The Hosted Payments API is used for making secure payments from your e-commerce site. Customers are redirected to a secure Paysafe-hosted payment page, which handles the collection of sensitive payment information such as credit card numbers, thereby helping you reduce your PCI DSS Compliance requirements and their associated costs. The Hosted Payments API can be used for card, direct debit, and the following alternative payment methods:
- giropay – supports EUR only
- interac – supports CAD only
- neteller – supports all currencies supported by NETELLER (see the NETELLER documentation for details)
- paypal – supports all currencies supported by Paypal (see the Paypal documentation for details)
- sofortbanking – supports EUR only
To be able to use Hosted alternative payments, you must contact Integration Support and request a Hosted APM test account. You will be able to use the account to take orders both through the hosted payment page and through silent posts.
The following integration options are available with the Hosted Payments API:
- Payment Page Redirect – Process an order by redirecting customers to a secure Paysafe payment page. You can customize the look and feel of this page, and you can also include it in a iframe on your e-commerce order page.
- Silent Post – Also known as Direct Post, this allows your customers to make payments through your own branded payment page, while Paysafe handles all the sensitive card information (merchants require PCI Compliance to level SAQ-AEP to use this option).
See the Scenarios section for a quick overview of integration options.
- The Hosted Payments API is RESTful, and works with JSON messages and responses.
- The API does not allow merchants to pass card data. If you want your e-commerce site to collect and pass card data, then you need to use the Paysafe Card Payments API and comply with PCI Guidelines regarding the handling of card data.
- Paysafe may add additional elements in future releases of the API, so ensure that your integration is flexible enough to ignore any unrecognized response fields and is unconstrained by the order in which the JSON parameters are returned in the response.
- The Hosted Payments API supports 3D Secure version 2. Paysafe supports the following variants of 3D Secure:
- Mastercard SecureCode
- Visa's Verified by Visa.
- American Express SafeKey. Note you will need to open a separate account to accept American Express payments. Please Contact us for details.
You can add a callback to your order to get transaction status (success, declined or held) updates in real-time. The callback can be synchronous, with the payment page waiting for the API call result to return from the server before continuing, or asynchronous, when the page does not wait for the API call to return. Asynchronous callbacks are recommended because the customer does not have to wait to finish placing their order. The callback system can detect problems with your merchant system and retry any failed attempts at sending the callback until a successful response is received. If the callback is not received for any reason you can trigger it again using the /resend_callback endpoint.
Start Accepting Payments
Once you have set up a Paysafe merchant account, you can connect to the Paysafe payments platform with the Hosted Payments API. Here is a summary of the process:
Hosted Payments Overview
- The customer places an order on the merchant's website.
- The merchant creates an order request, using the Paysafe Hosted Payments API.
- Paysafe responds with a URI to the secure Paysafe-hosted payment page.
- The merchant uses the provided URI to redirect the customer's browser to the secure Paysafe payment page.
- The customer selects the payment method, enters payment details, and clicks Pay.
- Paysafe processes the transaction and returns a response to the merchant.