Online purchases
Prebuilt payment flow — Redirect
Redirect integration allows running payments using the prebuilt payment flow.
To accept payments in your application or website via redirect, use POST /purchases/ request to create the Purchase and receive the checkout_url. Redirect the customer to the checkout_url to enter their card details for processing. After the payment is processed, the system will redirect the customer back to your website (take note of success_redirect, failure_redirect).
You have three options to check payment status:
-
Use
success_callbackparameter of thePurchaseobject. -
Use
GET /purchases/<purchase_id>/request. -
Set up a Webhook using the Developers section of your account or use Webhook API to listen to
purchase.paid, orpurchase.payment_failureevent on your server.
Setting the skip_capture flag to true allows you to separate the authentication and payment execution steps, allowing you to reserve funds on the customer’s card account for some time.
This flag can also enable preauthorization capability, allowing you to save the card without a financial transaction, if possible.
If the customer agrees to store his card for future purchases, there will be an option to pay with a single click next time. To enable this, create a Client object for each of your clients and provide client_id parameter value in your Purchase creation requests.
To create a Purchase or a BillingTemplate, you must specify the Brand ID and API key. You can find both in the Developers section of your account.
Custom payment flow — Direct Post
Direct post integration allows running payments through the custom payment flow.
To accept payments in your application or website, use POST /purchases/ request to create a Purchase.
To capture customers card details use an HTML <form> hosted on your website with method="POST" and action pointing to the direct_post_url of the transaction.
You will also need to fill the form with <input>’s for the fields with card details. As a result, when a customer submits their card details, it will be posted straight to our system, allowing you to customize the checkout as you wish. At the same time, your PCI DSS requirement is only raised to Self-Assessment Questionnaire (SAQ A-EP), as your system doesn’t receive or process card data.
For more details, see the documentation on Purchase’s direct_post_url field.
Tokenization & recurring payments
You can store card tokens and charge the respective cards without user interaction if the payment channel supports tokenization.
When you pass remember_card=on to direct_post_url, the respective Purchase’s ID will serve as a card token. This initial Purchase will have the is_recurring_token field set to true.
To charge the tokenized card once again, create a new Purchase and then call the POST /purchases/{new_purchase_id}/charge/. In the request body, provide "recurring_token": "initial_purchase_id". When the request succeeds (response code 200), the new Purchase will become paid. The token will be persisted in the Purchase’s recurring_token field.
Use "recurring_token": "initial_purchase_id" in all the upcoming POST /purchases/{new_purchase_id}/charge/ requests.
If you wish to delete the recurring token stored for the initial Purchase, use the POST /purchases/{initial_purhcase_id}/delete_recurring_token/ request. Its is_recurring_token will reset to false.
Testing Integration
It’s possible to test-drive all checkouts using a test Purchase.
For a successful payment, you can use the following card numbers:
- 4444 3333 2222 1111 - non-3D Secure card
- 5555 5555 5555 4444 - 3D Secure card
For both cards, please use:
- any cardholder name
- any expiry larger or equal to the current month/year
- CVC = 123
For a failed payment, please change the CVC or expiration date.
When using a 3D Secure enrolled card in S2S checkout, an incorrect CVC will trigger an authorization failure on the S2S callback step (after the customer returns from test ACS). Using a wrong expiry date emulates data validation failure and results in immediate error before that step.