Server-side Modification
To facilitate a smooth transition for our clients from the sandbox to the production environment, this document outlines the configuration details that require adjustment during the migration process, as well as guidance on how to correctly set up these configurations.
During the migration process from the ZOLOZ sandbox environment to the production environment, the focus is on updating the Host URL, ClientId, and key information configured in the code from the sandbox settings to those of the production environment. This is to ensure that when requesting the ZOLOZ API, the requests are directed to the production environment servers.
The configuration information in the code is illustrated as follows:
The Host URL is utilized to indicate which environment's ZOLOZ API is being requested. Under different environments, the ClientId varies, and the key information is bound to the respective ClientId. Therefore, it is imperative to replace the Host URL, ClientId, and key information with the details provided for the production environment when migrating from the sandbox environment. Failure to update these details will result in errors during the ZOLOZ API calls.
After updating the configuration information in the code, it is imperative to conduct preliminary testing to ensure that the basic functionalities are working properly. This includes, but is not limited to, initiating the authentication process, confirming successful interface requests, and verifying that the transaction ID for authentication is being correctly acquired.
How to obtain connection configuration for production
How to obtain the host url
Based on the provided login Portal address, the corresponding Host URL can be identified. Below are the Portal addresses for the production environment and their respective Host URLs:
Environments | ZOLOZ portal address | Base API URIs (Host URL) |
Singapore Production | https://sg-production-api.zoloz.com/ | |
Hong Kong Production | https://hk-production-api.zoloz.net/ | |
Indonesia Production | https://id-production-api.zoloz.com/ |
How to obtain the client id, the merchant's private key and the zoloz's public key
To proceed, you must first possess an admin account that has been activated for the ZOLOZ production environment. Once you have an activated admin account, you can log in to the ZOLOZ production environment portal with the corresponding username and password. After successfully logging in, navigate to the API Key page as illustrated in Figure 1.
Figure 1
How to obtain the client id
Log in to the ZOLOZ portal with your username and password, and navigate to the API Key page as Figure 1 shows.
Copy the "Client ID" string and save it in your local workspace for the later use.
How to obtain the merchant's private key and the zoloz's public key
Log in to the ZOLOZ portal with your username and password, and navigate to the API Key page as Figure 1 shows.
Copy the "ZOLOZ transaction public key" string and save it in your local workspace for the later use.
Click the Auto-generate button, a RSA key pair will be generated, among which:
the public key string is automatically filled into the Client transaction public key field.
Note: Do not modify the content.
the private key string is automatically downloaded to your local workspace as a file called merchant_private_key.pem.
Note: ZOLOZ does not save the client transaction private key, and the ZOLOZ team never asks you for the client transaction private key anytime. Please keep the client transaction private key safe and don't share it with anyone else.
Click the Submit button to register the Client transaction public key in the ZOLOZ system.
API Call Errors
Error | Possible reasons | Solution |
SIGNATURE_INVALID | The extracted signature string does not match the to-be-validated content string. | Please refer to ZOLOZ's sample demo for the correct configuration and see Get API credentials ready for use. |
ACCESS_DENIED | The account does not have access rights to this specific API at the present moment. | Only access to the Real ID API is enabled by default. For other product APIs such as ID Recognize and Face Compare, you will have to request for additional access. Please contact ZOLOZ's technical support to enable access rights for other product APIs to be called. |
PRODUCT_QUOTA_LIMIT | The test quota limit for API calls may have been reached. | Please contact ZOLOZ technical staff to handle your case. You will need to provide sandbox environment information, such as the sg-sandbox environment, the clientID, as well as the email used. |
HIGH_RISK | The risk control engine may have been triggered. | Avoid being detected as high risk when testing in the sandbox environment by disabling the risk controls. You can do this by setting request parameter operationMode of initialize API to different values or select corresponding Risk Level in the demo app: Here is the details:
Your demo app should look like this:
Here are the definitions for IDN and Velocity:
|
MERCHANT_NOT_FOUND | Error(s) may have occured regarding the clientID, endpoint/url, ZOLOZ public key, or merchant private key. | Please check that each of the following configurations are correct:
** Note that the portal environment has to be consistent with the endpoint/url environment.
** Note that this misconfiguration would usually result in an INVALID_SIGNATURE error rather than a MERCHANT_NOT_FOUND error. |
PARAM_MISSING | The required request parameters are missing. | Please check that you are using the correct request parameter values according to the documentation. If an optional request parameter has been passed in, the parameter value cannot be empty. |
SYSTEM_ERROR | Two possible reasons could have occured:
|
|
