These API Terms of Use govern the use of Ztake's APIs, SDKs, Webhooks, developer tools, authentication systems, and integration frameworks.
Ztake APIs enable You to collect payments via UPI, Cards, Netbanking, Wallets, initiate payouts & settlements, verify bank accounts and identity data, retrieve transaction logs, receive webhook notifications, generate tokens and manage users, and access merchant dashboards programmatically. APIs must be used solely for legitimate business operations approved by Ztake.
You are responsible for securing API Keys, Access Tokens, and Secrets. Credentials must never be shared publicly, embedded in client-side code, or stored insecurely. If You suspect key leakage, You must immediately rotate Your keys, inform Ztake, and review access logs. You must implement HTTPS, secure storage, authentication layers, and IP whitelisting. Failure to follow security practices may result in API suspension.
You may use Ztake APIs to process legitimate customer payments, integrate Ztake into Your website/app, automate backend payment workflows, use sandbox for development, create secure server-side integrations, and receive webhook event notifications. All uses must be compliant with Indian laws and Ztake's policies.
You must NOT use APIs for fraudulent, illegal, or unauthorized activities, process payments for prohibited business categories (gambling, drugs, pornography), misuse or overload Ztake servers, share or resell Ztake APIs without permission, conduct reverse engineering or decompilation, use APIs in client-side frontend code, tamper with transactions or responses, or use APIs for transaction laundering. Violations will result in immediate termination and legal action.
Ztake APIs include rate limits to ensure platform stability. You agree to respect published rate limits, avoid sending bulk API requests unnecessarily, use batching wherever allowed, and implement retry logic with exponential backoff. Repeated rate limit abuse may result in throttling or suspension.
You must provide a secure HTTPS webhook URL and validate Ztake signatures on all events. Duplicate webhook events must be handled idempotently. Failure to acknowledge events may lead to retries or webhook disabling. Webhooks may include events such as Payment Success/Failure, Refund Status, Payout Status, Settlement Alerts, KYC Changes, and Fraud Flags. You are responsible for securing Your webhook server.
All data received via APIs must be used only for business purposes approved by Ztake. You must comply with Ztake's Privacy Policy & Indian data protection laws. You may not store card details, raw Aadhaar, PINs, passwords, or sensitive information. User data cannot be sold, rented, or used for profiling without consent. Ztake reserves the right to audit Your data usage practices.
Ztake may suspend or terminate API access without notice if fraud is detected, API misuse occurs, risk policies are violated, prohibited items are sold, chargeback fraud increases, KYC is invalid or expired, or regulatory or bank orders require action. Access may be permanently revoked for severe violations.
All API documentation, SDKs, code samples, and systems are proprietary assets of Ztake. You may not copy, distribute, modify, or sell these assets. You must comply with all RBI Regulations, IT Act 2000, PMLA 2002, data protection laws, NPCI Guidelines, and card network rules. Non-compliance may lead to suspension.
Get started with Ztake APIs and access comprehensive documentation, code samples, and technical support:
Ztake Fintech Private Limited | Business Hub, Technology Park, Sector 90, Noida, Uttar Pradesh, India – 201305