Buying Guides
Related Products
About Us

Payment Gateway Integration Guide 2017

To use a payment gateway to process card payments online, you must first integrate it with your website. The easiest way of setting up a payment page is to use a hosted payment page hosted by your payment gateway provider. There are several downsides to this option, including the fact that the payment page is not on your server and that often, the branding options are limited. These things can make your customers suspicious and create a less than ideal shopping experience. There are several alternative ways of setting up a payment gateway; this is what you need to know about them.

Types Of Payment Gateway Integration

Full API Integration

payment gateway integration full api integration

Full API (Application Programmable Interface) integration lies at the other end of the spectrum from hosted payment pages. It is only available for merchants who are fully PCI DSS security accredited and who use their own secure server. The process requires a fair level of knowledge and skill though, as it is likely to be used only by larger organisations, the necessary expertise is likely to be available though the internal IT department or the contractors you are using to set up and manage your website. Alternatively you can hire a payment gateway integration expert on a temporary contract.

With this kind of integration your customers’ card detail are collected, encrypted and stored on your own server. This has several advantages:

  • Your customer remains on your website during checkout providing a richer and more professional shopping experience
  • You can further integrate the purchase with other systems such as inventory and back office functions
  • It is easy to implement recurring payments and subscriptions
  • You can leverage the additional information to improve your marketing efforts

Full API integration can be implemented with most content management systems and most PSPs provide plug-ins for all major shopping carts. However implementing it is a job best left to the experts.

Get Merchant Account Quotes Tailored To Your Business - Start Here

What type of merchant account do you need?

Eligible for Card Machine Quotes?Click your Monthly Turnover to find out

iFrame Integration

payment gateway integration iframe integration

iFrame payment gateway integration is a kind of halfway house between the integration methods described previously. With this kind of integration, although payments are processed by the payment service provider and your customer’s card details are hidden from your server, your customers have the illusion that they never leave your website.

iFrame integration allows you to embed the payment page within your own website, in fact within an iFrame. The URL that is displayed during the checkout phase remains your own, but the page contents displayed within the iFrame are provided by your PSP. However, you must secure the page using SSL.

iFrame integration is easy to implement and doesn’t require a high level of skill. Your PSP will provide you with the appropriate code snippet to add to your checkout page. Again these are available for most CMS and shopping carts, though iFrame isn’t available for all payment gateways.


payment gateway integration tokenisation

Tokenisation is an alternative way for merchants to deal with sensitive card holder data. With hosted payment page and iFrame integration the merchant doesn’t have access to card holder data, making it difficult or impossible to set up recurring payments and subscriptions. However tokenisation bypasses this and permits merchants that don’t have full PCI DSS compliance to retain card holder data in encrypted format and to use that to process recurring payments.

Once the payment process has been completed through, say, an iFrame or a hosted payment page, the card details are encrypted and converted into a token which is returned to the merchant and which the merchant can safely store.

To initiate a recurring payment, the merchant simply sends the token to the payment gateway. It is mathematically impossible to decipher a token; they are completely secure. To implement tokenisation as part of your payment gateway integration, you will need use a tokenisation API provided by your PSP. Not all payment gateways support tokenisation.

Payment Gateway Integration - Hosted Payment Page

By far the easiest way of integrating a payment gateway with your e-commerce website or online shop is to use a hosted payment page. Just about all payment gateway providers (PGP) offer this service and it is available with all major content management systems. The payment page is retained on the provider’s secure server which is fully PCI DSS compliant.

When you use a hosted payment page and your customer clicks to checkout from your shopping cart or buy-now button, she is transferred to a the hosted payment page where she enters her credit card details. The payment gateway goes through the process of authorising the transaction with the card issuing bank, and a message is returned announcing that the transaction was authorised or declined. This message is forwarded to the merchant.

This has the advantage that the merchant never has access to his customer’s card details, which means that he doesn’t need full security accreditation, saving significant effort and cost. Integrating your website with the hosted payment page is easy and requires only basic technical knowledge.

Integration can be carried out readily using store-builder applications or including code snippets such as pay-now buttons provided by your payment services provider. Popular shopping carts can be integrated with hosted payment pages using simple plug-ins provided by PGPs.

Generally you can customise hosted payment pages, for instance by adding your branding. This provides your customers with an improved purchasing experience.

Finding An Appropriate Payment Provider

By now you should have a reasonable understanding of the kind of payment gateway integration you require. Most small businesses opt for either hosted payment pages or iFrame integration, and may move on to fully integrated API solutions as their businesses grow.

Not all providers offer all forms of integration. While all of them are likely to have hosted payment pages, not all offer iFrame integration or full API integration. Neither is tokenisation a feature of all implementations, so always check out exactly what integration options the providers on your shortlist offer.

Next Steps

Expert Market can help you find the right payment gateway provider for your business. Simply fill in this form and answer a few questions designed to help us understand your business’s needs. We can then provide you with free quotes from the appropriate providers.

Our tailored quotes service is completely free, as well as fast and easy. Let us help you find the right payment gateway provider today!