Requirements
An active PAYONE - Account is required. If you do not have one yet, please contact us.
Communication Principles
Communication from your server to our platform is performed by sending key-value-pairs per HTTP Post over a secure channel. In return, your application will receive a response string containing the result of your request. For sending the request to us, we recommend using a cURL wrapper that sends an array as key-value-pairs. The response are key value pairs delimited by EOL breaks, which can easily be parsed into an array.
Detailed description of every parameter: Server API Description.
Creating an order
Default parameters
For every request to our platform, a set of default parameters is needed:
mid=12345 (your merchant id) portalid=12345 (your portal id) aid=12345 (your account id) key=a07daf3210b06327612abae3ed477b0f (your secret portal key as md5 hash) mode=test encoding=UTF-8
These parameters identify you as a merchant and ensure that only authorized API requests are processed by our platform. You can find the parameters in our PMI.
Personal Data
Additionally, some information about the customer can be transmitted:
city=Kiel country=DE currency=EUR email=shopper@example.com lastname=Payer street=Fraunhoferstr. 2 - 4 zip=24118 birthday=19700101 language=de
For details about the individual parameters and more parameters that are available but not listed here, please refer to the Server API Description.
Order Details
We need also information about the order and the choosen payment method.
clearingtype=rec reference=1234567890 (your unique reference) amount=10000 currency=EUR request=preauthorization
For details about the individual parameters and more parameters that are available but not listed here, please refer to the Server API Description.
Where to go from here
This intro is just the tip of the iceberg. For online bank transfer like Sofort.com, you'll need to redirect the customer to an URL specified in the response. For credit card processing, you'll need to setup a HTML container for input fields made available through our invisible iFrame integration and make sure your system never comes in contact with genuine credit card data. PAYONE will provide you with a pseudo card number that you can use to preauthorize and capture transactions just like in the examples above.
Redirect payment methods
Sometimes, payment methods require information from the customer on 3rd party websites. Usually this is the case if the customer needs to enter transaction credentials, such as username/password or a TAN. Again, a three step process: Preparing the (pre-)authorization, redirecting the customer, and verifying the transaction status.
Credit Card Payments
Online payments with credit cards are de facto mandatory for every online shop. However, the credit card issuers have high requirements concerning the security of credit card transactions. The Payment Card Industry Data Security Standard (PCI DSS) defines the prerequisites and certification steps. As certification is quite complex for merchants, PAYONE developed a solution that only requires the lowest level of PCI DSS compliance. Essentially, processing a credit card transaction is a three step process:
- Create the form to capture the credit card details
- Send them to PAYONE and receive a token in a callback
- Perform (pre-)authorization using the token
The token is a so called pseudo card PAN, a number that resembles a credit card number, so that 3rd party systems can use it, but doesn't entail the PCI DSS requirements for storing card data. To avoid the software on the server to come in contact with credit card data, the Client API is used for communication between the buyer's browser and PAYONE.
Examples
There are some handy examples in the examples folder. You're welcome to add more, if you feel like it!
Try it out
If you want to try out our API with your own account credentials, please install our checkout demo app.