Post-Onboarding
After onboarding, configure your account and generate the credentials your API integration needs.
After completing onboarding, you must generate the credentials required for your API integration. This step is mandatory and works the same way in both the sandbox and production environments.
In addition, you can create and customise flow configurations to tailor the experience and operation behaviour to the needs of your use case. Although Zertiban automatically creates a default configuration for your organisation, defining additional configurations is optional.
This page covers both processes: generating API credentials and creating flow configurations. The rest of the Dashboard features (operations, users, beneficiary accounts, etc.) are documented in the Dashboard section.
Generate API credentials
API credentials are used to securely authenticate all communication between your system and the Zertiban API. Every integration must have at least one active set of credentials in order to consume the platform's protected endpoints.
Authentication is performed via the OAuth2 Client Credentials standard, a mechanism designed for secure and scalable server-to-server communication. Through this flow, your backend exchanges the clientId and clientSecret for a temporary access token that must be included in every authenticated request to the API.
Credentials are generated and managed entirely from the Zertiban Dashboard and work the same way in both the sandbox and production environments. The platform also lets you keep multiple active credentials simultaneously, making secure rotation processes easier with no service impact.
To generate new credentials, go to Developers → New credential.
The system automatically generates the clientId / clientSecret pair associated with your organisation, which will be used to authenticate every API call via OAuth2 Client Credentials.
Credential lifecycle
- The
clientSecretis shown only once during creation. Save it immediately to a secure secrets manager. - Credentials are valid for 180 days. We recommend rotating them before they expire to avoid integration interruptions.
- You can keep multiple credentials active simultaneously, which enables zero-downtime rotation.
- Any compromised or suspicious credential must be revoked immediately from the Dashboard.
Important
Never expose the clientSecret in client applications, frontend code or mobile apps. Credentials must be stored exclusively in secure backend environments and rotated periodically following security best practices.
Create a flow configuration
An operation configuration defines the behaviour of the business flow that the end user will experience when accessing an operation URL. It centralises both the visual aspects of the user experience and the activation of additional features, such as handling flow abandonment or rejection, automatic downloading of generated documents after execution, and other capabilities. It also lets you configure the final callback that will be executed once the process is completed successfully (happy path).
After completing onboarding, Zertiban automatically registers the organisation with a default configuration, so creating a new one is not required to start operating. Nevertheless, we recommend customising configurations to tailor both the user experience and the flow behaviour to the specific needs of each use case.
The Zertiban platform allows you to create multiple operation configurations and select them dynamically through the API based on each client's needs. This way, end users can experience different flows depending on the context or scenario defined. If no configuration is specified in the API call, Zertiban will automatically use the configuration marked as default when generating a new operation.
To create a new configuration, go to Configurations → New configuration.
Identification
| Field | Description |
|---|---|
| Name | Internal label (e.g. "Standard collections 30 days") |
| Description | Optional free text |
Visual appearance: Customer payment page
| Field | Description |
|---|---|
| Icon | URL of the favicon for the browser tab |
| Logo | URL of the logo in the header |
| Primary colour | Main colour for buttons and icons (hex, e.g. #003366) |
| Accent colour | Accent colour for links and highlights (hex, e.g. #FF9900) |
| Language | Default UI language (es, en) |
| Show download button | If true, the payer can download documents |
| Auto-download documents | If true, documents are downloaded automatically after payment |
| Include receipt | If true, the payment receipt is included in the download |
Operation behaviour
| Field | Description |
|---|---|
| Allow rejection | If true, the payer can reject the operation. When this happens, the transaction will move to the final state REJECTED and the flow cannot be executed again. |
| Expiration offset | ISO 8601 duration (days only). E.g. P30D = 30 days. Range: 1–156 days. |
Redirect URLs
Where the payer goes after paying:
| Type | When it triggers |
|---|---|
| Callback | Operation reaches a final state (completed, rejected, cancelled, expired), redirects automatically after requestTimeout seconds |
| Return | The payer clicks the exit button and confirms they want to leave |
Dynamic parameters available in URLs:
| Parameter | Description |
|---|---|
{flowId} | Flow UUID |
{externalFlowId} | Your flow externalId |
{operationId} | Operation UUID |
{externalOperationId} | Your operation externalId |
{language} | Payer session language |
{operationStatus} | Final operation status (callback only) |
{operationResult} | OK (COMPLETED) or KO (callback only) |
{flowStatus} | Final flow status (callback only) |
{flowResult} | OK (COMPLETED/PARTIALLY) or KO (callback only) |
Example callback URL:
https://your-erp.com/result?op={operationId}&status={operationStatus}&invoice={externalOperationId}Once saved, find the configurationUuid in the configuration detail view.
Next step
Go to the Dashboard section to dive deeper into the rest of the management features available in Zertiban, including operations, users, beneficiary accounts and the validation checkpoint for the 6 values required by the platform.