POST /checkout/order-from-product
Call your Zenofy API host from a trusted backend or automation. The order is scoped to your merchant account via an API key; only products you own can be ordered.
Base URL: the HTTPS origin where the Zenofy API is deployed (for example https://api.zenofy.io). This endpoint path is <code>/checkout/order-from-product</code> (POST, lowercase routing).
Generate a Checkout API key in the merchant app: Settings → Checkout API key. Send it on every request as the Api-Key HTTP header (plain text, not Bearer). Revoke or rotate the key from the same screen if it leaks.
The JSON body uses camelCase property names. The product must belong to the same merchant as the key, be active, and pass platform checks (for example merchant account active). Bump product ids must also belong to you and be valid bumps for the main product.
Authentication
Header Api-Key: your full secret key string (the value is only shown once when generated). Missing or invalid keys return HTTP 401 with a JSON body.
HTTP request
POST · Content-Type: application/json · Api-Key
Sample request (illustrative)
POST /checkout/order-from-product HTTP/1.1
Host: api.zenofy.io
Api-Key: YOUR_CHECKOUT_API_KEY
Content-Type: application/json
{ ... }JSON body (fields)
| Field | Type | Notes |
|---|---|---|
productId | string | Required. Your product id (same as in the dashboard). |
customerName | string | Required. Full name (at least two words), length and character rules enforced. |
email | string | Required. Valid address with a domain TLD. |
phoneNumber | string | Required. International format with + and country code (e.g. +258821234567): 7–15 digits after +, per E.164 length. Spaces and punctuation are stripped. |
bumpProductIds | array of strings | Optional. Selected bump product ids; discounts follow your bump configuration. |
currency | string | Optional. Three-letter ISO code (e.g. MZN, USD). Falls back to the product main currency if omitted or invalid. |
couponCode | string | Optional. Validated like checkout; invalid coupon returns an error JSON. |
language | string | Optional. Stored on the order (e.g. en, pt) when supported. |
Sample JSON body
{
"productId": "507f1f77bcf86cd799439011",
"customerName": "João Silva",
"email": "buyer@example.com",
"phoneNumber": "+258840000000",
"bumpProductIds": ["507f191e810c19729de860ea"],
"currency": "MZN",
"couponCode": null,
"language": "pt"
}Successful response
HTTP 200 with Content-Type: application/json. On success: success true, orderId, paymentPath (path only, e.g. /o/ORDER_ID), and paymentUrl (absolute HTTPS URL to open the payment step on your pay host). On validation or business errors you may still get HTTP 200 with success: false and a message string — treat both status code and body.
HTTP 200 — success
{
"success": true,
"orderId": "673f92b2c3d94a0012abcd01",
"paymentPath": "/o/673f92b2c3d94a0012abcd01",
"paymentUrl": "https://pay.zenofy.io/o/673f92b2c3d94a0012abcd01"
}