UK Gateway

Getting started

Last updated: 15-Apr-2022
Download as PDF

Getting started

This document describes how you can get started with development on the sandbox environment. Scroll to the bottom if you are looking for common use cases. Bookmark this page so you can easily find it later.

Documentation

There are two sources of documentation. The first source is portal you are on now. It has detailed descriptions of how to integrate into the different APIs. The second source is the API reference found at https://sandbox.omni.verifone.cloud/docs/api. The API reference has up to date descriptions of the various endpoints and parameters required for each endpoint.

Environments

There is a sandbox and a production environment. The data stored in the sandbox environment does not carry over to the production environment. This means that any API keys, organisation IDs, and user accounts that can be used in the sandbox environment will not work in the production environment. User accounts also need to be created in the sandbox and production environment.

Make sure the following values are configurable per environment:

  • URL
  • API Key
  • Organisation ID
  • Account ID(s) - One account per currency
  • Authenticator ID(s) - One authenticator per MID-currency combination. The same authenticator can be used across multiple accounts if they have the same MID but a different currency.

URLs

URL Description
https://verifone.cloud/docs/uk-gateway/getting-started Integration documentation
https://sandbox.omni.verifone.cloud/docs/api API Reference
Https://sandbox.omni.verifone.cloud/ Sandbox portal
https://sandbox.omni.verifone.cloud/v1/ Sandbox API
https://omni.verifone.cloud/ Production portal
https://omni.verifone.cloud/v1/ Production API

Account set up & API key

Your account will be set up for you by a Verifone employee. Your API key can be retrieved by following this guide. Once you have your key store it somewhere safe and make sure it is configurable, in production you will have a different API key. The API Key is tied to a users account, use an email that other employees also have access too. This way issues won't be caused when people leave the position or company.

Once your account has been set up you will receive the following:

  • Organisation ID
  • Account ID (1 per currency)
  • Authenticator ID (if you are processing 3DS transactions)

Make sure these values are configurable as the IDs do not carry over to production.

Choosing an integration method

We offer three distinct methods for processing payments, methods might also need to be used together for processing specific payment journeys.

Each integration method has tradeoffs that need to be considered. Regardless of which integration method is chosen we advise to always supplement with API calls. The three options are:

  • Checkout
  • Inject
  • API

Checkout

Using Checkout (Hosted Payment Page) to process payments will return a link to a hosted payment page. The webpage requires the cardholder to be redirected away from the webshop, after payment is completed the cardholder is returned to the webshop. Checkout allows for a fully customizable CSS file to be used to match the look and feel of the webshop. This solution offers less flexibility than a direct API integration but can make it easier to integrate with due to a lower level of PCI compliancy required. The consumer will enter their card details in the hosted payment page. This solution is easier to integrate than the direct API integration.

Inject

Using Inject means that a JavaScript snippet will need to be placed on your webshop that renders a payment form. This payment form provides fields where the customer can present their card details. After the card details are submitted a token is returned. This token needs be used to initiate the transaction through the API. This option has the benefit of using the flexible API, while not needing to meet the highest level of PCI compliancy. However, the JavaScript snippet will need to be implemented in the website, it can be changed but only to a certain degree. This is the most common integration method.

API

Using the API to process payments offers the highest level of flexibility and customization of the checkout flow. If you have the correct level of PCI compliancy this is always the preferred method of integration. Having full control allows you to fully optimize the checkout process and better integrate with your product or service. You will need the be compliant with SAQ C PCI compliancy as you will be submitting the card details through your own server.

Integration method Flexibility Implementation PCI
Checkout Medium Redirect customer to hosted payment page SAQ A
Inject High Render JS form + direct API calls SAQ A-EP
API High Direct API Calls SAQ C

3-D Secure

3-D Secure authentications can be processed through Checkout, Inject or using the API. Read more about 3-D Secure here.

For processing one-click payments (CoF) this is possible exclusively through the API. Tokenization and the inital transaction can be initiated through any of the integration methods (Checkout, Inject or API) but the follow-up transactions and 3-D Secure authentications can only be processed through the API.

Rate this article:
Download as PDF

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Get in touch

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Contact sales Get Started
Verifone logo