REST API calls

The API has been designed as a REST API. It uses the HTTP protocol as its foundation. Each resource is accessible under a clearly named URL and the HTTP response codes are used to relay status. HTTP Verbs like GET and POST are used to interact with the resources. To support accessibility by clients directly, as opposed to your server, our servers support cross-origin resource sharing. We use JSON for all of our payloads, including error messages.

All these characteristics mean that you will be able to use standard off the shelf software to interact with our platform. To make the integration even easier, our platform also offers SDKs that wrap both the complete Server API as well as the complete Client API.

In order for our platform to properly maintain our PCI-DSS compliance for processing of Card Not Present transactions, the CVV, submitted by the consumer is sent to the issuer bank with the first payment attempt, may not be stored on file. Since the CVV can never be stored and sent for recurring series transactions, our platform incorporates a recurring flag that goes out to the issuer bank to alert them that CVV is not coming with repeat authorizations you submit, based on the recurring nature of the relationship/agreement with your consumer.  This approach is intended to help you maintain the highest possible authorization rates for repeat/recurring transactions

When they return to your website to pay, you will offer them selection of the card (i.e. You store the token with their consumer profile), and then submit the applicable recurring series API input to our platform so they may pay again using that card on file.

 NOTE: If the card expired then you may initiate a new secure session for the MyCheckout hosted payment pages - to either:

1. Collect a new expiration date and CVV from the consumer to submit with the stored token or
2. If the payment method has or will change then you may also collect a new PAN and need to store store the new token on file.

Currently, a token remains active until it is expired by you, the merchant. If the card stored in a token has expired, the token becomes useless and should be deleted.

No, the REST API uses JavaScript Object Notation (JSON) payloads for request and response. JSON is lightweight and supported out of the box by most programming languages, including JavaScript, which allows for support directly inside your payment pages. Almost all modern APIs use JSON payloads so any developer that has integrated an online API before should be very familiar in handling this format.

Once you have signed up, you will get login details for the configuration center, where both the apiKeyID and the secretApiKey can be found. Each of the different environments that you have access to has its own configuration center, allowing you to separate the different access roles (developers, production maintenance, etc.) more clearly.

Note: Each apiKeyID has an expiration period. You can view the expiration dates of your keys in the configuration center. In the configuration center you can create additional keys and revoke keys that you no longer wish to use.

On average, the payment platform responds within one to two seconds. Certain responses can take a bit longer in case multiple third party platforms need to be contacted before we can formulate the response back to you.

The GlobalCollect platform allows you to connect to three different environments, each with their own characteristics.

We recommend a time-out period of 45 seconds.

The test connection API (GET http://{domainname}/{version}/{merchantId}/services/testconnection) helps you to quickly check if the connection between your system and our platform is setup correctly.

The Client API calls that are wrapped inside the JavaScript SDK allow you to present each of the payment products in your look and feel. Using the JavaScript SDK you can encrypt all the sensitive card data so that only our platform will be able to decrypt them. The result will be an encrypted blob that you can send to our platform for processing through the Server API. Please note that you can only submit this encrypted blob only once and you should not store it in your systems. Because you submit each transaction using the Server API, you have full visibility on each transaction and you can enrich the transaction with additional data that can for instance be used to qualify for discount rates or enhance the fraud screening capabilities.

Yes, the REST API is described using REST API Modelling Language (RAML).