Types of integrations

Our newly refurbished online payment gateway’s open API which minimises your own PCI requirements and gives you more control over how your payment page looks.

PI makes integrating payments with your website simpler than ever before whilst maximising your control over the look and feel of the payment page and simultaneously reducing your exposure to sensitive card data.
 

Built for business whether your staring out, scaling up or already an enterprise, our innovative payment solutions will help you do more business your way. Don’t just develop your website to take payments, help your website stand out from the rest by Futureproof your website and shopper checkout experience.

PI makes integrating payments with your website simpler than ever before whilst maximising your control over the look and feel of the payment page and simultaneously reducing your exposure to sensitive card data.
 

Built for business whether your staring out, scaling up or already an enterprise, our innovative payment solutions will help you do more business your way. Don’t just develop your website to take payments, help your website stand out from the rest by Futureproof your website and shopper checkout experience.

• Built for developers using REST API to make it quick and easy to take web and mobile payments - integrate in three easy steps and reduce development costs
• Have a fully customisable checkout to control your customer experience and match your brand
• You can have a single page, seamless checkout to help increase customer conversion
• Reduced exposure to sensitive card data as the customer’s card is tokenised.

In both integrations you create a session key to authenticate your calls from the browser, use the Opayo JavaScript library to tokenise the card details and receive a unique Card Identifier that you can then use to submit a payment from your server. There are 2 options using Pi allows you to accept payments in minutes, using our simple drop-in checkout or customising your payment page with your own form integration.

• Our drop-in checkout integration provides you with a simple iFrame that enables seamless integration with your payment pages
• The own form integration provides you with complete control of the checkout experience whilst keeping the PCI requirements at a minimum

The Opayo direct integration is the most complex way to integrate your website with our systems.

Direct gives you complete control over the transactional process, from capturing the basic details of the order, to the credit and debit card details on your own website.

You are able to completely control the way the transaction is processed on your account, with direct we only require that you pass the details to us in a specific format.

Direct integration allows you:

• Complete control – As you capture all of the information on your site you can process the transaction however you would like.
• Processing remote actions – Unlike the Form solution Direct allows you the option to perform refunds, voids, authorises, and releases of transactions remotely without having to log into MyOpayo.
• Remote terminal – As direct allows you complete control over transactions that are processed through the system we enable you to process both ecommerce (online) and MOTO (telephone) transactions through the direct protocol without having to access MyOpayo.

When a transaction is processed through your website using Direct integration you will capture all of the details for the transaction, including the card details of your shopper. Once captured, you will then submit this information to Opayo as a single transaction registration post.

We will then validate this information to ensure this is correct then pass the transaction over to the merchant bank, and the card issuing bank (shoppers) to be authorised.

Once authorisation has been given we will then provide you with the results of the transaction status (ok, rejected, invalid) and we will provide you with the results of the transaction.

You will then be able to provide the shopper with the transaction results on your own site, at any specified page.

Once you have decided that the direct integration is for you we have a number of documents and tools available to help with your integration. We offer our vendors, partners, and developers integration documentation for each method of integration, custom template files to allow for customisation of the payment pages, and protocol and integration guidelines that outline the integration, posts, and requirements of the fields that are submitted through to Opayo.

Remote Actions
Direct Integration - PayPal payments

When you are looking to implement the Opayo integration on to your site you will need to choose which method of the integration you will use.

The server method offers you enough control and security of the transactional process to enable effective management on the platform without the need to host the card capture process directly.

Server offers you:

• Increased security – of using the Opayo hosted pages to capture card details.
  
• Effective communication management – with more than one post being made to Opayo the vendor will be able to monitor the entire transactional process and control the transaction up to the point of accepting the payment when the transaction has completed.
• Custom payment pages – Vendors can develop the standard Opayo payment pages to look and feel like their own without hosting the payment pages on their own site.
• Inframe – Vendors can embed the Opayo payment pages into their own site, Opayo will still host the card capture pages securely however the vendor can customise the Inframe to fit with their own pages and give shoppers the impression and peace of mind that they are not moving to another platform for the details to be captured.
• Processing remote actions – Unlike the form, solution server allows vendors the option to perform refunds, voids, authorises, and releases of transactions remotely without having to log into the Opayo administration panel (My Opayo).
• Remote terminal – As server allows vendors greater control over transactions that are processed through the system, Opayo can allow vendors to process both e-commerce (online) and MOTO (telephone) transactions through the Server protocol without having to access the administration panel.

When a transaction is processed through the Opayo systems using the server method of integration you are required to submit a transaction registration post to our systems. An acknowledgement of this is then sent to your site from Opayo including the next page (nexturl) where the shopper will be redirected too.

Once the shopper has been transferred to this page (or the iframe has been loaded within your site) the shopper will then enter the card details into the secure Opayo payment page. Opayo will then check the details are correct and submit this through for authorisation from the merchant (vendors) and card issuing (shoppers) bank.

After this authorisation has been given Opayo will provide you with the status (ok, rejected, invalid) in a notification post of the transaction and a signature string (MD5 hash value). You will then compare the signature provided by Opayo to the string you have created to ensure no tampering has taken place.

It is at this point you have the option to accept or reject the transaction and this is done by providing us with a response (to the notification post) and an instruction for re-direction. Opayo will then navigate the shopper back to the page specified by you in order to complete the transactional cycle.

Below is a full breakdown of the Server transactional process on the Opayo platform:

Once you have decided that the server integration is for you Opayo have a number of documents to help with your integration. We provide custom template files to allow for customisation of the payment pages, protocol and integration guidelines that outline the integration, posts, and requirements of the fields that are submitted through to Opayo.

It all depends how you complete your integration when using the server method of integration. Before you start your development the first choice is to decide between the Inframe solution and the standard payment pages.  You can then choose between the customised version of these pages or the standard.

Aside from the Inframe being embedded into the vendors pages (website) the Inframe also involves less steps to complete the transactional process.

The standard server method of integration includes a card selection, card details, and confirmation page that the shopper must progress through before the transaction is completed.  The Inframe simply has a card details page where the shopper will enter the card details to be used for the transaction.

Both the Inframe and the standard Server payment pages process will increase by 1 page each if the 3-D Secure Fraud prevention tool is activated within the account.

Remote actions
Customised payment pages
Customised payment pages - how to

The form integration is the quickest, easiest, and simplest way to integration your website with our systems.

Form enables your website to take payments with minimal integration work, this includes us capturing the credit or debit card details from your shoppers on our hosted payment pages.

Most shopping carts, and web hosts who work with our systems are able to offer you an Opayo (Formerly Sage Pay) Form as the first method of integration.

With Form you have:

• Increased security of using the Opayo hosted pages to capture card details.
• Easy to set-up: Because Form is the easiest integration you are able to link this to your site with minimal work.
• Encryption: We offer secure encryption of information. You are given a password to encrypt your post to us and we use this information to decrypt the details and process the transactions for you.
• Custom Payment Pages: Vendors can develop the standard Opayo payment pages to look and feel like their own without hosting the payment pages on their own site.

When a transaction is processed through your website using the form integration you are required to submit a transaction registration post to us. This post will be encrypted to ensure security using the password that was provided to you by ourselves.

Included in your transaction registration post you will include details of the shopper, along with the amount, currency, and address details. You will also provide us with a success and failure URL, these pages are used to redirect your shopper after the transaction has been authorised.

Along with this you will also transfer the shopper from your website onto the Opayo payment pages. We will then require the shopper to enter the card details and submit the transaction for authorisation.

We will then validate this information to ensure this is correct. We will then pass the transaction over to the merchant bank, and the card issuing bank (shoppers) to be authorised.

Once authorisation has been given we will then provide you with the results of the transaction status (ok, rejected, invalid) and transfer the shopper back to your website.

Where the customer is passed back through to will depend on the status of the transaction. If successful, the shopper will be passed to your success URL and if Failed, they will be passed to your failure URL.

Once you have decided that the form integration is for you we have a number of documents and tools available to help with your integration. We offer custom template files to allow for customisation of the payment pages, and protocol and integration guidelines that outline the integration, posts, and requirements of the fields that are submitted through to Opayo.

Customised payment pages
Remote actions

By using the customised reporting and admin feature you are able to manage your account and your transactions without having to access the MyOpayo panel.

You are able to effectively run all of your transaction reports, and amend the admin functions of your account without ever having to log into our platform.

If you are using your own system to process transactions and you do not need to access the MyOpayo panel to review your transactions, the customised reporting and admin feature will enable you to create your own reports using the information that is stored on our system.

When using the customised reporting and admin feature your system will be making secure https posts to ours.

The post itself will contain a single field called XML, within that field your request, or command will be included.

We will then respond to the post with the details of your request allowing your system to store the details that have been sent in our reply.

If you would like to use the customised reporting and admin feature but are unsure how to do this we can advise speaking to your web developer.

Your web developer can then access our integration guides and use this to link your systems to the feature.

When using the customised reporting and admin feature you have a huge variety of admin functions available to you.

Actions such as setting 3-D Secure and AVS/CV2 rules, creating users, blocking card ranges and IP addresses are available to perform remotely.

For a full list of the available admin functions available to you please download the customised reporting and admin integration guide.

It all depends on what you are looking to report on when using the customised reporting and admin feature.

You can run individual transaction detailed reports, transaction lists, card types on transactions, transaction types, and summaries all by using the reporting feature.

If you want to know all of the reporting options available to you simply download the integration guide, you will be given a full list of available reports, and admin functions.

When requesting a report from our system using the customised reporting and admin feature you can only receive 50 rows of data in any single request.

For example, if your account has processed 100 transactions and you would like to obtain a transaction report your system will need to submit 2 requests using the integration guide to our system to receive all of the transactional information.

Reports & MyOpayo - Opayo
Priority reports

Just like your MyOpayo you can manage the transactions that have been processed through your account.

You can:

• Refund transactions
• Void transactions
• Authorise authenticated transactions
• Cancel authenticated transactions
• Release deferred transactions
• Abort deferred transactions
• Repeat transactions

Each action will allow you to effectively perform all of the same actions as MyOpayo without ever having to access our platform.

If you would like to manage your transactions remotely you can.

Normally companies using either the server or direct methods of integration will use our remote actions.

If you are using MyOpayo to process your mail order transactions or our form method of integration you normally won’t need to use remote actions but you can if you want.

We won’t restrict you from using remote actions regardless of the integration you are using.

When a transaction is processed through our system your site/booking platform submits a request to us with the transactional information.

The same process applies when using the remote actions. The only difference in the 2 processes is you will be passing slightly different information, to a different registration URL.

Your system will provide us with the details of the transaction you would like to action, along with the action you are performing.
When you process a transaction through us using the server or direct method of integration you will be provided with all of the details needed to perform remote actions.

If however you are using your MyOpayo, or the form method of integration you will need to perform a “gettransactiondetail” request using our customised reporting and admin panel to obtain the details you need to process a remote action.

Our customised reporting and admin information will help you with performing remote actions.

Once the request has been received we will verify the details, and then perform the action for you. You will then be sent a confirmation of the action being performed in response to your original request.

If you want to use remote actions to manage your account all you need is a copy of our shared protocol guide.

You can then integrate this with your site/booking platform and start using the remote actions on your account.

If you are unsure about how to do this we would advise speaking with your web developer who will be able to help.

Direct integration - Understanding the process

When your software send a Form transaction request it send a number of fields through to us for that transaction. In relation to emails , the fields ‘VendorEMail’, ‘CustomerEMail’ and ‘SendEMail’. The VendorEMail’ and ‘CustomerEMail’ are used to collect the Email address’s and ‘SendEMail’ tell the system what action to take with them.

Included in this transaction registration post you also have the option of sending a field called – sendemail.

SendEMail can have the value of:

• 0 – Will not send emails at all – no email to you or your customer.
• 1 – Will only send emails to both you and your customer.
• 2 – Will only send you a confirmation email and not to your customer.

If you do not provide us with this field we will assume the value is “1” and send both emails confirming an order has been placed.

You are able to include a message on the confirmation emails that are sent to your customers when a successful order has been placed through your website.

To do this you will need to provide us with the field email message as part of your transaction registration post.

By including this field you are able to add your own message to the email that your customer will receive when they place an order through your website.

This will give you the control to manage the message that your customers receive when they are sent a confirmation email.

Unfortunately not, confirmation emails are only available to Opayo form customers.

If you want to send confirmation emails to your customers you will need to set this up through your own site, using your own mail server to generate and send the emails.

Form integration - Understanding the process

Server integration - Understanding the process

Reporting and Admin is a tool that is available to all customers using the Opayo system.

You are able to perform actions such as adding and removing users to MyOpayo, adding and removing fraud prevention rules, and obtaining information on transactions that have been processed through your Opayo account.

To find out when a token will expire on your account you will need to perform the getTokenDetails command using the reporting and admin tool.

Before you can get the details of the token you will first need to ensure that you have the token ID to hand.

You will then get the following information sent back to your system by Opayo:

• Token ID
• Card Holder name
• Last 4 digits of the card
• Card type
• Is the card a corporate card
• Is the card a credit card
• Expiry date of the card
• How many uses

A full breakdown of performing the command can be on our developer hub.

The 3 methods of integration are:

• Opayo form – A simple encrypted form submission post from your website to the Opayo systems, the shopper is then transferred to our hosted payment pages for the card details to be securely captured. This is the most basic method of integration available on our platform with your site only requiring a single post for the transaction to be processed.
• Opayo server – The Opayo server method of integration allows you more control over the transactional process than the form solution. The server integration still enables you to have the transactional process hosted on our platform. There is continuous channel of communication open between your site and our platform. The server method also enables our vendors the option to implement an “inframe” into their site which embeds the Opayo payment pages on the vendors website.
• Opayo direct – This solution gives you complete control over the transactional process including the hosting of the card details capture pages. You are required to undertake complete developmental work of the entire payment process including the security and safety of the details that are captured.
• PI integration - Our newly refurbished online payment gateway’s open API which minimises your own PCI requirements and gives you more control over how your payment page looks.

Each method of integration will allow you to link your website to our systems to process payments.

If you have a web developer, or your website is using a shopping cart we would advise speaking directly with each in order to find which integration will work best with your site.

You will then be able to choose the method that works with your site and begin processing transactions.

Form integration - Understanding the process
Server integration - Understanding the process

An encryption password is a mixture of letters (upper and lowercase) and numbers that is used to encode and generate the Crypt string that is sent from your system when a transaction is registered through Opayo.

In order to ensure the security of your transactional information you are given both a test and live encryption password.

When your account is set-up with us you are given access to the MyOpayo admin panel. Once you have logged into your account as the main admin user you will be able to select settings followed by admin on the left of the screen. You will then see your encryption key.

If you are using an off the shelf shopping cart you will need to enter your Opayo vendor name and encryption password into the back end of the platform.

For custom build websites you will need to provide this information to your web developer who will be able to build this into your site.

Your crypt string includes all of the transactional information that is sent to Opayo. Information that is sent in the crypt string is:

• Customer name
• Address details
  
• Basket contents
• Amount
• Currency

There are a lot more fields that are included in the crypt string when it is sent to us. For a full list of the fields included please download a copy of our form protocol guide.

In order to ensure the information included in the crypt string is sent and received securely it is encoded using the encryption password.

The password is used as part of your encryption process and will turn your transaction information into an intelligible string of letters and numbers that cannot be read.

An example of this is:
 

Un-encrypted string

VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP&Description=description&CustomerName=Fname&Surname&CustomerEMail=customer@example.com&BillingSurname=Surname&BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1&BillingCity=BillCity&BillingPostCode=W1A 1BL&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname&DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL&DeliveryCountry=GB&DeliveryPhone=447933000000&SuccessURL=https://example.com/success&FailureURL=https://example.com/failure
 

Encrypted string

Crypt = @ED19A324A441FB7345DE87869E3712D13CE9A129CA177CEE62FC10FDF67EBD6C42000D53679BADCABB45661EF63BB87E6AB
3BD10FB9BA6000C16FD7D47FF8E76EC31E8D288A73DAD797DFD613131D32A30377C72FC2F56A762C384F2A3E9A0F3A2225C6
54C39E725E85DC5E4C94EE7F7CC4403AC3B049D13A8BAC2EB0E6B2AF4BCB7B55BAE6CB497B37BB8C0AB817994E13867DAAE6
086327031D140564171C5950B3D1A138661B12AE783A438787E66E58DBEDD1244FEAD138BE43A7D0BCC764A451B9F0FC6F27

This will ensure that your transaction information is not tampered with and will arrive at Opayo the same as when captured.

Form Integration - Understanding the process
Confirmation emails