Developer Documentation · v6.1.0

Connect your billing.
Activate the brain.

ZenoPay sits between your application and your payment processors. You send events and payment methods. ZenoPay handles routing, retries, churn detection, fraud blocking, and compliance — autonomously.

Architecture Overview

ZenoPay is a tenant-based platform. Each business that connects is a tenant. Each tenant has its own customers, subscriptions, guardrails, vault, and brain instance. Data is fully isolated by Row Level Security at the database layer.

Request Flow — Incoming Charge
Your App
Billing Event
subscription.renew / payment_failed
ZenoPay
Webhook Receiver
POST /api/webhooks
ZenoPay Brain
AI Decision Engine
Claude · Haiku/Opus · 16 tools
Patent 2
Guardrail Engine
LLM-independent · cannot be bypassed
ZenoPay
Rail Router
Scores 15 rails · selects optimal
Stripe
GoCardless
UPI
PIX
M-Pesa
+9 more
Every Decision Generates
Audit Log Entry
Natural-language · append-only · SQL-immutable
Rail Performance
Approval rate · cost · latency · 7-day rolling
Customer Profile
Churn score · LTV · payment health · cohort

Data Isolation Model

All tables are protected by Row Level Security. A tenant can only read and write their own data. The cross-tenant fraud signal network shares anonymized BIN/IP/device hashes only — no customer PII ever crosses tenant boundaries.

Shadow Mode: All new tenants start with shadow_mode: true. The brain reasons and logs decisions but executes no real charges. Disable shadow mode only after verifying the first few decisions look correct for your use case.

What ZenoPay Does

Once connected, ZenoPay operates autonomously across your customer base. These are the systems that activate after connection.

🧠
Autonomous Payment Brain

Claude-powered agent with 16 tools. Charges customers, switches rails, manages subscriptions, and writes audit entries. Haiku for routine decisions; Opus for complex reasoning.

🛤️
Multi-Rail Router

Scores 14 payment rails before every charge. Approval rate (50%), cost (30%), settlement speed (20%). Region-aware — UPI for India, PIX for Brazil, GoCardless for EU subscriptions.

📉
Churn Intelligence

14 behavioral signals scored daily per subscriber. Detects price friction vs engagement decay. Deploys BNPL offers, targeted outreach, or escalates to human above 0.80 threshold.

🛡️
Pre-Auth Fraud Detection

Four layers fire before the processor. BIN blocklist, velocity detection, behavioral baseline, and cross-tenant signal network. Confirmed fraud propagates in <60 seconds.

📋
Recurring Billing Engine

Plans, trials, proration, dunning, coupons, add-ons, usage metering, invoicing. 24 webhook event types. HMAC-signed. Retry queue for failed deliveries.

Payout Disbursement

Move money in both directions. Marketplace seller payouts, creator disbursements, affiliate commissions, contractor payments via Stripe Connect or Braintree Marketplace.

Self-Improvement Cycles

After every 50 decisions per domain, the brain analyzes its own outcomes and proposes refinements. A/B tests run live. Human approval always required before any change applies.

🔒
Compliance Infrastructure

Append-only audit log (SQL-immutable). Guardrail certification packages for SOC 2. Natural-language decision records. No update or delete possible by design.

Quickstart: Connect in 6 Steps

From zero to first autonomous decision. Estimated time: 30–60 minutes depending on your existing billing setup.

1
Create your tenant

Every business on ZenoPay is a tenant. Create yours with your company name, a URL-safe slug, and your support email. You'll receive a tenant_id UUID — save it. Every subsequent API call requires it.

POSTapp.zenopay.ai/api/tenant
bash Create tenant 
curl https://app.zenopay.ai/api/tenant \
  -X POST \
  -H "x-intake-api-key: YOUR_INTAKE_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Corp",
    "slug": "acme-corp",
    "platform_name": "Acme Billing",
    "support_email": "billing@acme.com",
    "plan": "standard"
  }'

# Response
{
  "success": true,
  "tenant_id": "a1b2c3d4-...",
  "slug": "acme-corp",
  "note": "Tenant created in SHADOW_MODE. Disable via guardrail config after testing."
}
2
Define your billing plans

Create at least one plan before creating subscriptions. Plans define the amount, interval, and entitlements. Use the slug as a stable identifier in your code.

POSTapp.zenopay.ai/api/billing/plans
bash Create plan 
curl https://app.zenopay.ai/api/billing/plans \
  -X POST \
  -H "x-intake-api-key: YOUR_INTAKE_KEY" \
  -d '{
    "action": "create",
    "tenant_id": "YOUR_TENANT_ID",
    "name": "Scale",
    "slug": "scale",
    "amount_cents": 9900,
    "currency": "usd",
    "interval": "monthly",
    "features": ["Multi-rail routing", "Fraud detection"],
    "usage_limit": 10000
  }'
3
Tokenize payment methods

ZenoPay vaults payment method tokens from your processor — it never handles raw card numbers. After your checkout flow collects a payment method via Stripe.js or Braintree Drop-in, send the processor token to ZenoPay's vault. ZenoPay encrypts it with AES-256-GCM and associates it with the customer.

POSTapp.zenopay.ai/api/vault/tokenize
bash Tokenize payment method 
curl https://app.zenopay.ai/api/vault/tokenize \
  -X POST \
  -H "x-intake-api-key: YOUR_INTAKE_KEY" \
  -d '{
    "tenant_id": "YOUR_TENANT_ID",
    "customer_id": "cust_abc123",
    "rail": "stripe",
    "processor_token": "pm_1NXxx2...",
    "last4": "4242",
    "brand": "visa",
    "expiry_month": 12,
    "expiry_year": 2027,
    "is_default": true
  }'

# Supported rails: stripe, authnet, adyen, braintree, gocardless,
# checkout, crypto, upi, alipay, wechat_pay, unionpay, pix, mpesa,
# 2c2p, promptpay, apple_pay, google_pay
4
Create your first subscription

Once a customer has a vaulted payment method and a plan exists, create the subscription. ZenoPay handles trial periods, first charge timing, and dunning automatically.

POSTapp.zenopay.ai/api/billing/subscriptions
bash Create subscription 
curl https://app.zenopay.ai/api/billing/subscriptions \
  -X POST \
  -H "x-intake-api-key: YOUR_INTAKE_KEY" \
  -d '{
    "action": "create",
    "tenant_id": "YOUR_TENANT_ID",
    "customer_id": "cust_abc123",
    "plan_id": "YOUR_PLAN_ID",
    "trial_days": 14,
    "metadata": { "source": "web", "campaign": "q2-launch" }
  }'
5
Connect incoming webhooks

Point your processor's webhook URL at ZenoPay. ZenoPay translates processor events into brain triggers. Supported sources: stripe, adyen. The source query parameter identifies which processor is sending.

POSTapp.zenopay.ai/api/webhooks?source=stripe

Configure in Stripe Dashboard

Go to Stripe → Developers → Webhooks → Add endpoint. Set the URL to https://app.zenopay.ai/api/webhooks?source=stripe and add your tenant metadata to each Stripe customer object.

Required metadata: Set tenant_id: YOUR_TENANT_ID on every Stripe Customer object. ZenoPay uses this to route webhook events to the correct tenant's brain instance.

Events ZenoPay listens for

invoice.payment_failed
Triggers brain → dunning sequence, rail switch evaluation
customer.subscription.deleted
Triggers brain → churn analysis, retention intervention
invoice.upcoming
Triggers brain → renewal preparation, rail scoring
customer.subscription.updated
Triggers brain → profile update, upgrade detection
6
Disable shadow mode and go live

Once you've verified a few brain decisions look correct in the audit log, disable shadow mode. The brain will begin executing real charges, rail switches, and retention interventions autonomously.

POSTapp.zenopay.ai/api/agent/guardrail
bash Disable shadow mode 
curl https://app.zenopay.ai/api/agent/guardrail \
  -X POST \
  -H "x-brain-secret: YOUR_BRAIN_SECRET" \
  -d '{
    "tenant_id": "YOUR_TENANT_ID",
    "name": "shadow_mode",
    "value": "false",
    "reason": "Verified brain decisions in audit log. Ready to go live."
  }'

# The brain is now live. First autonomous decision incoming.
After going live: Intelligence systems activate progressively. Rail performance router adapts after 7 days of transaction data. Churn intelligence cohorts form at 10+ active customer profiles. Self-improvement cycles begin at 50 decisions per domain.

Authentication

ZenoPay uses two keys. Both are set in your Vercel environment variables and never returned after creation.

KeyHeaderUse
INTAKE_API_KEY x-intake-api-key All customer-facing API calls: tenant creation, vault, billing, subscriptions. Use from your backend server — never expose to the browser.
BRAIN_AGENT_SECRET x-brain-secret Internal brain communication: trigger, guardrail updates, compliance. Never expose externally.

Billing API Reference

MethodEndpointAction
POST /api/tenant Create new tenant. Returns tenant_id. Guardrails auto-seeded in shadow mode.
GET /api/tenant List all tenants on the platform.
POST /api/vault/tokenize Store processor token for a customer. AES-256-GCM encrypted. Accepts all 15 rails.
POST /api/vault/charge Execute a charge. Brain auto-routes to optimal rail. Guardrails validated before execution.
POST /api/billing/plans Create, update, or archive billing plans. Actions: create update archive
POST /api/billing/subscriptions Manage subscriptions. Actions: create upgrade pause cancel
POST /api/billing/trials Start, extend, or convert trial periods. First charge executes automatically on conversion.
POST /api/billing/dunning Check or act on a customer in dunning. Trigger immediate retry or waive sequence.
POST /api/billing/coupons Create and apply discount coupons. Supports percent-off, fixed-amount, free-months.
POST /api/billing/usage Report usage events for metered billing. Overages calculated and charged automatically.
POST /api/agent/trigger Manually trigger a brain evaluation for any customer. Event types: manual_trigger payment_failed churn_score_breach and more.
GET /api/compliance/audit Retrieve audit log entries. Append-only. Supports filtering by customer, decision type, and date range.
GET /api/v7/rails/status Real-time status of all 14 payment rails. Latency, uptime, and health score.
GET /api/health Platform health check. Returns database state, shadow mode, rail configuration, and activation readiness.

Migrating from Stripe Billing

If your application already uses Stripe Billing (Stripe Subscriptions, Stripe Customer Portal), you can connect ZenoPay alongside Stripe without migrating away from it. ZenoPay operates as an intelligence and routing layer on top of your existing Stripe setup.

Option A — ZenoPay alongside Stripe (recommended for existing customers)

Keep Stripe as your primary rail. ZenoPay adds routing intelligence, churn scoring, and the autonomous brain without touching your existing checkout flow.

typescript Existing Stripe checkout — add ZenoPay tokenization 
// After your Stripe PaymentMethod is created in the browser...
const { paymentMethod } = await stripe.createPaymentMethod({ type: 'card', card })

// Send processor token to ZenoPay vault (server-side)
await fetch('https://app.zenopay.ai/api/vault/tokenize', {
  method: 'POST',
  headers: {
    'x-intake-api-key': process.env.INTAKE_API_KEY,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    tenant_id: process.env.ZENOPAY_TENANT_ID,
    customer_id: stripeCustomer.id,
    rail: 'stripe',
    processor_token: paymentMethod.id,  // e.g. pm_1NXxx2...
    last4: paymentMethod.card.last4,
    brand: paymentMethod.card.brand,
    expiry_month: paymentMethod.card.exp_month,
    expiry_year: paymentMethod.card.exp_year
  })
})

// ZenoPay now tracks this customer, scores their churn risk daily,
// and will intervene autonomously if they show at-risk signals.

Option B — Full ZenoPay billing (new customers)

For new customers, use ZenoPay's billing API directly. ZenoPay manages the subscription lifecycle, routes charges across all 15 rails, and handles all dunning logic. Stripe becomes one of many possible rails rather than the billing engine.

Shadow Mode

Shadow mode is a safety mechanism for onboarding. When enabled, the brain reasons through every decision and logs what it would have done — but executes no real charges, rail switches, or subscription changes.

Use shadow mode to:

  • Verify the brain is making sensible decisions for your customer base
  • Check that webhook events are arriving and being parsed correctly
  • Confirm rail scoring matches your expectations for your regions
  • Review guardrail configurations before real money moves
Recommended shadow mode duration: 7–14 days for most businesses. Shorter if you have high confidence in your customer data quality. The rail performance router requires 7 days of live transaction data to begin adapting — shadow mode transactions do not count toward this.

Reading the audit log in shadow mode

bash Fetch audit log entries 
curl "https://app.zenopay.ai/api/compliance/audit?tenant_id=YOUR_TENANT_ID&limit=20" \
  -H "x-intake-api-key: YOUR_INTAKE_KEY"

# Each entry includes:
# - decision_type: charge | retention | rail_switch | escalate | etc.
# - reasoning: Natural language explanation of the decision
# - guardrails_checked: List of guardrails validated
# - confidence: 0.0–1.0
# - was_blocked: Whether the guardrail engine blocked the action
# - shadow_mode: true if this was a simulated decision