Accept and manage credit card payments from your customers
Overview
Cards are the most popular payment method globally, offering convenience and widespread acceptance. The
Solidgate
API
allows developers to easily integrate card payments and cater to this preference, providing a robust, secure, and flexible solution.
The
Solidgate
API
offers developers secure transactions with 3D Secure, tokenization for easier future payments and seamless recurring transactions.
Please note that only PCI-DSS certified merchants are eligible for full API as the merchant collects sensitive card data and hosts payment form. Using the
Guide
Understand how to integrate the payment form into your product.
payment form
or
Guide
Easily build a safe and simple payment page with our straightforward, step-by-step guide.
payment page
, the merchant without PCI DSS certification can process payments.
Charge
API
The
charge
request, a primary operation, withdraws funds from cardholder accounts and can utilize 3D Secure for verification. Successfully completed operations result in funds withdrawal or hold (in case type auth is sent).
Recurring
API Recurring payment operations differ from charges as they use a previously obtained token instead of cardholder data. Some recurring transactions, such as one-click payments, may require 3D Secure verification. To facilitate this verification process, the merchant needs to display a bank page (ACS URL) to the user. This bank page can be obtained through notifications or
check order status
API
from the merchant side.
Technical recommendations for 1-click customer-initiated payment flow
User action: The user initiates a 1-click payment.
Token payment: The merchant initiates payment using the secure token tied to the user’s payment information.
Intermediate status: Immediately handle the intermediate status received from Solidgate to prepare for the next step.
Pre-loader display: Show a pre-loader on the user interface to indicate that the payment process is ongoing.
Webhook and status polling: Set up a secure webhook to receive the final status of the order. Optionally, implement background polling to periodically check the order status as a backup.
By following these points, the merchant can effectively handle a 1-click, customer-initiated payment process.
Resign
API Resign 1-click enables token-based transactions (1-click payments) with additional CVV verification, exclusive to PCI-DSS certified merchants. Resign 3DS involves a resign request and a 3D Secure verification URL redirect.
Void
API The void request serves to nullify pre-existing
auth
transactions by revoking the initial authorization. Be advised that the void method can only be executed for auth transactions.
Settle
API The settle method facilitates the settlement of previously
auth
transactions. Be advised that if the subsequent settle
amount
is less than the initial
auth
transaction
amount
, the difference will be refunded to the cardholder’s account.
Refund
API A refund constitutes a transactional request to revert funds to the cardholder’s account, and it can only be executed for successfully completed transactions.
For
Void
API
,
Settle
API
, and
Refund
API
, we recommend implementing automated retry logic for declined operations and incorporating an additional strategy: triggering subsequent attempts at hourly intervals, ensuring that the cumulative retry count does
not exceed 100 attempts.
Check order status
API The check order status request retrieves the present status of a given order. If a transaction is undergoing 3DS verification, the response will indicate an order status of
3ds_verify
.
Get ARN codes
API The get ARN codes request obtains ARN codes for specific orders, providing essential information about refunds, currencies, and transaction statuses.
Auto-settle
Auto-settle is a feature that automatically settles orders if you provide a settle_interval value in your charge requests with the type auth. If you enable this feature, we will automatically send transactions for clearing after a specified delay in hours. In the event that the first settlement transaction is unsuccessful, we will attempt to settle six more times to prevent financial losses.
Auto-settle will not be created if the client sends a settle_interval request with null. In this case, it is necessary to manually initiate the settlement process. Additionally, auto settle won’t be performed if there’s at least one void transaction within a payment.
settle_interval
parameter has a limit of 7 days, which is equivalent to 168 hours.
3DS verification
Solidgate provides 3D Secure support for payments, enhancing security measures for both merchants and customers.
To
Guide
This process ensures secure, reliable payment processing using 3D Secure authentication to prevent fraud.
process a payment as a 3D Secure payment
, pass the force3ds parameter as a boolean with a default value of true. Be aware that 3DS may be triggered by either our side or the processor’s side.
When implementing 3DS payments, be prepared to display the 3DS bank page (ACS URL) to the user after initiating a recurring request with a verify_url. The request process for recurring 3DS transactions is identical to the standard recurring methods, ensuring a seamless integration experience.
Additionally, to handle 3DS transactions, make sure to set up success and fail URLs for browser redirects after a 3D Secure payment, either successful or unsuccessful. Provide necessary information for the frictionless flow of 3D Secure 2.0, such as browser details, time zone offset, and user-agent.
The 3DS may be triggered either from our side or from the processor's side.
Charge without CVV
Processing payments without a CVV simplifies customer interactions, leading to higher conversion rates and satisfaction. Allowing transactions without CVV for specific use cases minimizes declines and improves payment success rates. Merchants offering
Guide
Create and maintain a stable and healthy business subscription model.
subscription services
or recurring billing benefit from reduced failed payments, ensuring consistent revenue and enhanced customer retention.
If you store card details and want to transfer payments from another provider to Solidgate, performing a сharge without CVV is possible. This can be done under the following conditions when card details (PAN, expiration date) are stored in your database and the first payment with a CVV-card was processed by another provider.
Our payment method is used to pay with not the full card data (card number and expiration date) for different payment types (please always provide payment_type for charge payments without CVV):
1-click
Customer-initiated payment.
recurring
Merchant-initiated subscription payment.
rebill
Retry of the merchant-initiated payment.
installment
Merchant-initiated debit for credit/installment (financial institutions).
retry
Not regular cash withdrawals (depending on the trigger, the frequency, and amount of write-offs, in this case, is determined by the point of sale itself).
If a card payment transaction (charge transaction) fails, it can be attributed to various reasons, such as insufficient funds. However, if the payment is unsuccessful, it is not always necessary to cancel the order and lose the payment. Instead, a retry payment attempt can be made using a payment token.
A payment token is a unique identifier generated during a charge operation and used to identify data (such as credit card information) for future transactions.
If the payment fails due to a network error or a decline from the issuing bank, a recurring request must be made using the token from the unsuccessful first attempt. This allows for a seamless experience for the customer and can increase the chances of a successful transaction, avoiding the loss of payment.
It is important to note that our product enables merchants to organize retry logic on their part.
Retry logic:
Retry only card payments: Retry logic should exclude
Guide
Improve your checkout conversion by accepting payments via Apple Pay.
Apple Pay
and
Guide
Improve your checkout conversion by accepting payments via Google Pay.
Google Pay
transactions (those with the CRYPTOGRAM_3DS data type). A payment token is issued exclusively for successful Apple Pay and Google Pay payments, eliminating the need to retry these payment types.
Limit on the number of retries: Retry logic should be configured with a limit on the number of retries to prevent infinite retries and unnecessary charges to the customer’s payment method. That is, the system must stop retrying the payment after a certain number of retries.
The interval between retry attempts: To avoid overloading the issuing bank with too many requests over a short period (which may be perceived as fraud), retry logic should include a back-off time between retries, such as waiting a few minutes before trying again or increasing the time between retries as the number of failed attempts increases.
Handling of decline reasons: Retry logic should be able to handle decline reasons for rejection and respond appropriately. For example, repeating attempts when receiving a permissible decline code (incorrect card number) and, at the same time, analyzing/counting and setting limits on identical decline codes.
Customizable retry rules: Retry logic can allow for customizable retry rules, such as retrying only on specific decline codes.
Cancellation or refund: If the payment fails after several retries, it is desirable to have a way to cancel or refund the payment to avoid multiple deductions from the customer’s payment method.
Handling of declined transactions: Retry logic must handle declined transactions in a specific way, such as by prompting the customer to update their payment information or offering alternative payment methods.
Notification: On the merchant side, it is necessary to additionally notify the customer of the result of the transaction, successful or unsuccessful.
Retry history tracking: This information can be used to analyze transaction patterns and improve retry logic. The merchant should have a system that can track the history of retry attempts for transactions, including the number of retry attempts, the time of each one, and the result.
It is important to note that retry logic must be implemented with caution to ensure that the customer’s payment details are secure and to avoid any unexpected charges. Retry logic can improve the success rate of transactions and provide a better user experience. It is always recommended to test and monitor retry logic in production to ensure it is working as expected.
Handling of decline reason
The system can include error handling mechanisms to handle errors during the retry process and ensure that the customer is informed of the issue and provided with an appropriate resolution. You should identify the reason for the payment decline when it occurs. There could be several reasons, such as insufficient funds, expired cards, or invalid card details.
Here is an example of certain reasons for a declined transaction when there is still a chance of a successful payment:
Guide
The general group of declines. The card issuing bank did not complete the transaction successfully.
0.01 General decline
Guide
The transaction has been declined by the card issuer. Reasons for decline can vary, including limits on online payments, daily payment amounts, or daily transaction counts.
3.04 Transaction is declined by the issuer
Guide
The issuing bank blocked the transaction due to possible fraud.
3.10 Suspected fraud
Guide
The card cannot be used to make this payment (it is possible it has been reported lost or stolen).
4.03 Restricted card
Guide
The acquiring bank blocked the transaction due to possible fraud.
4.05 PSP antifraud