Merchants need to decide to what extent they want to expose their systems to payment card data. Storing raw card data provides merchants with the greatest extent of control, but it also means that they must comply with the onerous and costly requirements of PCI Level 1 certification.
Merchants who do not wish to capture or store card details on their own systems can use the APEXX hosted payment page. This allows the shopper to enter their card details on a page that is not part of the merchant's application. No raw card data is exchanged through the API between APEXX and the merchant. Optionally, APEXX can return the tokenised card number to the merchant to facilitate e.g. recurring payments.
Transactions are initiated by sending a request to the APEXX gateway's hosted payment page endpoint. APEXX will generate a unique URL for this payment request and return it in the API response. There are two options for the presentation of the payment page to the consumer:
- in an iFrame on the merchant's website - this will ensure a consistent look and feel to the payment experience, making it less likely that the cardholder will abandon the purchase
- through a full page redirect - the shopper is redirected to the full payment page as provided by APEXX. It is possible to customise the payment page to some extent (i.e. the font, font colour, background and border colours, terms and conditions)
Once the payment is complete, APEXX will return the shopper to the URL specified by the merchant and display the result of the transaction.
Fig. 1: Example of hosted payment page
Fig. 2: Hosted payment flow