Payment API Explained: Connect a Payment Gateway

The payment API is the website code that connects your website or app to the secure payment network

Link to the author's page
Jason Dantzer
February 26, 2024
Link to the author's page
Payment API Explained: Connect a Payment Gateway

What is a payment API?

The payment API is the website code that connects your website or app to the secure payment network. API is short for “application programming interface”, and it’s a web script that links a payment processing service to your checkout page. 

In the context of digital selling, you might see the payment API referred to as a “payment request API” or “payment gateway API” because it connects your customer to their bank or financial services provider. 

Learn more: Chasing basis points: How performance drives digital commerce

Example: How does a payments API work?

Here’s a quick rundown of the process:

  1. When your customer is ready to buy from your website, the payment API detects information about the browser, location and transaction amount to display the best selection of payment options.
  2. The customer selects their preferred payment method, and enters their payment details. 
  3. The API securely transmits the customer’s payment details to the payment processor.
  4. The payment API delivers the outcome message (either success or failure) to the checkout page.

Are all payment APIs the same?

No. Believe it or not, the brand of API you use can affect payment success rates – for better or worse. For instance, if a customer’s card could be declined if the payments API doesn’t collect and send the required data. Or the API might not support your customers’ preferred payment methods.

What does a payment API do?

The payment API allows you to perform a variety of payment-related tasks, such as securely collecting funds from customers. In short, it allows you to take payments online. You can use a payment API on your website, app, marketplace or gaming portal, to name a few locations.

A major use case for a credit card API is to take payments without exposing customers’ payment details to your app or website. This means your company avoids liability for handling sensitive payment details (which are subject to strict mandates including PCI regulation).

Here are the main tasks a payment API carries out:

  • Collect payment details from the end customer (for example, via credit card, Apple Pay, and other digital wallets or bank accounts)
  • Send payment requests to a payment processor 
  • Process repeat billing (such as subscription media services)
  • Refund a payment
  • Void a payment
  • Issue payouts (for instance, on gaming platforms)

There are multiple types of payment API that make different requests for payment actions. It’s not uncommon for providers to have one API for each action (3DS, authorization, void etc.). 

To make it easier, many of the APIs are grouped together under the “Unified Payments API” (or UPAPI, for short). 

Here are some of the tasks that the payments APIs can do:

Payment tasksCustomer managementAdmin tasks
Retry payments that didn’t go through the first timeStore encrypted card details (as a “token") for future useManage disputes (view disputed payments, accept or reject claims, submit evidence)
Request authentication (security verification) from the customerStore a customer’s email, phone number and other data alongside their card detailsCreate reports from your past transactions
Tokenize a payment (encrypt the card details)Update a customer’s stored credentials if their card is expired or stolen.Set up notifications that trigger under certain events

You can even issue physical or virtual cards to specified users in your business via the API.

How does a payment API differ from a payment gateway?

Let’s clarify the distinction: the payment gateway and API work together but they’re different technologies. The API is coded into your website and sends data to the external payment gateway. 

Usually, the payment gateway is hosted on an external server (not on the same server as your website). The payment gateway is owned and managed by a financial processor, such as a payment services provider (PSP). It’s the technology which sends the payment request to the banks and makes sure the money is transferred from the customer’s account to your business account.

Here’s a simple diagram showing the payment API and the payment gateway in the online payment process:

What are payment APIs used for in business?

Put simply: APIs increase efficiency. This is the main motivation for 89% of payment managers. They help provide a smooth checkout experience for your customer. 

In days gone by, your customer might have called up your sales team to make payment over the phone. These days, the payment API replaces such a slow and resource-intensive process. Thanks to payments APIs, buyers can pay your business at any time of day or night. The entire transaction is digitized, and thousands of customers can make payment without your staff needing to take a single phone call.

As for the payments API, it unifies all your payments data and transaction options in one place. For instance, you can accept chargebacks or decline and provide evidence, as needed. 

Another use case is financial reporting. For instance, you can request a list of declined payments from the past 12 months, along with the bank response codes. That allows you to spot patterns where your business is losing revenue due to failed payments. You can even narrow down results per region, per currency, per payment type, and so on. 

Data security compliance using a payment API

The importance of protecting customer payment data (and that of your own business, for that matter) cannot be overstated. So a fundamental question about how your company will process payments is: are you capable of handling sensitive data? 

The most critical standard to comply with is PCI DSS (Payment Card Industry Data Security Standard). Whether or not you should use a payment API – and the type of integration you should choose – depends on your business’ data security integrity. Section 6 of PCI-DSS 4.0 specifically highlights the security measures needed for APIs.

Your level of compliance is decided by a self-assessment questionnaire, which can serve as a guide to the payment integrations suitable for your business. As you weigh up different payment API options, you should consider how much sensitive data is exposed to your own systems. 

Here’s a quick summary:

Low-code options that make calls to an external payment API: hosted payment page, Payment Links, Components (Beta) are all types of interfaces which require lower levels of compliance.

Direct payment API integration into your website: requires a much more robust set of security protocols and a higher level of PCI compliance.

What makes a good payment gateway API?

Just like smartphones and saxophones, not all payment technologies are created equal. Remember that the ideal API for one business may not be right for another, perhaps owing to a mismatch in needs versus available features.

That said, there are some key ingredients to get this right. In order to track down a robust and well-made payment gateway API, you should look for:

  • A payment service provider (PSP) with a good reputation
  • Security and compliance standards that are right for your business
  • Best-in-class technology performance to ensure valid payments succeed
  • A solution that’s straightforward to integrate
  • Easy to add new payment methods and flows without needing to re-integrate
  • Forward-thinking PSP that’s developing future-oriented technologies

Business features of a strong payment API 

You should find out from your in-house engineering team exactly what they’d need to successfully configure an API for your business. However, these are the basic expectations you should have:

  • Communication: regular product updates and timely messaging that explains changes
  • Testing: a sandbox environment that closely resembles the real product
  • Documentation: clear and comprehensive API reference material

Technical features of a strong payment API 

To help you figure out which payment processing API you should sign up for, look for the following attributes:

  • Secure payment processing: uses tokenization and fraud detection methods to foil hackers and meet financial industry regulations
  • Reliable: excellent uptime and fast processing speeds
  • Scalable: can handle larger transaction volumes on busy event days
  • Flexible: offers a range of payment channels (such as credit cards, digital wallets, and more)
  • Reporting features: custom data requests, historic data visibility, bank response codes
  • Global: supports multiple currencies and regional requirements
  • Interoperable: integrates with your existing tech stack
  • Dispute handling: options to notify, manage, and resolve payment dispute claims

How to set up an online payment API

The process of integrating an API can vary depending on the precise needs and location of your business. However, with, merchants are generally required to do very little of the heavy lifting when it comes to technical payment configuration. Unless, of course, a merchant wishes to customize payment flows to a greater extent.

Broadly, the steps are:

  1. Research your options for taking payments from customers, and consider which ones you need
  2. Consult with your product team, engineers, operations and finance teams to understand what your business needs from payment integrations
  3. Approach one or more payment services providers and find out what payment integrations they can offer you
  4. Sign up for your chosen integrations, and begin technical implementation
  5. Ask your engineers to create a test version of the checkout API, and request feedback from internal stakeholders such as customer experience, operations and finance teams
  6. Implement changes based on internal feedback
  7. Launch payment integration(s), and tell your customers
  8. Consider adjustments based on feedback from buyers

For some merchants, it will be as easy as pasting the code snippet into your website and tweaking certain elements to match your preferences. This is likely to suit ecommerce merchants who want a simple payment solution for selling goods and services online.

Other merchants may have more complex configuration needs, such as identity verification integration, enhanced fraud prevention measures, and localized payment experiences. In this case, there may be more of a back-and-forth consultative process with your PSP account manager. 

We also work with merchants who prefer a greater level of control over their payment processing, and dedicate considerable in-house resources to creating advanced API integrations.

How long does it take to set up a payments API?

Timelines will vary from business to business, due to specific preferences and needs.

A more straightforward integration can take place in under an hour, with further adjustments on an as-needed basis. This is the most convenient option for merchants without the bandwidth to bring their payment operations in-house.

In any case, you should factor in a day or so to allow your account manager to make changes to your API integration (depending on time zone differences and the complexity of your request).

Larger businesses with in-house payments specialists will require more time to set up the payment system that best suits their goals. In such cases, the entire API integration process can take several months (if not longer). 

Such merchants must allow time to create and test highly specialized code, add international regions, and make adjustments based on evolving business strategy. Extra complexity can arise from combining multiple financial technologies, integrating into extant reporting and analytics platforms, and converting legacy infrastructure.

Potential issues to watch out for when integrating a payments API

Before you go ahead with contracting for a proprietary payments API, you should consider whether it truly matches your business needs. Without due consideration of your PSP, you could face issues such as:

  • Lack of reporting granularity
  • Inability to serve certain geographical regions
  • A paucity of payment methods
  • Higher-than-expected costs
  • Missing features such as fraud monitoring or issuing capability

You should ensure you have the following in place to avoid potential pitfalls: 

  • A PSP with a track record for excellence and technical innovation
  • A clear roadmap of your business expansion plans
  • Sufficient in-house payments expertise  
  • Optimal website or app resources to handle buyers (such as fraud prevention, identity verification, and server processing power to handle spikes in traffic)

Find out more about payment APIs

With, you have a broad array of options to take payments for your business. We’re trusted by industry-leading merchants such as Uber Eats, Sony, and Shein because of our best-in-class integrations.

See below for a quick overview of our most straightforward payment API integrations. Custom options are available upon consultation, and you can contact our payments experts if you’re curious to know more.  


Add an iframe into your existing checkout page that securely sends card details to our payment gateway. This is ideal for merchants that fall short of mandates on credit card data handling.

Hosted payment page

If you’re not looking to take payments directly on your app or website, you can use a hosted payment page as a secure way to take payments.


Take payments on your website via credit card or other payment methods using a pre-built interface. Learn more about Flow in our dedicated Documentation.

Stay up-to-date

Get news in your inbox.

Back to top button
February 26, 2024 10:09
February 26, 2024 10:09