AZA-ZPayA-ZPay bank-transfer API

Errors

Partner API errors use HTTP status codes and JSON error messages.

  • 400: invalid request body, unsupported currency, missing customer.username, missing customer.fullName, missing redirectUrl, invalid IBAN, invalid amount, or amount outside platform-wide limits.
  • 401: missing API key, missing signature headers, stale timestamp, or invalid HMAC signature.
  • 403: the authenticated casino API key is inactive or does not own the requested transaction.
  • 404: transaction not found in the authenticated casino scope.
  • 409: duplicate externalReference for the same casino and transaction type.
{
  "error": "Deposit amount must be at least 100.00 TRY"
}
Handle API errors
async function azPayJson(url, options) {
const response = await fetch(url, options);
const payload = await response.json().catch(() => ({}));
if (!response.ok) {
  if (response.status === 401) throw new Error('Check API key, timestamp, apiSecret and hashSecret signature');
  if (response.status === 409) throw new Error('Duplicate externalReference; load the existing transaction instead');
  throw new Error(payload.error || 'A-ZPay API error');
}
return payload;
}
<?php
function assertAZPaySuccess(string $responseBody, int $status): array {
  $payload = json_decode($responseBody, true) ?: [];
  if ($status >= 200 && $status < 300) return $payload;
  if ($status === 401) throw new RuntimeException('Check API key, timestamp, apiSecret and hashSecret signature');
  if ($status === 409) throw new RuntimeException('Duplicate externalReference; load the existing transaction instead');
  throw new RuntimeException($payload['error'] ?? 'A-ZPay API error');
}

A hosted payment-page redirect only means the player clicked the transfer-sent button. Do not change player balance until a verified signed webhook arrives.