Adding Payment Gateway to your web site (Payment Gateway API)

A typical Payment gateway API enables a web site (application developers) to efficiently enable and add credit card transaction processing capabilities to their products /shopping carts. Due to it´s need for the level of security, APIs are mainly developped as the C/C++ libraries. It is objectified in such a manner that can be used directly from C++ code or it can be wrapped using a high level scripting languages such as Perl and PHP that will give easy access to the libraries thus allowing web services running on Unix or Windows based operating systems, to enabe payment gateways.

However, gateways have gone a step further by web service that can be enabled just by wrapping payment UI using a JavaScript from the gateway server. where gateway server provides an API to communicate along with JavaScript wrapper to tokenize the payment information where token needs to be used within a given time period using the payment API that will confirm to a protocol like

REST API A REST API (also known as RESTful API) is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services. REST stands for representational state transfer and was created by computer scientist Roy Fielding.

.

That could provide more security and control for both server and the client, where server could manage which clients has the authority to access each service.

How it works

when a merchant want to enable internet payment gateway (IPG) functionality to their shopping cart they just have to insert the java script enabled object in which ever the place they want to complete the checkout and create a web service to receive the payment token.

one important fact that developers has to keep in mind is that they don´t get credit information via the web post but only a reference, that has to be used within a given time period. say for and example the checkout value is $100.00 and card is 4242 4242 4242 4242 with a specific expiry date then you will get a inference code like xxxx-xxxx-xxxxxxxxxxx-xxxx that will differ from one gateway to another.

then merchant´s web server has to make a request from the IPG server with reference code within a given period of time along with invoice number and other security keys, in-order to complete the payment

Hence :

• security keys that needs to be used with IPG server will not be shared on the web but kept secured at the merchant server
• users credit card information will be securely transferred to IPG server while developers does not have to worry about managing security
• There will never be multiple charges on the credit card even if there are glitches on the network connectivity make the http request multiple times where one token can be used only once and one invoice number can be used only once.

Nerveless, sharing the card information with the different IPG providers every-time a client makes a internet payment cannot be eliminated with this mechanism and every merchant has to go through a rigorous application process to enable internet payment on their web site.

we are going eliminate these issues and provide more control to the card holder in each card payment not only in the internet payment arena, but also at payments at shops and places where merchants cannot afford to provide payment machines.