All Products
Search

This Product

    Financial Intelligence Engine:Migrate from ZOLOZ sandbox to production

    Document Center

    Financial Intelligence Engine:Migrate from ZOLOZ sandbox to production

    Last Updated:Jun 08, 2026

    Update the Host URL, Client ID, and key information in your code to point to the ZOLOZ production environment.

    Server-side modifications

    To migrate from the ZOLOZ sandbox to production, update the Host URL, Client ID, and key information in your code to the production values.

    The Host URL determines which ZOLOZ API environment receives your requests. Each environment has a unique Client ID, and the key information is bound to that Client ID. You must replace all three values with the production credentials. Using sandbox values in production causes API call errors.

    The following image shows the configuration in your code:image.png

    After updating the configuration, run preliminary tests to verify that authentication initiates correctly, API requests succeed, and transaction IDs are returned.

    Obtain production connection configuration

    Obtain the Host URL

    Identify the Host URL based on your portal address. The following table lists production portal addresses and their corresponding Host URLs:

    Environments

    ZOLOZ portal address

    Base API URIs (Host URL)

    Singapore Production

    https://sg-production-portal.zoloz.com/

    https://sg-production-api.zoloz.com/

    Hong Kong Production

    https://hk-production-portal.zoloz.net/

    https://hk-production-api.zoloz.net/

    Indonesia Production

    https://id-production-portal.zoloz.com/

    https://id-production-api.zoloz.com/

    Obtain the Client ID, merchant private key, and ZOLOZ public key

    You need an activated admin account for the ZOLOZ production environment. Log in to the production portal and navigate to the API Key page (Figure 1).

    image.png

    Figure 1

    Obtain the Client ID

    1. Log in to the ZOLOZ portal and go to the API Key page (Figure 1).

    2. Copy the "Client ID" string and save it locally for later use.

    Obtain the merchant private key and the ZOLOZ public key

    1. Log in to the ZOLOZ portal and go to the API Key page (Figure 1).

    2. Copy the "ZOLOZ transaction public key" string and save it locally for later use.

    3. Click Auto-generate. An RSA key pair is generated:

    • The public key is automatically filled into the Client transaction public key field.

    Note: Do not modify this content.

    • The private key is automatically downloaded as merchant_private_key.pem.

    Note: ZOLOZ does not store the client transaction private key and will never request it. Keep your private key secure and do not share it with anyone.

    1. Click Submit to register the client transaction public key in the ZOLOZ system.

    API call errors

    Error

    Possible reasons

    Solution

    SIGNATURE_INVALID

    The signature string does not match the content to be validated.

    Check the ZOLOZ sample demo for the correct configuration. Get API credentials ready for use.

    ACCESS_DENIED

    The account does not have access to this API.

    Only the Real ID API is enabled by default. To use other APIs such as ID Recognize and Face Compare, request additional access.

    Contact ZOLOZ technical support to enable access for additional APIs.

    PRODUCT_QUOTA_LIMIT

    The test quota for API calls has been reached.

    Contact ZOLOZ technical support.

    Provide your sandbox environment information, including the environment name (for example, sg-sandbox), Client ID, and registered email.

    HIGH_RISK

    The risk control engine was triggered.

    Disable risk controls in the sandbox by setting the operationMode parameter of the initialize API, or by selecting the corresponding Risk Level in the demo app:

    Available options:

    • Disable Velocity: use 'STANDARD_VC_CLOSED' in the initialize API, or select 'Standard Risk Level 1' in the demo app.

    • Disable IDN: use 'STANDARD_IDN_CLOSED' in the initialize API, or select 'Standard Risk Level 2' in the demo app.

    • Disable both Velocity and IDN: use 'STANDARD_VC_IDN_CLOSED' in the initialize API, or select 'Standard Risk Level 3' in the demo app.

    The demo app interface:

    image.png

    Definitions:

    • IDN: One user ID is linked to multiple eKYC documents, or one identity is used by multiple user IDs.

    • Velocity: Too many requests in a short period trigger rate-based risk controls (for example, DDoS-like patterns).

    MERCHANT_NOT_FOUND

    The Client ID, endpoint URL, ZOLOZ public key, or merchant private key is incorrect.

    Verify the following configurations:

    1. Verify that the environment is correct. Understand environments and service endpoints.

    ** The portal environment must match the endpoint/URL environment.

    1. Verify that the Client ID spelling is correct.

    2. If the error persists, verify the ZOLOZ public key and merchant private key configuration.

    ** Key misconfiguration typically causes INVALID_SIGNATURE rather than MERCHANT_NOT_FOUND.

    PARAM_MISSING

    Required request parameters are missing.

    Verify your request parameter values against the documentation.

    If an optional parameter is included, its value cannot be empty.

    SYSTEM_ERROR

    Possible causes:

    1. The request parameter value is not supported.

    2. A system exception has been triggered.

    1. Verify your request parameter values against the ZOLOZ API Reference. Optional parameters cannot have empty string values.

    2. If the issue persists, provide the request and response details to ZOLOZ technical support.