Scenarios
The Hosted Payments API handles the collection and storage of sensitive customer payment information, significantly reducing your PCI DSS compliance requirements. The Hosted Payments API can be used for a range of payments, including card, direct debit, and alternative payments. It also supports 3D Secure cardholder authentication – for those customers using the scheme – and recurring payment scenarios, for merchants wishing to make repeat payments using stored customer details.
The scenarios below describe the ways in which merchants can set up payment processing with Paysafe using the Hosted Payments API. They all POST a request to the same endpoint, https://api.test.netbanx.com/hosted/v1/orders, but different attributes in the body of the request result in different behavior.
Paysafe handles the collection of customer payment details on a secure payment page, which behaves in one of these ways:
- Hosted API: Simple order – for immediate authorization and settlement (capture) of the payment
- Hosted API: Authorize order with separate settlement – where you want to obtain an initial payment authorization, but delay settlement (capture of funds) until the order has been fulfilled
The Silent Post order option can be used by merchants who want to provide the customer with their own branded payment page, instead of the Paysafe Hosted page.
This is similar to scenario 1, but the merchant includes the extendedOptions attribute, with silentPost set to true; they then use their own web form to collect customer details and post the contents to Paysafe.
By setting the extendedOptions parameter authType to auth, merchants can also provide their customers with the ability to make authorization only orders through their corporate web form.
Although your systems do not directly handle the customer's payment details, which are managed by the client-side browser page, the page you provide to customers must be secure and the information that is sent to Paysafe appropriately encrypted via an SSL connection. PCI DSS Compliance to level A-EP is mandatory for merchants who want to use this option.