To integrate payments at a technical level, you will be interacting with a REST API that serves as the orchestration layer between your front-end client and the secure payment gateway environment. The integration architecture follows these core engineering principles Authentication and Endpoint Security, Payload Management & Data Handling, Transaction Lifecycle & Response Parsing and Implementation Languages.
A Payment Integration API better known as an Application Programming Interface is a set of protocols and tools that allows your website or application to communicate directly with a payment processor. It essentially acts as a "bridge" that securely sends transaction data from your checkout page to the financial networks to authorize and complete a payment. A Payments API is the core technology that enables software and web developers to securely integrate credit card payments, ACH, and mobile wallets within their own custom software or e-commerce platform.
PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The 12 requirements of PCI DSS are a set of technical and operational standards designed to protect cardholder data. The primary goal is to protect sensitive data and reduce credit card fraud. It applies to any organization, regardless of size or transaction volume, that handles payment card data.
To begin developing your integration, you should first utilize our test UAT (User Acceptance Testing) environment, also known as a Sandbox. This allows you to simulate transactions without processing real money.
Our comprehensive technical guides are designed to help you build a seamless and secure checkout experience. We offer a RESTful API that supports multiple integration methods to suit your specific business needs. We provide ready-to-use code snippets in popular languages like C# and PHP to accelerate your development timeline. The documentation also covers specialized APIs for the Customer Vault, recurring billing, and mobile SDKs for iOS and Android.
You can review the full API reference and implementation guides on the Integrate Payments developer Documentation page by clicking the icon or link below.
Integrate Payments documentation will provide you with testing credit card numbers that can be used in our sandbox environment for our core payment gateway products. Test credit cards include Visa, Mastercard, Discover, American Express, Diner's Club, JCB, and Maestro. You can also test ACH check transactions through the payment gateway UAT test environment.
The documentation also provides hard-coded specific trigger responses to help support your software application logic. These trigger responses will generate a declined message or simulate an AVS and CVV match. This will help you determine how to parse your data correctly once a credit card transaction is processed.
The transition from testing to "Go-Live" typically takes 24 to 48 hours, depending on the complexity of your integration and the merchant underwriting process.
Tokenization is a high-level security process that replaces sensitive credit card data with a unique, non-sensitive string of characters called a token. This ensures that actual cardholder information is never stored directly on your own servers or software, which significantly reduces your security liability and simplifies the path to PCI Compliance.
Collect.js is a data collection and tokenization system, not a full payments API. It captures the card details and exchanges them for a temporary payment token. Because the sensitive information is sent directly from the customer's browser to the gateway, it never hits your web server. This significantly reduces your PCI DSS compliance.
You use a specific authentication Tokenization Key generated in your merchant control panel. Unlike standard API keys, this key is public-facing and is intended to be visible in your website's source code.
You can use the generated token payment_token in conjunction with the Payment API to process the transaction or save the customer's info for later. The payment_token is a specialized variable that acts as a secure placeholder for sensitive financial data
The payment_token replaces sensitive credit card information (card number, expiration, CVV) or bank account details (name, routing number, account number) in your API calls. By using this token, your server never has to handle or store raw payment data, which helps maintain security and compliance. Instead of sending a long string of sensitive data, you replace those variables with a single token.
When a customer enters their card details, the information is instantly sent to a secure PCI-compliant Customer Vault. The sensitive cardholder data is encrypted within the vault, and a randomly generated token is returned to your system.
For all future transactions or recurring billing, your software solution uses this token to reference the original payment method without ever seeing the real raw credit card numbers. Omnichannel tokens can use the same tokenized data to sync customer payment profiles across your website, mobile app, and retail restaurant point-of-sale POS software.
security_key which is generated in your merchant control panel under Settings > Security Keys.payment_token generated by Collect.js to ensure PCI compliance.customer_vault to add_customerRecurring Billing is an automated payment process that allows subscription-based businesses to charge customers weekly, monthly, or annually for ongoing services or memberships. By securely storing cardholder data in a PCI-compliant vault as a token, the recurring billing API removes the need for customers to re-enter their payment information for every transaction.
payment_token, which allows you to process the subscription without handling sensitive PCI data directly on your servers.recurring - Set this to add_subscriptionplan_id - The unique ID of the pre-configured billing plan.payment_token - The token received in Step 1.start_date - The date the first charge should occur (Format: YYYYMMDD)transaction_response_variables to debug issues like expired tokens or invalid plan IDs.Collect Checkout is a secure, hosted payment page solution designed to simplify how your website handles transactions. The checkout page lives entirely on the gateway's servers, ensuring sensitive payment data never touches your website's environment. Because you do not handle or store credit card numbers directly, your security and compliance requirements are significantly reduced. It provides customers with a clean, low-friction flow where they can view their products, total amount, and enter payment details easily.
Three Step Redirect API is a specialized integration method designed to provide a custom checkout experience while significantly reducing a merchant's PCI DSS footprint. It allows you to collect sensitive card data without that data ever touching your web server. Because your server never sees or transmits raw credit card data, you qualify for a much simpler PCI compliance assessment. Unlike "Hosted Checkout" pages, the customer never feels like they are leaving your website. You maintain 100% control over the CSS and layout of the payment form.
The gateway receives the sensitive data, matches it to your pending transaction, and immediately issues an HTTP 302 Redirect response back to the customer's browser. The browser follows that 302 instruction, automatically navigating the user back to your website. This happens in seconds and usually looks like a standard page load to the end user.
form-urlform-url The customer's browser transparently sends data to the gateway, which then redirects the customer back to your site with a token-idtoken-id to authorize and complete the transaction.The Customer-Present Cloud API is a core gateway solution within the Integrate Payments developer API designed to manage and process transactions on physical point of sale hardware equipment via the cloud.
It allows software developers the ability to remotely register physical terminals to your payment gateway account using a registration code displayed on the device. It sends payment commands from your software to the payment processing terminal over the internet, regardless of where the device is physically located.
The Synchronous (waiting for a response) option keeps the connection open until the customer completes the transaction (best for simple, single-device setups). The Asynchronous (polling for a response) option returns an immediate ID (GUID), so your system can check the status later (best for high-volume environments or mobile apps). Once a transaction is initiated through the Cloud API, you can manage follow-up actions (like refunds or voids) using the standard Payment API.
To create a more tailored checkout experience at the point of sale, the gateway provides a suite of POI Device Prompts that allow you to control physical terminal behavior on a per-transaction basis. By passing specific boolean flags in your API request, you can toggle features. These prompts allow you to override default terminal settings to match your specific workflow, whether that involves enforcing a digital signature capture on supported Ingenico Payment Devices or requiring a tip adjustment from the customer before the sale is finalized.
For developers who do not yet have a physical terminal on hand, the Virtual Pin Pad (VPP) offers a robust sandbox environment to simulate the full Customer-Present Cloud lifecycle. By using designated test registration codes like T00001, you can generate virtual Device IDs to test registration, estate management, and transaction processing without hardware. The VPP simulates a Visa EMV transaction, allowing you to trigger successful authorizations or declines based on the transaction amount.
Get Started
