Related Pages:

• Credit Card and eCheck Transactions
• Recurring Payments
• Google Pay Transactions
• Apple Pay Transactions
• Payment Gateway Form
• Changelogs

Overview

Our payment gateway provides a backend processor for your website that allows you to accept credit card, bank account, Apple Pay, and Google Pay transactions. These instructions cover how to call the payment gateway with an encrypted payment token so you can begin accepting payments on your website.

Getting Started

In order for us to get you set up in our payment gateway, we will need the following information from you:

• The canonical name of the website you'll be hosting your payment page on (eg: www.mysite.com)
• Authorize.Net Account Information
  • API Login ID: click Account tab, under Security Settings click the API Credentials & Keys link
  • Transaction Key: generated on the same page as above (NOTE: Please be aware that generating a new transaction key will void your old one)
  • Payment Gateway ID (only if implementing Google Pay): click Account tab, click left sidebar link for Merchant Profile
• Sandbox Authorize.Net Account Information (sign up for free)
  • API Login ID: click on Account tab under Security Settings click the API Credentials & Keys link
  • Transaction Key: generated on the same page as above (NOTE: Please be aware that generating a new transaction key will void your old one)
  • Payment Gateway ID (only if implementing Google Pay): as of this writing, this is not listed in the sandbox account. This ID can be obtained by creating a transaction in the virtual terminal (Tools tab). An email is sent to the email address listed on the account. Under General Information, the Payment Gateway ID is listed in parentheses after the merchant name.
• Apple Pay Merchant Identifier (only if implementing Apple Pay. An Apple Pay merchant identifier account costs $300/yr at the time of this writing)
  • Identifier for Testing
  • Identifier for Production (cannot be the same as testing identifier)
• A Google Pay Business Account (free, but should be signed up for using an admin account (eg: admin@mysite.com))

Once we have this information, we can add your credentials to our payment gateway. After we have successfully integrated them, we will send you an email with the partner name and gateway name you will use to send payment data to the payment gateway.

For information on implementing Payment Gateway into your own website, follow this link for a drop in Payment Gateway Form solution or the following links for a more customizable solution:

• Credit Card and eCheck Transactions
• Recurring Payments
• Google Pay Transactions
• Apple Pay Transactions

Maintaining PCI Compliance and Other Security Concerns

In order to successfully submit credit card and bank account information to our payment gateway, you must be running your payment page with the https protocol. This will run your transaction in the Secure Socket Layer (SSL) to protect data during transmission over the internet. Insure that you are treating all Personally Identifying Information (PII) values with care (ie: don't request more information than you need and don't store data yourself unless you absolutely need to).

Payment account credentials like credit card numbers and bank account numbers require special handling. Payment Gateway maintains PCI compliance by handling an encrypted payment nonce instead of handling the credentials directly. The key used for decryption belongs to Authorize.Net; we do not have the capability to decrypt this information.

For Apple Pay/Google Pay transactions, this payment nonce is obtained through direct communication between the user's browser and Apple's/Google's API. For basic credit card and bank account transactions, the payment nonce is obtained by the user's browser directly from Authorize.Net. In all three of these scenarios, account credentials should never be transmitted to you or the payment gateway to maintain PCI compliance.

Another security concern is keeping your Authorize.Net Transaction Key secret. This key must never reside in your website's code. A malicious user can use your transaction key coupled with your API login ID to get any data available from Authorize.Net API calls (like transaction amounts and billing addresses), as well as perform other operations like voiding transactions.

To keep your Authorize.Net Transaction Key safe, payment gateway acts as your middle man. Simply send the partner name and gateway name we supply you along with your request. We insert your credentials into the request, and forward it on to Authorize.Net. We then return the response we received from them.

The following items must never appear in any API calls you design or be hardcoded in your website:

• Credit Card Numbers
• Credit Card Expiration Dates
• Credit Card CVV/CVC Codes
• Bank Account Numbers
• Bank Routing Numbers
• Bank Account Types
• Your Authorize.Net Transaction Key