Form inputs are sent directly to the client API when working in redirect mode. The client API processes the request and forwards the user to a specific page of the online shop, depending on the result. The client API itself does not produce any output.
The customer is forwarded to this URL if the query was successful. (e.g. if the payment was successful or if the address check was positive)
The customer is forwarded to this URL if the query was not successful. (e.g. if the payment was denied or if the address check was negative)
Response data are attached to the URL as GET parameters and can be processed by you.
The end customer is directly forwarded to the "redirecturl" if provided in the PAYONE Platform response. After that, the end customer is send back to your success URL or error URL.
Payment data should not come into touch with your system. This is very important with credit card data. Certification according to the PCI standard is not necessary only if the card data does not come into touch with your systems. Sensible payment data should be sent directly from the form to the client API and should not be forwarded trough your systems (see below). Any other data can be queried in preceding steps.
This mode is also known as “direct post”. The input fields are placed on the merchant payment page and not provided by PAYONE. Therefore the merchant needs to comply with PCI DSS SAQ A-EP certification. To be SAQ A compliant PAYONE recommends implementation of the PAYONE hosted-iFrame-solution.