Collect.js provides access to a form which securely captures payment data and generates a "token". The token is then used with the Payments API instead of raw credit card or bank account data. The form is technically a separate page hosted by the gateway, so no payment information touches the merchant's website. This allows merchants to minimize their PCI-compliance footprint, with minimal changes to the customer experience.
Collect.js is designed to be flexible, and its implementation can be as simple as pasting a single script tag to your checkout page, or it can be customized to interact with your website however you’d like.
Authentication is done via a "tokenization key" that you can generate in your merchant control panel under the "Security Keys" settings page. Select "Tokenization" for the key type. This tokenization key can only be used with Collect.js and will not work with any other APIs. Similarly, any API keys already created will not work with Collect.js.
This key will be visible to customers in your website’s source code, so please make sure you only use the tokenization key here.
Register for our Developer Portal Sandbox
Every merchant account will have to stay compliant by completing a SAQ Self Assessment Questionnaire every year or they will be charged a monthly PCI non compliance fee. PCI monthly & annual fees may still apply to a merchant account based on PCI Tier level of business.