Integration Types
Other Features
Card Payments
Mobile Wallets
Alternative Payment Methods
Resources
Before you send a request to initiate a transaction, gather the necessary information directly from the payer or your system.
Although the Direct Payment integration method allows you to create your own payment page to gather data, ensure you do the following:
To identify the order and transactions throughout your system and at your payment processor, use the following fields:
Generate these values by ensuring the required uniqueness and ideally taking advantage of any natural keys within your system.
For more information about each of these identifiers and how to use them, see Identifiers. For a basic understanding about Orders and transactions.
To identify the mandatory fields for the specific transaction operation, see the API Reference for that operation.
When you gather the necessary data from the payer using HTML form fields, you must not display all request fields in the HTML form. Ensure the following actions:
To ensure the security of your integration, only expose the minimum amount of data to your payer. As a best practice, only render form fields that require input from the payer. For example, the shipping and billing address fields, the payment details, and the credit card data. Here are the important tips to secure you integration:
The websites that collect sensitive or confidential data must use TLS to protect the data passed between the payer's Internet browser and your application. When an Internet browser passes any data to a web server, such as your web application, using TLS secures the data, and unintended recipients cannot intercept or view the data.
If you use the Direct Payment integration method, your application must present the payer with a secure form using TLS for collecting sensitive payment data. Consider using a secure form also when collecting less sensitive but still confidential information, such as payer addresses.
Several browsers now require the use of HTTPS with valid TLS certificates to avoid presenting security errors to customers.