Merchant hosted payment window
In this section, you will find information about the implementation of the merchant hosted payment window.
Overview
Instead of using Netaxept hosted payment window, you may use also your own hosted payment window. In that case, no redirect to Netaxept payment window will happen and you will have a complete control of the layout of the payment window. However, it should be noted that merchant hosted payment window is only supported for card payments. Also, in this case card data is transmitted in your systems so you need to implement your solution according to all PCI DSS requirements.
PCI DSS (Payment Card Industry Data Security Standard) is a standard created by the card schemes. It requires merchants, payment service providers (like Nets) and card acquirers, to implement solutions that will secure the consumer's card data during a payment transaction, and when saved in a database. Such a solution needs to be validated yearly by external PCI DSS inspectors, at the costs of the ones hosting the solution. If you have more questions about PCI DSS, please contact your chosen card acquirer.
Transaction flow
Here is a description of the basic payment flow if the payment window is hosted by yourself, instead of Netaxept:
-
Start the payment process by sending the Register call to Netaxept, and set
serviceType=M
to indicate that you will be using a merchant hosted payment window. -
After the successful registration, ask your customers to submit their card information into your payment window. After that, send the Terminal call with the required parameters and card information. In addition to
merchantId
andtransactionId
, you need to providepan
,expiryDate
andsecurityCode
parameters as well. 3D Secure (or equivalent) authentication is performed automatically during the terminal phase, if you have 3D Secure activated for your business. -
The terminal phase is completed successfully if "OK" is returned as the response code. You can now send the Process call to make financial operation such as authorization (AUTH) or authorization & capture (SALE).
Response Codes
If something fails, you can find the detailed reason for the failure via the Query call. For the merchant hosted payment window, Netaxept composes error messages from the given fields and messages, and you can decide yourself how to communicate these error messages to your customers.
Read more about response messages (see especially the "Error codes related to merchant hosted payment window" section).