs to:

• Process legitimate customer payments.
• Integrate Ztake into Your website/app checkouts.
• Automate backend payment and payout workflows.
• Use the sandbox environment for testing and development.
• Create secure server-side integrations.
• Receive secure webhook event notifications.

All uses must be fully compliant with Indian laws and Ztake's policies.

You must NOT use the APIs to:

• Conduct fraudulent, illegal, or unauthorized activities.
• Process payments for prohibited business categories (gambling, drugs, pornography).
• Misuse, spam, or overload Ztake servers.
• Share, rent, or resell Ztake APIs without written permission.
• Perform reverse engineering, decompilation, or vulnerability scanning.
• Expose credentials in client-side frontend code.
• Tamper with transaction parameters or signature responses.
• Conduct transaction laundering or masking.

Violations will result in immediate API access termination and potential legal action.

Ztake APIs include rate limits to ensure platform stability and protect resources.

You agree to respect published rate limits, avoid sending bulk API requests unnecessarily, use batching wherever allowed, and implement retry logic with exponential backoff. Repeated rate limit abuse may result in throttling or suspension.

You must provide a secure HTTPS webhook URL and validate Ztake signatures on all events.

Duplicate webhook events must be handled idempotently. Failure to acknowledge events may lead to retries or webhook disabling.

Webhooks may include events such as: Payment Success/Failure, Refund Status, Payout Status, Settlement Alerts, KYC Changes, and Fraud Flags. You are responsible for securing Your webhook server.

All data received via APIs must be used only for business purposes approved by Ztake. You must comply with Ztake's Privacy Policy & Indian data protection laws.

You may not store card details, raw Aadhaar, PINs, passwords, or other sensitive information. User data cannot be sold, rented, or used for profiling without consent. Ztake reserves the right to audit Your data usage practices.

Ztake may suspend or terminate API access without notice if:

• Fraud or security breach is detected.
• API misuse or rate limit abuse occurs.
• Risk policies or prohibited items constraints are violated.
• Chargeback fraud ratios increase significantly.
• KYC documents are found to be invalid or expired.
• Regulatory or bank partner orders require action.