payone
Sign up

Server-to-server

    Intro

    Our Server-to-server solution allows you to exchange all transaction-related data between your server and our platform directly. Your customers remain in your webshop environment during the whole payment process.

    Contact sales

    Get started

    To process transactions on our platform with this solution, make sure that:

    Are you all set? Then learn how to use our Server-to-server in the next chapter!

    Create test account Contact sales

    How it works

    Before you process live transactions, use our test environment. Get to know our solution without costs or any commitments involved! Once you want to go live, check out here how to get a production account or contact us!

    Server to server connections require your systems to process card data at some point. This method brings in a very large number of the PCI requirements.

    However, you can significantly reduce the scope of your assessment and the number of PCI requirements: Replace the card number with a token via our Hosted Tokenization Page. This allows you to completely outsource the handling of the card data to our platform. Any of your systems using tokens will not require assessment.

    Ways to integrate

    1Server SDKs

    Use our Server SDKs to link your server environment to our Server API. These SDKs wrap the Server API conveniently via easy-to-use platform-specific objects.

    Ruby PHP Python 2 Node.js Java Python 3 .NET
    View Server SDKs

    2Client SDKs

    You can use our Client SKDS to embed your website in a native mobile platform. Our Client SDKs implement a modern and advanced security mechanism for safe payments on client devices in a simple drag-and-drop style task.

    Swift iOS JavaScript Android Flutter
    View Client SDKs

    Integration steps

    Your customers stay in your webshop environment during the whole payment process. As you send the card data directly to our platform and receive the (intermediate) result in real-time, no other party becomes visible to your customers (except for 3-D Secure challenge flow transactions). This way, you are completely free to design the look and feel of the payment page.

    The Server-to-server integration method works with all card payment methods and selected redirection payment methods. If your customers choose a redirection payment method, this might require you to redirect your customers directly to the third-party provider. Find detailed instructions for this flow in the dedicated payment method guides.

    The following chapters cover a high-level overview of a typical flow. It describes all the steps you need to follow for processing Server-to-server transactions. Find a detailed overview including optional steps, 3-D Secure authentication etc. in the dedicated chapter.

    1. Initialise Server SDK
    2. Send CreatePayment request
    3. Process platform response
    4. Get & show transaction result

    Initialise Server SDK

    Initiate the Server SDK by defining connection URLs, your account on our platform and API Key/Secret. Read the documentation of your preferred SDK to learn more.  

    Endpoint Urls in test / live 

    • Endpoint URL TEST: https://payment.preprod.payone.com/v2/{merchantId}/payments
    • Endpoint URL LIVE: https://payment.payone.com/v2/{merchantId}/payments


    If you are using our Server SDKs, your application needs to target the respective environment / integration method URL via instances of CommunicatorConfiguration/IClient. Detailed information about the how-to are available in the following chapters, including full code samples.

    • Server to server connections require your systems to process card data at some point. This method brings in a very large number of the PCI requirements.
      However, you can significantly reduce the scope of your assessment and the number of PCI requirements: Replace the card number with a token via our Hosted Tokenization Page. This allows you to completely outsource the handling of the card data to our platform. Any of your systems using tokens will not require assessment.
    • When processing online transactions, keeping track of your conversion rate is paramount. We are eager to help you with this, via our MyPerformance tool or via our transaction databases our customer support team is happy to share with you.
      To ensure we can provide you with the most precise conversion rate data, we highly recommend the following best practices:
      • When submitting a transaction request to our platform, always send the customer email address order.customer.contactDetails.emailAddress.
      • When resubmitting a transaction request to our platform for a unique order (i.e. after having received a status.statusOutput=2 during the first try), always send the same order.references.merchantReference from your first try.

    Send CreatePayment request

    Your customers enter their card details on your checkout page. You send a CreatePayment request to our platform, including the card details and mandatory 3-D Secure properties.

    Process platform response

    Our platform sends a response containing a merchantAction object.
    It instructs you how to proceed with the payment. Based on the response, these scenarios are possible:

    1. 3-D Secure frictionless flow: (merchantAction.actionType=null): Your customers use a 3-D Secure enrolled card. The 3-D Secure properties in your CreatePayment request prove to be sufficient for the authentication step. We submit the transaction to the acquirer and provide the result in property statusOutput.statusCode.
    2. 3-D Secure challenge flow: (merchantAction.actionType="REDIRECT"): Your customers use a 3-D Secure enrolled card. They need to identify themselves as the rightful card owner. Redirect them to their issuer via the merchantAction.redirectData.redirectURL. Define a cardPaymentMethodSpecificInput.returnUrl in the initial CreatePayment request to make sure your customers are redirected to your webshop afterwards.
    3. No 3-D Secure authentication (merchantAction.actionType=null): Your customers use a non-3-D Secure enrolled card. We submit the transaction to the acquirer and provide the result in property statusOutput.statusCode.

    Get & show transaction result

    We receive the 3-D Secure / transaction result which you can request via a GetPaymentDetails request:

    Alternatively, you can receive the result via webhooks.

    Display the transaction result on your returnUrl (for 3-D Secure challenge flow transactions) or in your webshop (for 3-D Secure frictionless flow or no 3-D Secure transactions).

    Learn in our dedicated Status guide more about the properties from the response, their meaning and how to proceed appropriately depending on the transactions' status.

    Flows

    Find a full transaction flow involving every party and (optional) steps in this overview:

    1. Your customer goes to your check-out page and enters her/his credit card data to finalise the purchase.
    2. You send a CreatePayment request to our to our platform, including the mandatory 3-D Secure properties.
      2'(optional). We perform a fraud prevention check.
    3. Our platform sends a response containing a merchantAction object, instructing you how to proceed. These scenarios are possible:
      a) 3-D Secure frictionless flow (merchantAction.actionType=null). The flow continues at step 8).
      b) 3-D Secure challenge flow (merchantAction.actionType="REDIRECT"). The flow continues at step 4).
      c) No 3-D Secure authentication (merchantAction.actionType=null). The flow continues at step 8).
    4. You redirect the customer to her/his issuing bank for 3-D Secure authentication. The customer identifies herself/himself.
    5. Our platform receives the 3-D Secure authentication result from the issuer. Based on the result, two scenarios are possible:
      a) If the identification was unsuccessful, we redirect your customers to your returnURL, ending the flow. You request/show the transaction result as described in step 8.
      b) If the identification was successful, the flow continues at step 6.
    6. We process the transaction and receive the result from the acquirer.
    7. We redirect your customer to your returnURL.
    8. You request the transaction result from our platform and show it on your returnURL/in your webshop.
    9. If the transaction was successful, you can deliver the goods / services.

    Additional possibilities

    Our Server-to-server solution offers many more possibilities. Learn here all about its available features.

    Replace sensitive data with token

    Server to server connections require your systems to process card data at some point. This method brings in a very large number of the PCI requirements.
    Obtaining a token from our system dramatically via our Hosted Tokenization Page solution reduces the number of your systems that would require assessing as they no longer have card data. 

    A token is a credit card profile safely stored on our platform. There are two different types of tokens:

    A typical request replacing card data with a permanent/temporary token looks like this:

    If you send a CreatePayment request after initialising a HostedTokenization session, you can also send the hostedTokenizationId instead of the tokenId. Learn more about using either option in the dedicated chapters of our Hosted Tokenization Page guide:

    Was this page helpful?

    Do you have any comments?

    Thank you for your response.
    Help & Info
    API Info
    Developer Tools
    Terms | Privacy |