Developer Tools

Learn how to generate API Keys, set up webhooks, and how to view logs. Also learn how you can learn about the different integration flows from the ZWITCH Dashboard using API Playground.

The Developer Tool section is made for developers. It contains 4 sub-sections:

  • API Keys
  • Logs
  • Webhooks
  • API Playground

API Keys

ZWITCH uses bearer tokens to authorize API calls. All API calls must include an authorization header with this bearer token. The bearer token contains your ZWITCH API key which is a combination of your Access Key and your Secret Key. You can only generate and view your Access and Secret Key from the Dashboard.

Generate API Key

Follow the below steps to generate your ZWITCH Access Key and Secret Key.

  1. Log in to your ZWITCH Dashboard.
  2. Select the environment for which you want to generate your Access Key and Secret Key.
  3. Navigate to Developers β†’ API Keys.

The first pair of Access and Secret Key is automatically generated the first time you log into your Dashboard.

Additional Secret Keys

You could have multiple development teams working on your application all of whom need access to ZWITCH. When sharing a single Secret Key across different teams, you have to make sure your Secret Key is stored and shared securely. This could prove to be a security challenge.

Instead, you can have multiple active Secret Keys that can be used by different teams. Your account can have a total of 50 active Secret Keys.

πŸ“˜

Live Mode Only

You can generate additional Secret Keys only in live mode. Currently, this feature is not available in sandbox mode.

Generate Additional Secret Keys

Follow the below steps to generate additional Secret Keys.

  1. Log in to your ZWITCH Dashboard.
  2. Switch to Live Mode.
  3. Navigate to Developers β†’ API Keys.
  4. Click + Create secret key.
  5. Enter a name for the additional Secret Key on the Create a new secret key popup. This helps you identify who is using the different Secret Keys and their purpose.
  6. Enter the IP address you want to whitelist. This step is optional.

πŸ“˜

Note:

You can configure secret keys to be restricted to two specific IP addresses. This feature enables access restrictions for certain API functionalities or endpoints based on the associated IP addresses of the secret keys.

  1. Click Create.
    The additional Secret Key is created.

The video below explains the step-by-step action to generate additional secret API keys.

Delete Secret Keys

Currently, it is not possible to delete your Secret Keys from the Dashboard.

Contact our Support Team. In case you need to delete your Secret Key.

Keeping Your Keys Safe

Treat your API Key as you would any other password since it can be used to directly access your data. Publicly exposing your API Key could comprise your account and lead to it being misused to commit fraud.

Below are some best practices you can follow to secure your API Key.

  • Do not embed API keys directly in your code.
  • Ensure you keep your API Key out of any version control system you may be using.
  • Do not use your Key Secret when making public API calls.
  • Store your API Key as environment variables or in a file outside your application's source tree.
  • Restrict access to your key using a password manager or secrets management service.

Logs

We log all API calls made by you. The Logs section on the Dashboard lets you view these logs for easy reference and debugging.

Each log contains the following details:

  • Endpoint used
  • HTTP status returned
  • Log ID
  • IP Address from which the API call was made
  • Trace ID
  • Request body
  • Response body

The Logs section displays information specific to the mode you are using. That is, in the Sandbox mode, the Logs section displays information about AI calls made using Sandbox API Keys. In the Live mode, the Logs section displays information about AI calls made using Live API Keys.

Webhooks

All important activity on your ZWITCH account is recorded as an event. We use webhooks to notify you about important events on your account. These webhooks contain details about the event such as changes that occurred and the resources impacted by the change.

We send webhooks as HTTP POST call to a URL configured by you. The webhook payload uses the JSON format.

🚧

Webhooks are Asynchronous

We recommend you treat webhooks as asynchronous events and do not depend on them for time-sensitive actions. While we try to deliver webhooks to you within a few seconds, there could be delays due to network and technical issues.

For time-sensitive actions, we recommend polling our APIs instead.

Multiple Webhook Endpoints

You could have different teams handling different parts of your business. For example, you could have different teams to handle the non-financial and financial parts of your business. The non-financial team would need webhook events related to account and beneficiary creation while the financial team would need events related to transfers and payments.

To handle these scenarios, ZWITCH allows you to configure multiple webhook endpoint URLs. You can configure up to 50 active webhook endpoint URLs on your ZWITCH account.

Set Up Webhooks

Follow the below steps to set up your webhook endpoint URL and configure events for which you want to receive payloads.

  1. Log in to your ZWITCH Dashboard.
  2. Select the environment for which you want to set up the webhook endpoint URL.
  3. Navigate to Developers β†’ Webhooks.
  4. Click +Add Endpoint.
  5. Enter the required information on the Add a Webhook Endpoint popup.
    a. Endpoint URL: (mandatory) The HTTPS webhook endpoint URL where you want to receive and store the payloads.
    b. Description: A description of the webhook endpoint URL. This helps you identify the purpose of the endpoint and the events configured to it.
    c. Select the events for which you want to receive payloads using the Events to Send dropdown. Available webhook events.
  6. Click Add Endpoint.

The video below explains the step-by-step action to set up the webhook events.

Test Webhooks from the Dashboard

ZWITCH lets you trigger webhook events from the Dashboard without having to make API calls.

πŸ“˜

Prerequisite

You should have a webhook endpoint set up before you can trigger events from the Dashboard.

Follow the below steps to trigger webhooks from the Dashboard.

  1. Log in to your ZWITCH Dashboard.
  2. Select Sandbox Mode.
  3. Navigate to Developers β†’ Webhooks.
  4. Click Test Webhook.
  5. Select the webhook you want to trigger on the Test Webhook screen.
  6. Click Send test webhook.

Zwitch sends a sample event to the configured webhook endpoint URL.

The video below explains the step-by-step action to test the webhooks from the dashboard.

API Playground

The API Playground serves as a learning environment allowing non-technical members of your organization try out and get familiar with the integration flows for different products from the Dashboard.

Currently, the API Playground supports the following integration flows:

  • Virtual Account - Wallet
  • KYC Verification
    • Verify Aadhaar via OTP
    • Verify PAN
  • Savings Account
  • Current Account - Individual
  • Current Account - Sole Proprietorship
  • Debit Cards