Getting Started
600 words 3 minutes
Regulatory Considerations
Credit and debit card transactions depend on keeping the primary account number secret. On top of that the card security code has to be kept a secret. Therefore the credit card industry is enforcing a regulatory framework on all parties involved in credit card transactions called PCI-DSS (Payment Card Industry - Data Security Standard). As a merchant (the party getting paid) the regulatory requirements are the lowest when never handling any sensitive card data directly. This includes writing any code that executes in a context where card numbers are present, both on the backend as well as on the frontend. To enable this, PayFunc provides the necessary UI components in combination with safe API:s so that you never are required to handle the sensitive card data directly.
Integration Options
Depending on your business needs and your requirement for control over the user experience we provide several ways to integrate PayFunc payments into your system.
No Integration
Sometimes no integration is required. One can use PayFunc Portal together with PayFunc Send to send out payment links using SMS or email.
Checkout
The PayFunc Checkout provides a complete checkout experience with support for multitple payment methods and handling of customer information. You can learn more on how you integrate in here.
PayFunc Onboard
PayFunc Onboard provides a solution to onboard your customers to create accounts that can be reused to bill them later. Read omer on how to integrate it here.
Card Tokenizer
It is also possible to use our card tokenizer component to create card tokens. It is the most low level way of using our API:s without increasing your compliance burden and is a great solution if you want maximum control and customization. The card tokens can then be used with the API to create orders and accounts for that card. Please contact us using the chat below for more information on how to use the card tokenizer.
Authorization
Our API uses three different API-keys for authentication:
- public
- private
- account
Public API-keys
Public API-keys are used to create new orders, new accounts and new card tokens. The public API-key is safe to use in the browser of your consumers.
Private API-keys
Private API-keys are the most potent API-key and let’s you do everything available in the API. Private API-keys should be protected and only be used on systems you trust. Private API-keys can among other things be used to list all your orders and charge, cancel and refund orders.
Account API-keys
Account API-keys are unique to a single account. It enable your users to update their address, payment methods and also to view their order history.
Testing and Integration
For testing and integration purposes we provide test API-keys. They do not transfeer real money and are therefore great for dryrunning the system.
With test API-keys you should never use real card numbers. Instead, use one of the following test card PANs:
- 4111 1111 1111 1111
- 2221 0000 0000 0009
- 5500 0000 0000 0004
The card security code (CVC) is 987
for each of these numbers.
API
Base URL
The base URL for our API, both for testing and production is: https://api.payfunc.com
.
Authentication
Authentication is done using the HTTP header Authentication
with the Bearer
scheme.