Merchant hosted payment window
In this section, you will find information about the implementation of the merchant hosted payment window.
Payment window controlled by merchant
Instead of using Netaxept hosted payment window, you may use also your own hosted payment window. In that case, no redirect to Netaxept payment window will happen and you will have a complete control of the layout of the payment window. However, it should be noted that merchant hosted payment window is only supported for card payments. Also, in this case card data is transmitted in your systems so you need to implement your solution according to all PCI DSS requirements.
PCI DSS (Payment Card Industry Data Security Standard) is a standard created by the card schemes. It requires merchants, payment service providers (like Nets) and card acquirers, to implement solutions that will secure the consumer's card data during a payment transaction, and when saved in a database. Such a solution needs to be validated yearly by external PCI DSS inspectors, at the costs of the ones hosting the solution. If you have more questions about PCI DSS, please contact your chosen card acquirer.
When implementing merchant hosted payment window, the basic payment flow goes as follows.
- Start the payment process by sending the Register call to Netaxept, and set serviceType=M to let us know you will be using a merchant hosted payment window. Read more about the Register call
- After the successful registration, ask customer to enter their card information in your terminal. After that, send the Terminal call with the required parameters and card information. Besides merchantId and transactionId, you need to provide pan, expiryDate and securityCode parameters as well. 3D Secure (or equivalent) authentication is performed automatically during the terminal phase, if you have 3D Secure activated for your business. Read more about the Terminal phase
- If the Response code is "OK", terminal phase is completed successfully and you can make the financial operation, like authorization (AUTH) or authorization & capture (SALE), to the transaction by using the Process call. Read more about the Process call
If something fails, you can find the detailed reason for the failure via the Query call. For merchant hosted payment window, Netaxept composes error messages returned to the merchant from the certain fields and messages, and you can decide yourself how to communicate these error messages to your customers. Read more about response messages (see especially the "Error codes related to merchant hosted payment window" section).