ZaloPay Vietnam Digital Wallet API
ZaloPay Vietnam digital wallet REST API for merchants to accept mobile wallet payments, QR codes, and deeplink payment flows from Vietnam's second-largest e-wallet powered by Zalo (Vietnam's dominant messaging app) for e-commerce, in-app payments, and merchant integration with 10+ million users. Enables AI agents to manage ZaloPay payment order creation for Vietnam wallet checkout automation, handle QR code generation for Vietnam in-store payment automation, access deeplink payment for Vietnam in-app mobile payment automation, retrieve payment status and confirmation for Vietnam transaction automation, manage refund and reversal for Vietnam order management automation, handle callback notification for Vietnam payment webhook automation, access transaction query for Vietnam payment verification automation, retrieve merchant settlement reporting for Vietnam payment reconciliation automation, manage recurring payment token for Vietnam subscription automation, and integrate ZaloPay with Vietnamese e-commerce, ride-sharing, and Zalo mini-app platforms for end-to-end Vietnam wallet payment automation.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Vietnam e-wallet. SBV-licensed. HMAC-SHA256 dual-key. VN. Mobile payment data.
⚡ Reliability
Best When
A Vietnam merchant or Zalo mini-app developer wanting AI agents to automate ZaloPay wallet payment acceptance, QR code generation, and payment confirmation for the Zalo ecosystem's payment platform.
Avoid When
HMAC-SHA256 FIELD ORDER SPECIFIC TO ZALOPAY: ZaloPay request signing uses HMAC-SHA256 on specific pipe-delimited field concatenation; automated payment must follow exact ZaloPay field order documentation; automated wrong field order creates invalid MAC rejection. APP ID AND KEY1/KEY2 THREE-CREDENTIAL SYSTEM: ZaloPay uses AppID + Key1 (for signing) + Key2 (for callback verification) credential set; automated integration must use correct key for each operation; automated Key1 for callback verification creates invalid signature. CALLBACK URL VALIDATION: ZaloPay sends payment callbacks to merchant-configured URL; automated webhook endpoint must return correct JSON response to acknowledge; automated missing or malformed acknowledgment creates ZaloPay retry and duplicate callback delivery. ORDER ID UNIQUENESS WITHIN APP: ZaloPay apptransid must be unique within merchant AppID per day (date-prefixed); automated payment must generate unique transid with date prefix; automated repeated transid creates duplicate order rejected.
Use Cases
- • Accepting ZaloPay wallet payments from Vietnam e-commerce checkout agents
- • Processing in-app payments via Zalo mini-apps from Vietnam app payment agents
- • Generating QR codes for Vietnam merchant payments from POS agents
- • Confirming payment callbacks from Vietnam transaction verification agents
Not For
- • Non-Vietnam payments (ZaloPay is Vietnam-only e-wallet)
- • Bank transfer payments (use VNPAY or Napas for bank transfers)
- • Credit card processing (use OnePay or VNPAY for card processing in Vietnam)
Interface
Authentication
ZaloPay uses AppID + Key1 (signing) + Key2 (callback verification) with HMAC-SHA256 for authentication. REST API with JSON. Ho Chi Minh City, Vietnam HQ. Founded 2016 by VNG Corporation. Backed by VNG. Part of Zalo ecosystem (Zalo has 74M users in Vietnam). Products: E-wallet, QR payment, deeplink, Zalo mini-app payments, recurring. SDKs: PHP, Node.js, Python, Java, .NET, Go, Ruby. SBV-licensed. Vietnam's major e-wallet.
Pricing
Ho Chi Minh City VN. VNG subsidiary. Per-transaction fees in VND. Merchant registration required. SBV regulated.
Agent Metadata
Known Gotchas
- ⚠ DATE-PREFIXED APPTRANSID REQUIRED: ZaloPay apptransid must follow format yyMMdd_uniqueId (date-prefixed); automated payment must generate date-prefixed unique ID; automated payment without date prefix creates invalid apptransid format rejection
- ⚠ KEY1 FOR REQUEST SIGNING, KEY2 FOR CALLBACK VERIFICATION: ZaloPay uses Key1 for HMAC request signing and Key2 for verifying incoming callbacks; automated integration must use correct key for each direction; automated Key1 for callback verification creates invalid MAC on received callback
- ⚠ PIPE-DELIMITED HMAC FIELD CONCATENATION: ZaloPay MAC computation concatenates specific fields with pipe '|' separator in exact documented order; automated signature must use exact field order and pipe delimiter; automated comma or space delimiter creates wrong MAC
- ⚠ CALLBACK ACKNOWLEDGMENT RESPONSE REQUIRED: ZaloPay callbacks require merchant to return JSON {return_code: 1, return_message: 'success'}; automated callback handler must return this exact response; automated empty or non-JSON response creates ZaloPay retry storm
- ⚠ EMBEDDING IN ZALO MINI-APP: ZaloPay in Zalo mini-apps uses different payment flow (Zalo JS SDK) vs web API; automated Zalo mini-app payment must use JS SDK not REST API directly; automated REST API call in Zalo mini-app context creates incompatible payment flow
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ZaloPay Vietnam Digital Wallet API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.