Step 2a: Authorization
POST {{direct_post_url}}?s2s=true
Direct post integration allows running payments through the custom payment flow. This functionality is activated for each merchant account individually. Please consult with your account manager if you wish to use it.
To accept payments in your application or website, use POST /purchases/ request to create a Purchase.
To capture customers card details use an HTML
hosted on your website with method="POST" and action pointing to the direct_post_url of the transaction.
You will also need to fill the form with 's for the fields with card details. As a result, when a customer submits their card details, it will be posted straight to our system, allowing you to customize the checkout as you wish. At the same time, your PCI DSS requirement is only raised to Self-Assessment Questionnaire (SAQ A-EP), as your system doesn't receive or process card data.
Further information on directposturl:
Will be null if payment for purchase is not possible, purchase.request_client_details isn't empty or successredirect/failureredirect are not provided - these all break the usual direct post flow.
To leverage Direct Post checkout, create a
having method="POST" action="" and include the following inputs:
cardholder_name: text, Latin letters only (space and apostrophe ('), dot (.), dash (-) symbols are also allowed), max 30 chars
card_number: text, digits only, no whitespace, max 19 chars
expires: text in 'MM/YY' format, digits and a slash only /^\d{2}\/\d{2}$/, max 5 chars
cvc: numeric string of 3 or 4 digits
remember_card: checkbox with value="on" (the default when omitting value attribute of a checkbox input)
Ensure the validation as listed above! Validation errors will be treated as payment failures. Obviously, you can style this form to fit in with the rest of your website.
When your payer submits this form (don't forget a or ), he will POST the data directly to the gateway system. There, with minimal interaction with gateway's interface, payment will be processed. In the process, your customer might get redirected to authenticate against 3D Secure system of his card issuer bank (this depends on settings of his card and your account). After that, payer will be taken to success_redirect or failure_redirect depending on the payment result (as in the usual payment flow).
Be aware, though, that while not having to process card data allows you not to comply with the entirety of PCI DSS SAQ D requirements, having sensitive cardholder data entry form on your website does raise your PCI DSS scope to SAQ A-EP. Contact your account manager to receive advisory and assistance for this integration method.
If you are in test mode, you can use the below test details:
- Cardholder name: Cardholder Name
- Card number: 5555 5555 5555 4444
- Expires: 1225
- CVC: 123
Request Params
| Key | Datatype | Required | Description |
|---|---|---|---|
s2s | boolean |
Request Body
{"cardholder_name"=>"{{cardholder_name}}", "card_number"=>"{{card_number}}", "expires"=>"{{expiry_month}}/{{expiry_year}}", "cvc"=>"{{cvv}}", "remember_card"=>"on", "remote_ip"=>"8.8.8.8", "user_agent"=>"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36", "accept_header"=>"text/html", "language"=>"en-US", "java_enabled"=>false, "javascript_enabled"=>true, "color_depth"=>24, "utc_offset"=>0, "screen_width"=>1920, "screen_height"=>1080}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
| `` | null |