There are three integration methods that can be used to integrate into the payment system. The one that is most appropriate will depend on a number of factors. Our system doesn\u2019t make the merchant select which integration method can be used, and allows different integrations against the same Gateway Account to be in place simultaneously \u2013 there are certain situations which this will actually be necessary. Once you have reviewed the information below and decided on the most appropriate integration method for your needs, please refer to the integration specific documentation for the technical details on its implementation.<\/p>\n
\n
Direct\/API Integration <\/strong><\/span>\u2013 Direct\/API processing allows merchants to keep their customers on<\/span> their site throughout the entire checkout process. This provides a much smoother checkout<\/span> experience, and keeps the details of the underlying payment processor completely hidden<\/span> from the customers. The API for this method exposes the full functionality of the payment<\/span> system. This method requires the merchant\u2019s system to be able to serve out HTTPS pages,<\/span> which<\/span> will likely<\/span> require<\/span> them<\/span> to<\/span> have<\/span> an<\/span> SSL<\/span> certificate.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n Difficulty: <\/strong>4\/10. Of the integration methods, this is probably the easiest to implement, as well as giving you the most control of the transaction process. PCI-DSS<\/strong> SAQ*<\/strong>: SAQ-D<\/p>\n Hosted Payment Form <\/strong><\/span>\u2013 we can provide a secure payment form which the customer is<\/span> redirected to during the checkout process. They will complete the order on our system and<\/span> then be redirected back to the merchant\u2019s system with the results of the transaction. Our<\/span> system allows this payment form to be completely re-skinned so that it closely matches the<\/span> merchant\u2019s own branding. This method is generally used by merchants who are using a<\/span> shopping cart that does not support the Direct\/API integration method, merchants who<\/span> cannot host secure (HTTPS) pages or merchants who would like to completely outsource the<\/span> payment process<\/span> of<\/span> their<\/span> website<\/span> \u2013 usually<\/span> for<\/span> PCI<\/span> compliance<\/span> reasons.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n Difficulty: <\/strong>6\/10. Because this integration uses the users browser as a data relay, there are some additional steps required to securely transmit the data to\/from the payment gateway, as well as handling the response. These additional steps add complexity to the integration.<\/p>\n PCI-DSS<\/strong><\/span> SAQ*<\/strong><\/span>:<\/span> SAQ-A<\/span><\/span><\/span><\/p>\n Hosted Payment Form (iFrame Mode) <\/strong><\/span>\u2013 The Hosted Payment Form can be used in \u201ciFrame\u201d<\/span> mode, which would allow it to be embedded into a payment form that is hosted on the<\/span> merchant\u2019s system. The system will apply a different, cut-down skin to the Hosted Payment<\/span> Form<\/span> in<\/span> this<\/span> mode,<\/span> which<\/span> will only<\/span> skin<\/span> the<\/span> direct form.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n Difficulty: <\/strong>Intermediate. The integration is more or less identical to the Hosted Payment Form.<\/p>\n PCI-DSS<\/strong><\/span> SAQ*<\/strong><\/span>:<\/span> SAQ-A<\/span><\/span><\/span><\/p>\n Hosted Fields <\/strong><\/span>\u2013 the Hosted Fields integration method allows the merchant\u2019s system to<\/span> appear to keep the customer on their own system during the checkout process, but the<\/span> sensitive fields are served transparently by the payment system through iFrames. This<\/span> approximates the appearance and experience of the Direct\/API method, but has the same<\/span> compliancy requirements<\/span> as the<\/span> Hosted<\/span> Payment Form<\/span> method.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n Difficulty: <\/strong>6\/10. Because this integration uses the users browser as a data relay, there are some additional steps required to securely transmit the data to\/from the payment gateway, as well as handling the response. These additional steps add complexity to the integration.<\/p>\n PCI-DSS<\/strong><\/span> SAQ*<\/strong><\/span>:<\/span> SAQ-A<\/span><\/span><\/span><\/p>\n Transparent Redirect <\/strong><\/span>\u2013 the Transparent Redirect method allows the merchant\u2019s system to<\/span> appear to keep the customer on their own system during the checkout process, but the card<\/span> details don\u2019t actually touch the merchant\u2019s system \u2013 they get posted directly across to the<\/span> payment system. This approximates the appearance and experience of the Direct\/API<\/span> method,<\/span> but<\/span> it<\/span> has<\/span> the same<\/span> compliancy<\/span> requirements<\/span> as<\/span> the<\/span> Hosted<\/span> Payment<\/span> Form<\/span> method.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n \n This method requires the merchant\u2019s system to be able to serve out HTTPS pages, which will require them to have an SSL certificate.<\/p>\n Difficulty: <\/strong>7\/10. Because this integration uses the users browser as a data relay, there are some additional steps required to securely transmit the data to\/from the payment gateway, as well as handling the response. These additional steps add complexity to the integration.<\/p>\n PCI-DSS<\/strong><\/span> SAQ*<\/strong><\/span>:<\/span> SAQ-A-EP<\/span><\/span><\/span><\/p>\n * assumes that your annual transaction count (or any other factor) allows your PCI-DSS compliance to be self-<\/em><\/span> attested<\/em><\/span><\/span><\/span><\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" There are three integration methods that can be used to integrate into the payment system. The one that is most appropriate will depend on a number of factors. Our system doesn\u2019t make the merchant select which integration method can be used, and allows different integrations against the same Gateway Account to be in place simultaneously…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[39,3],"tags":[],"_links":{"self":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/332"}],"collection":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/comments?post=332"}],"version-history":[{"count":1,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/332\/revisions"}],"predecessor-version":[{"id":333,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/332\/revisions\/333"}],"wp:attachment":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/media?parent=332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/categories?post=332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/tags?post=332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n