OptionalapiExplicit, never inferred. PayZen selects TEST vs LIVE by the KEY SET, not the endpoint — the adapter validates that the password family matches this declaration and refuses mismatches.
OptionalfetchInjected for tests.
Optionalinit: RequestInitOptionalinit: RequestInitOptionalhmacBack Office "HMAC-SHA-256 key" — signs BROWSER-return kr-answers
(kr-hash-key: "sha256_hmac"). Optional because IPN-only integrations
never see that path. Accepts an array for rotation.
OptionalmaxAutomatic retries for transport-level trouble only (network failure, timeout, HTTP 5xx, 429) with exponential backoff. Default 2. PayZen answers HTTP 200 even for errors, so business errors NEVER retry here — and because PayZen has no idempotency mechanism at all, refunds and state-transition calls are never auto-retried either (a lost response may mean the operation was applied); their transport failures surface retryable: false so callers cannot replay them blindly.
REST API password for the SELECTED environment (testpassword_… /
prodpassword_…). Also the HMAC key that signs IPN kr-answers
(kr-hash-key: "password"). An array keeps old + new valid while the
Back Office key is being regenerated (any entry verifies IPNs); the FIRST
entry authenticates REST calls.
OptionalrequestAbort a hung PayZen connection after this many milliseconds (default 30000). The timer covers the whole exchange including the response body read. Timeouts surface as psp_unavailable — retryable except on refund/cancel/validate, whose outcome is unknown.
Back Office "User" — the numeric shop id, Basic-auth username.
OptionalsleepInjected backoff sleep for retry tests; defaults to real setTimeout.
REST API base up to (excluding) /V4 — the Back Office "Server name" plus "/api-payment". Sister Lyra platforms use different hosts, so this is config, not a constant. Default: https://api.payzen.eu/api-payment