Payeezy is a business platform oriented towards helping merchants establish or grow their eCommerce business. All of the elements necessary to help the merchant succeed in this domain are represented in the Payeezy solution ... from webstore capabilities (ours or through many partners) to payments from security & fraud prevention to reporting; from processing across borders to currency conversion.
In many cases, small and medium sized business need some technical assistance with these solutions. We developed Payeezy.com to provide a simple, powerful ecommerce payment option for developers that delivers easy, scalable and secure online and mobile payments. Essentially, we are providing access to our unparalleled ecommerce product offerings by helping you integrate your solutions through the site’s open API environment.
Code once, and you’re set to go. Our goal is to expose the depth and breadth of our assets, services, and processes to unlock additional business value to new and existing channels.
Payeezy is an eCommerce business platform, so any merchant wanting to establish or grow their eCommerce business can leverage its capabilities. Whether looking for a more PCI compliant solution or wanting to seamlessly integrate payment processing to your website, the Payeezy solution makes it easy to accept a wide range of payments anytime, anywhere. A highly intuitive web-based interface and simple APIs allow you to remove the complexity of accepting card-not-present payments quickly and easily, keeping your focus on operating and growing your business.
*Availability of certain Payeezy capabilities depend on the merchant’s domicile. Click here for details.
Explore our site anonymously if you like; you’ll even be able to test the code samples we provide on the API Docs & Sandbox tab. Once you create an account with us, you’ll be able generate a unique APIKey that will allow you to generate transactions against a test account that you can find in your My Merchants tab. Fully register and certify your solution, and you’ll be able to bring merchants on board. What's more, become a payeezy partner and generate money whenever a merchant referred by you processes a transaction.
- Explore our Payeezy site anonymously and play with our APIs in the sandbox.
- Create an account with your email address to get access to our sandbox environment. It should take just 20 seconds.
- Begin the integration process. Use your API key and API secret.
- Add merchants to obtain the merchant token.
- Go Live!
For more detailed instructions, refer the Getting Started with Payeezy Guide
Capabilities: Payeezy APIs are the new, lightweight alternative that include our newer capabilities like Apple Pay, Payeezy JS, Android Pay, etc.
Geographies: Payeezy APIs support merchants from US and Europe. This benefits both partners and merchants. For example, our shopping cart partners who integrate with Payeezy API can support merchants from both US and Europe. Likewise, multinational businesses can benefit from this.
Libraries: Payeezy APIs give developers more flexibility with more libraries and SDKs (iOS SDK, Android SDK, Python, Node JS, Java, PHP, cURL, Ruby, etc.)
New features: With Payeezy APIs, our aim is to unlock additional business value to our customers by exposing the various First Data assets and services. This means that we will be adding many more features to the Payeezy APIs making it the single point of access to the various First Data services.
While Payeezy is an ideal solution for enabling small and medium sized businesses (SMBs) to accept payments either online or via a mobile device, there are scenarios where it doesn't apply.
For example, merchants processing in the US should consider alternative solutions for the following types businesses:
- Fire Arms (sorry, company policy doesn't allow us to serve here today)
- Gambling (contact us about PayLucky solutions for more information)
- Pharmacy (contact us about our High Risk Merchant Account solutions for more information)
- Tobacco (contact us about our High Risk Merchant Account solutions for more information)
The solutions vary based on the merchant's country of domicile. Please contact us to find the best solution for your type of business.
Absolutely! Once you have fully registered and certified your solution, you will be able to Add Merchants^. Simply click on the My Merchants tab and enter the necessary merchant information, and we'll do the rest. You'll be notified once they've been approved, and better yet they will appear in your merchant listing!
^ Merchant self-boarding is currently only available to our partners in the US. More regions will soon be supported.
In addition to the REST APIs and corresponding SDKs/Libraries found on our developer portal, the Payeezy eCommerce Solution provides additional options to better assist you in delivering easy, scalable and secure online and mobile payments!
- SOAP APIs – whether you prefer SOAP, or have valid business reasons to use the older APIs, you still have access to all of the Gateway API materials you’ve come to love over the years - U.S. merchants, European merchants
- API Reference Guide
- Code samples
- etc
- Hosted Payments Page - Check out these instructions if you are looking for a quick implementation - U.S. merchants, European merchants
Simply stated, the APIs represent a simple way to send transactions to a gateway account from a website/mobile app. While you are integrating to our APIs, it would be useful for you to see how your transactions flow through to the gateway account. For this purpose, we allow you to route transactions from your API integration to a demo gateway account. Also, a demo gateway account allows you to explore all the features of the gateway such as virtual point of sale, advanced fraud filters, etc.
For a US merchant integration, you can request a demo gateway account here: https://provisioning.demo.globalgatewaye4.firstdata.com/signup
For a non-US merchant integration, you can request a demo gateway account by contacting your merchant acquirer.
| Non-US Acquirer | Email Address |
|---|---|
| First Data Merchant Services (FDMS) | TBA |
| First Data Merchant Services South Africa | TBA |
| AIBMS | authipay@aibms.com |
| Cardnet | TBA |
| EMS | TBA |
| First Data Hellas | TBA |
| TeleCash | https://www.telecash.de/produkte-services/e-commerce/internet-payment-gateway/antrag-testsystem/ |
| ICICI Merchant Services | TBA |
| First Data Austria | TBA |
| BNLP | TBA |
Once your developer account is certified, you can proceed to add live merchant accounts. Navigate to the Merchants page, click on "Live" and then click on "Add a merchant".
- If you are adding a merchant who already has a merchant account with First Data, select "Add your existing merchant account" and follow the instructions on the screen. In order for this to work, the First Data merchant account must be enabled for Payeezy API. If you are not sure what this is, check with the merchant service provider.
- If the merchant does not have a First Data merchant account and needs to apply for one, select "Sign up for a merchant account" and follow the instructions.
If for any reason, you are unable to add your merchant account, email payeezyboarding@firstdata.com with the Merchant ID (or storeID), DBA name and developer account email address. We will add the merchant account to your developer account manually within 2 business days and send you a notification.
As a first step, sign up at developer.payeezy.com and get certified. Once your certification is complete, developer portal will automatically redirect to “Add Merchant” page. Click on "Live" and then click on "Add a merchant".
- If you are adding a merchant who already has a merchant account with First Data, select "Add your existing merchant account" and follow the instructions on the screen. In order for this to work, the First Data merchant account must be enabled for Payeezy API. If you are not sure what this is, check with your merchant service provider.
- If the merchant does not have a First Data merchant account and needs to apply for one, select "Sign up for a merchant account" and follow the instructions.
If for any reason, you are unable to add your merchant account, email payeezyboarding@firstdata.com with the Merchant ID (or storeID), DBA name and developer account email address. We will add the merchant account to your developer account manually within 2 business days and send you a notification.
This is a common issue when developers use the API key and API secret that are published in our Docs and Sandbox pages. This is because the HMAC validation is turned off for that specific combination of API key and API secret. Therefore, the error never surfaces in the sandbox environment and only surfaces when you hit production with your own API key and API secret.
To prevent this issue, always use the API key and API secret from your account to build or test your integration.
| US | Europe | |
|---|---|---|
| Payment types | ||
| Credit Card | ✓ | ✓ |
| Gift Card | ✓ | - |
| eCheck | ✓ | - |
| German direct debit | - | ✓ (Germany only) |
| Paypal | ✓ | ✓ |
| Integrations | ||
| Payeezy JS | ✓ | ✓ |
| Payeezy JS + 3D Secure | ✓ | ✓ |
| Direct API | ✓ | ✓ |
| Apple Pay® | ✓ | ✓ (UK only) |
| Android Pay™ | ✓ | ✓ (UK only) |
| Android (native) | ✓ | ✓ |
| iOS (native) | ✓ | ✓ |
| Features | ||
| CVV | ✓ | ✓ |
| AVS | ✓ | ✓ |
| Soft descriptors | ✓ | ✓ |
| Level 2, 3 | ✓ | ✓ |
| 3DS processing | ✓ | ✓ |
| Dynamic currency conversion | ✓ | ✓ |
| Timeout reversals | ✓ | ✓ |
OUr APIs are language agnostic, so choose any language you please (CURL, Java, Node, Python, Ruby, iOS, Android, etc) that lets you make a RESTful call. And we are always interested in hearing your thoughts on where else we could be focusing! Comment in our Forum to see what others are thinking.
Getting Started with Payeezy
Using below listed steps, you can easily integrate your mobile/web payment application with Payeezy APIs And go LIVE!
- LITE - REGISTRATION
- CREATE AN API
- BUILD AND TEST YOUR INTEGRATION
- GET CERTIFIED
- ADD MERCHANTS
- GO LIVE!
LITE Registration
Sign up for a free developer account with LITE Registration. All you need is your First name, Last name and a valid email address. Navigate to developer portal https://developer.payeezy.com/ from your browser and click on CREATE ACCOUNT. c Note: Portal registration requires a valid e-mail address. Once registered, your email address cannot be changed in future. All e-mails from the system will be sent to this registered email address. The e-mail address will not be made public and will only be used if you wish to receive notifications by e-mail. After you provide registration information an email is sent to you with further instructions to activate your account.
CREATE AN API
Think of this as a unique app name that is used to identify your application. This is unrelated to the name you would use on Apple’s App Store (if you are integrating with apple pay/iOS) but it can be the same.
- Login to your Payeezy developer account and navigate to the "APIs" page.
- Click the “+ ADD A NEW API” button.
- On the next screen you name your application. If the API is only for testing, choose "Sandbox". If you plan to use the API in the production environment, choose "Live" as well.
- Click on the API you just created. You will see your API key and API secret. These are header parameter values that uniquely identify your transactions associated with all API calls.
BUILD AND TEST YOUR INTEGRATION
We provide a free testing environment to test your app in the SANDBOX region. To integrate and test your application all you need is
- Merchant token
- API Key
- API Secret
- JS_Security_Key (Only required for when using the tokenization API)
- TA_TOKEN (Only required For US domiciled merchants when using the tokenization API)
- CSR or public key (only required for mobile wallet integration)
The Merchant token and JS_Security_key are available from the "Merchants" page in your developer account. These values are unique for each merchant. For testing, we have made available a First Data owned demo US gateway account called "Acme Sock". You may choose to use this or connect to your own US demo account or non-US demo account by clicking on the "Add a demo account" button. Follow the instructions on how to add your demo account or how to sign up for a demo account. Once you add your demo account, you should see it listed in the Merchants list under "Sandbox" and you should also see the merchant token and js_security_key pertaining to that account.
The TA_TOKEN is "NOIW" for the sandbox merchant. For live processing, the TA_TOKEN will be available from Payeezy Gateway terminal. The API key and API secret are created by you and are available in the "APIs" page. The CSR or public key are created by you and are available in the "CERTS" page.
Select one of the Payeezy integration methods available from Integrations page
To test and integrate your payment application with Payeezy CERT environment use following URL: https://api-cert.payeezy.com/v1/.
Get Certified (Developer’s certification)
In order to add Merchants and Go-Live with Payeezy, you need to get certified as a Payeezy Certified Developer. Certification involves: 1. Completing a full registration 2. Submitting a sample payload as a valid JSON Purchase transaction in SANDBOX region.
JSON request will be tested against Payeezy Cert/Sandbox environment. After you click on the certify button, JSON response and response message will be provided below certify button.
You will be certified after submitting the CERTIFICATION form.
Add Merchant(s)
Once your certification is complete, developer portal will automatically redirect to “Add Merchant” page. Click on "Live" and then click on "Add a merchant".
- If you are adding a merchant who already has a merchant account with First Data, select "Add your existing merchant account" and follow the instructions on the screen. In order for this to work, the First Data merchant account must be enabled for Payeezy API. If you are not sure what this is, check with the merchant service provider.
- If the merchant does not have a First Data merchant account and needs to apply for one, select "Sign up for a merchant account" and follow the instructions.
If for any reason, you are unable to add your merchant account, email payeezyboarding@firstdata.com with the Merchant ID (or storeID), DBA name and developer account email address. We will add the merchant account to your developer account manually within 2 business days and send you a notification.
GO LIVE!
- Replace Sandbox URL with live environment URL: https://api.payeezy.com/v1/transactions
- Replace Sandbox merchant token with live merchant token.
- Replace Sandbox JS_Security_key with live JS_Security_key.
- Ensure that API key and API secret are enabled for live processing.
- Replace TA_TOKEN (if used) with the live TA_TOKEN available in Payeezy Gateway terminal
- Use live certificates for mobile wallet integrations.
Here is the complete list of bank response codes - https://support.payeezy.com/hc/en-us/articles/203730509
When you process any transaction using the original credit card number, the Payeezy system is able to determine the card type programmatically, based on the length of the number and the first digit and override the provided card type, if necessary.
However, when you use a token number instead of a card number, the first digit of a token number is random and so the system has no way to programmatically determine the card type, so the card type you provide is trusted. In this case, if an incorrect card type is provided, then the transaction gets declined.
If you want to process tokenized payments using multi-pay tokens, your account needs to be enabled with the appropriate service (TransArmor or Data Vault). Contact your merchant account representative or contact us for TransArmor/Data Vault enablement.
One of the biggest benefits of using our APIs is that once an integration is built, both US merchants and non-US merchants can use it. There are, however, 2 important differences to note when developing for US merchants vs Non-US merchants.
1. When using the GET Token API (/securitytokens), US merchants will need to send the TA_TOKEN parameter while non-US merchants will need to send the "Currency" parameter.
2. For a non-US merchant, the parameter “merchant_ref” should be unique for each transaction. It is not required for US merchants but is definitely recommended for ease of reconciliation.
3. In token based transactions, for non-US merchants, CVV is required. It is not required for US merchants.
Once the above caveats are handled in your integration, it should be usable by US merchants as well as Non-US merchants.
When you interface with the Payeezy.JS integration method, you never touch or save consumer’s credit card details. This diminishes the PCI burden on your end reducing your infrastructure costs, audit risks and many undesirable things while giving you complete control of check out process.
The process involves your web infrastructure serving up payment pages that fully control the checkout process. Once the consumer is ready to check out, has entered and confirmed their credit card information, and has hit the “pay” button, a Payeezy.js <script> tag included on the page intercepts the form and asynchronously posts the credit card details to our servers.
This call uses JSONP over https passing in a unique API key and identifier. Upon either authorization approval or a straight GetToken method, we will return a token and Payeezy.js will save the token information (instead of CC details) in a hidden form field on the checkout page and submit it your server. Your server will then submit the token to Payeezy to complete the transaction using the appropriate server side library via an API call using HMAC authentication over HTTPS.
Bottom line? This is the simplest, most secure and most flexible way to integrate your checkout pages with our payment capabilities.
Here’s why:
- You’ll have complete control over the look and feel of your checkout and payment pages as well as the entire checkout process.
- Throughout the entire process, you’ll never touch consumers’ credit card data.
- Interactions with our servers are highly secured, preventing “man in the middle” attacks.
- Consumers’ card data is tokenized, providing further protection of credit card data during the transaction.
For US demo merchant accounts
There are a number of ways to generate unsuccessful transactions from a demo account.
Simulate unapproved Bank Responses
You can use the dollar amounts between 5000.00 - 5999.00 to trigger a variety of Bank Responses, where the desired response code is added to 5000.
Simulate unsuccessful Ecommerce Responses
You can use the penny amounts to trigger a variety of eCommerce Responses, where the desired response code is added to 5000.00.
For example, to simulate a transaction that encountered the "Unable to Send Trans" error (code 42) during processing, use 5000.42 as the transaction amount.
Note: If both the dollar and penny amounts would trigger a simulated code (for example, 5200.42), the penny amount trigger will take precedence.
No, we do not support creating a recurring payment plan via our APIs. However, there are a couple of other ways to implement recurring payments:
1. Third party partners - Work with our partners (For example: Chargify) who can manage the recurring plan for you. Our partners offer APIs that you can use to create recurring plans and they can send us the recurring transactions on your behalf.
2. Recurring indicator - [US merchants only] Merchants managing their own recurring plans can pass the transactions through the API by utilizing the recurring indicator. In each of the recurring transactions, add this line - "eci_indicator"="2" to the request payload. This transaction will be processed as a recurring payment by the payment gateway.
3. Gateway portal - Merchants can create recurring plans manually via the gateway portal.
| Code | Explanation |
|---|---|
| M | CVV2/CVC2 Match - Indicates that the card is authentic. Complete the transaction if the authorization request was approved. |
| N | CVV2 / CVC2 No Match – May indicate a problem with the card. Contact the cardholder to verify the CVV2 code before completing the transaction, even if the authorization request was approved. |
| P | Not Processed - Indicates that the expiration date was not provided with the request, or that the card does not have a valid CVV2 code. If the expiration date was not included with the request, resubmit the request with the expiration date. |
| S | Merchant Has Indicated that CVV2 / CVC2 is not present on card - May indicate a problem with the card. Contact the cardholder to verify the CVV2 code before completing the transaction. |
| U | Issuer is not certified and/or has not provided visa encryption keys. |
| I | CVV2 code is invalid or empty. |
| Z or X | Server Provider did not respond. |
| Blank | No CVV code was sent and there was no indication that the CVV code was not present on the card. |
The AVS response indicates the degree of match for the provided address. Currently supported AVS responses are:
North American Response Codes
AVS Code, Definition - Explanation
X - Exact match, 9 digit zip - Street Address, and 9 digit ZIP Code match
Y - Exact match, 5 digit zip - Street Address, and 5 digit ZIP Code match
A - Partial match - Street Address matches, ZIP Code does not
W - Partial match - ZIP Code matches, Street Address does not
Z - Partial match - 5 digit ZIP Code match only
N - No match - No Address or ZIP Code match
U - Unavailable - Address information is unavailable for that account number, or the card issuer does not support
G - Service Not supported, non-US Issuer does not participate
R - Retry - Issuer system unavailable, retry later
E - Not a mail or phone order
S - Service not supported
Q - Bill to address did not pass edit checks/Card Association can't verify the authentication of an address
D - International street address and postal code match
B - International street address match, postal code not verified due to incompatible formats
C - International street address and postal code not verified due to incompatible formats
P - International postal code match, street address not verified due to incompatible format
1 - Cardholder name matches
2 - Cardholder name, billing address, and postal code match
3 - Cardholder name and billing postal code match
4 - Cardholder name and billing address match
5 - Cardholder name incorrect, billing address and postal code match
6 - Cardholder name incorrect, billing postal code matches
7 - Cardholder name incorrect, billing address matches
8 - Cardholder name, billing address, and postal code are all incorrect
Note: Codes 1-8 are only for American Express transactions
International Response Codes
G - Global non-AVS participant
B - Address matches only}
C - Address and Postal Code do not match
D - Address and Postal Code match
F - Address and Postal Code match (UK only)
I - Address information not verified for international transaction
M - Address and Postal Code match
P - Postal Code matches only
A CSR or a public key is required only if you are planning on processing payments through any of the mobile wallets (Apple Pay, Android Pay, etc.). If that is you, and you have already created a Payeezy account to test in our sandbox (yes, this is required to do this task), follow these simple steps:
On the Payeezy Developer Portal
1 – From wherever you are on the portal, select the ‘CERTS’ option in the top right.
2 – Here you can create your certificates for both sandbox and production environments. Creating a certificate is easy, just select the type of certificate you need, enter your app label and click "Add".
3 – Once you have created the certificate, go ahead and download it
For Apple Pay certificates
4 – Navigate to the Creating Certificates section of Apple's developer portal
5 – Follow the instructions on Apple's portal to upload the certificate from step 3. After successful upload, you will be able to transact with Payeezy. Refer to our SDK guide to integrate your app.
For US demo merchant accounts
AVS
In order to simulate an AVS response in the demo/test environment, you can set the first character of the address value to the desired AVS response code.
For example, setting the address value to "N123 Main St" for a transaction would simulate the AVS response code "N". If the transaction is processed under a terminal that has the "No match" AVS filter checked, the transaction will be declined due to failed AVS verification.
CVV2
In order to simulate a CVV2 response in the demo/test environment, you can set the first character of the verification value as follows:
| First Character | Example Verification Value | CVV2 Response | CVV2 Filter Name in RPM Terminal Administration |
| 1 | 123 | M | Card is authentic |
| 2 | 234 | N | CVV2 does not match |
| 3 | 345 | P | Card expiration not provided or card does not have valid CVD code |
| 4 | 456 | S | Merchant indicated that CVV2 is not present on card |
| 5 | 567 | U | Card issuer is not certified and/or has not provided visa encryption keys |
When you are using a regular credit card, our system ignores the card type sent and determines the card type based on the first digit of the card number. However, if you are using a TransArmor token instead of a card number, the system requires the card type, as the normal credit card number logic does not apply.
We recommend, and it is a good practice, that you do not create multiple certificates for the same app. However if you still need to, please contact us and we will help you.
No. You do not need multiple certificates in order to support multiple merchants. As a developer you will need to download one certificate initially that you will register your mobile app with the wallet provider. When you add merchants to your developer account under the "Merchants" tab, a corresponding merchant token will be generated and linked to your app. You can use your certificate for any of the merchants in your "Merchants" tab.
Note- All merchants need to have an acquiring relationship with First Data.
This issue is applicable to US merchants only. This error occurs when the ta_token is inaccurate. Ta_token is one of the parameters that is passed in a token request.
- If you are using the default sandbox merchant "Acme Sock", then use ta_token="NOIW"
- If you are processing live, then you will need to use the ta_token associated with your live merchant account.
- Login to https://globalgatewaye4.firstdata.com
- Navigate to Terminals tab and select your terminal
- Retrieve your transarmor token
Note: TransArmor® needs to be enabled for the merchant account. If it is not or if you are unsure, please contact your merchant account representative or +1 855 799 0790 to have it enabled.
A token is related only to the card number. The anatomy of a token doesn’t have any dependency on CVV, Exp date. If the card is expired the token still remains valid assuming that the new card that has been delivered to the consumer by the issuing bank has the same card number. If the card has been lost or stolen or has been cancelled by the issuing bank/consumer for any reason then the new card will have new number. In this scenario you have to re tokenize the card because the card number changed and it is entirely a new card.
If you want, you can delete the token from your data base at your end. Once the card is tokenized with Payeezy there is no need to update the exp date as long as the new card delivered has the same card number. If the card number changes ….well it is a new card and has to be tokenized again.
We recommend, and it is a good practice, that you do not create multiple certificates for the same app. However if you still need to, please contact us and we will help you.
This error message is usually caused when invalid data is passed to the API. Cross check the data you are passing with the sample data shown in the sandbox API pages.
- Check for spelling errors
- Check for completeness of the message body, make sure to include all the required key-value pairs
No. You do not need multiple certificates in order to support multiple merchants. As a developer you will need to download one certificate initially that you will register your mobile app with the wallet provider. When you add merchants to your developer account under the "Merchants" tab, a corresponding merchant token will be generated and linked to your app. You can use your certificate for any of the merchants in your "Merchants" tab.
Note- All merchants need to have an acquiring relationship with First Data.
Usually, this happens when the API credentials or Merchant token or js_security_key is incorrect:
- When testing in CERT environment
- Ensure that you are accessing the sandbox URL - https://api-cert.payeezy.com/v1/
- Ensure that the API is enabled for sandbox environment. Do this by going to My APIs and edit your API.
- Ensure that you are using the merchant token listed in the "My Merchants" page under the "Sandbox" tab.
- In tokenization requests, if applicable, ensure that you are using ta_token = 'NOIW'
- If you have added your own demo account via the Merchants tab, verify that the HMAC key and gateway password are accurately entered. (You can update this, if required, by re-adding your demo account)
- In PROD environment,
- Ensure that you are accessing the production URL - https://api.payeezy.com/v1/
- Ensure that the API is enabled for Live environment. Do this by going to My APIs and edit your API.
- If you have added your merchant account using the "Add merchant" form, make sure that the HMAC key and Gateway password are accurately entered. (You can update this, if required, by re-adding your merchant account)
- Ensure that you are using the merchant token listed in the "My Merchants" page under the Live tab.
This error message is usually caused when invalid data is passed to the API. Cross check the data you are passing with the sample data shown in the sandbox API pages.
- Check for spelling errors
- Check for completeness of the message body, make sure to include all the required key-value pairs
- Ensure that the values of API key, API secret, token, timestamp, nonce and data used in calculating HMAC match the corresponding values used in the HTTP headers.
- Ensure that the correct hashing algorithm is used.
- Ensure that the API key, API secret and merchant token are correctly entered without leading or trailing spaces.
- Ensure that the timestamp in the HTTP headers is in milliseconds and represents epoch time calculated from UTC time.
- Ensure that the timestamp in the HTTP header is within 5 minutes of our server time. This depends on your server time.
Sample code for generating HMAC is available in the "Docs and Sandbox" page and in Direct API repositories
Usually, this happens when the API credentials or Merchant token or js_security_key is incorrect:
- When testing in CERT environment
- Ensure that you are accessing the sandbox URL - https://api-cert.payeezy.com/v1/
- Ensure that the API is enabled for sandbox environment. Do this by going to My APIs and edit your API.
- Ensure that you are using the merchant token listed in the "My Merchants" page under the "Sandbox" tab.
- In tokenization requests, if applicable, ensure that you are using ta_token = 'NOIW'
- If you have added your own demo account via the Merchants tab, verify that the HMAC key and gateway password are accurately entered. (You can update this, if required, by re-adding your demo account)
- In PROD environment,
- Ensure that you are accessing the production URL - https://api.payeezy.com/v1/
- Ensure that the API is enabled for Live environment. Do this by going to My APIs and edit your API.
- If you have added your merchant account using the "Add merchant" form, make sure that the HMAC key and Gateway password are accurately entered. (You can update this, if required, by re-adding your merchant account)
- Ensure that you are using the merchant token listed in the "My Merchants" page under the Live tab.
| US | Europe | |
|---|---|---|
| Payment types | ||
| Credit Card | ✓ | ✓ |
| Gift Card | ✓ | - |
| eCheck | ✓ | - |
| German direct debit | - | ✓ (Germany only) |
| Paypal | ✓ | ✓ |
| Integrations | ||
| Payeezy JS | ✓ | ✓ |
| Payeezy JS + 3D Secure | ✓ | ✓ |
| Direct API | ✓ | ✓ |
| Apple Pay® | ✓ | ✓ (UK only) |
| Android Pay™ | ✓ | ✓ (UK only) |
| Android (native) | ✓ | ✓ |
| iOS (native) | ✓ | ✓ |
| Features | ||
| CVV | ✓ | ✓ |
| AVS | ✓ | ✓ |
| Soft descriptors | ✓ | ✓ |
| Level 2, 3 | ✓ | ✓ |
| 3DS processing | ✓ | ✓ |
| Dynamic currency conversion | ✓ | ✓ |
| Timeout reversals | ✓ | ✓ |
- Ensure that the values of API key, API secret, token, timestamp, nonce and data used in calculating HMAC match the corresponding values used in the HTTP headers.
- Ensure that the correct hashing algorithm is used.
- Ensure that the API key, API secret and merchant token are correctly entered without leading or trailing spaces.
- Ensure that the timestamp in the HTTP headers is in milliseconds and represents epoch time calculated from UTC time.
- Ensure that the timestamp in the HTTP header is within 5 minutes of our server time. This depends on your server time.
Sample code for generating HMAC is available in the "Docs and Sandbox" page and in Direct API repositories
If you want to process tokenized payments using multi-pay tokens, your account needs to be enabled with the appropriate service (TransArmor or Data Vault). Contact your merchant account representative or contact us for TransArmor/Data Vault enablement.
When you are using a regular credit card, our system ignores the card type sent and determines the card type based on the first digit of the card number. However, if you are using a TransArmor token instead of a card number, the system requires the card type, as the normal credit card number logic does not apply.
When you interface with the Payeezy.JS integration method, you never touch or save consumer’s credit card details. This diminishes the PCI burden on your end reducing your infrastructure costs, audit risks and many undesirable things while giving you complete control of check out process.
The process involves your web infrastructure serving up payment pages that fully control the checkout process. Once the consumer is ready to check out, has entered and confirmed their credit card information, and has hit the “pay” button, a Payeezy.js <script> tag included on the page intercepts the form and asynchronously posts the credit card details to our servers.
This call uses JSONP over https passing in a unique API key and identifier. Upon either authorization approval or a straight GetToken method, we will return a token and Payeezy.js will save the token information (instead of CC details) in a hidden form field on the checkout page and submit it your server. Your server will then submit the token to Payeezy to complete the transaction using the appropriate server side library via an API call using HMAC authentication over HTTPS.
Bottom line? This is the simplest, most secure and most flexible way to integrate your checkout pages with our payment capabilities.
Here’s why:
- You’ll have complete control over the look and feel of your checkout and payment pages as well as the entire checkout process.
- Throughout the entire process, you’ll never touch consumers’ credit card data.
- Interactions with our servers are highly secured, preventing “man in the middle” attacks.
- Consumers’ card data is tokenized, providing further protection of credit card data during the transaction.
This issue is applicable to US merchants only. This error occurs when the ta_token is inaccurate. Ta_token is one of the parameters that is passed in a token request.
- If you are using the default sandbox merchant "Acme Sock", then use ta_token="NOIW"
- If you are processing live, then you will need to use the ta_token associated with your live merchant account.
- Login to https://globalgatewaye4.firstdata.com
- Navigate to Terminals tab and select your terminal
- Retrieve your transarmor token
Note: TransArmor® needs to be enabled for the merchant account. If it is not or if you are unsure, please contact your merchant account representative or +1 855 799 0790 to have it enabled.
A CSR or a public key is required only if you are planning on processing payments through any of the mobile wallets (Apple Pay, Android Pay, etc.). If that is you, and you have already created a Payeezy account to test in our sandbox (yes, this is required to do this task), follow these simple steps:
On the Payeezy Developer Portal
1 – From wherever you are on the portal, select the ‘CERTS’ option in the top right.
2 – Here you can create your certificates for both sandbox and production environments. Creating a certificate is easy, just select the type of certificate you need, enter your app label and click "Add".
3 – Once you have created the certificate, go ahead and download it
For Apple Pay certificates
4 – Navigate to the Creating Certificates section of Apple's developer portal
5 – Follow the instructions on Apple's portal to upload the certificate from step 3. After successful upload, you will be able to transact with Payeezy. Refer to our SDK guide to integrate your app.
A token is related only to the card number. The anatomy of a token doesn’t have any dependency on CVV, Exp date. If the card is expired the token still remains valid assuming that the new card that has been delivered to the consumer by the issuing bank has the same card number. If the card has been lost or stolen or has been cancelled by the issuing bank/consumer for any reason then the new card will have new number. In this scenario you have to re tokenize the card because the card number changed and it is entirely a new card.
If you want, you can delete the token from your data base at your end. Once the card is tokenized with Payeezy there is no need to update the exp date as long as the new card delivered has the same card number. If the card number changes ….well it is a new card and has to be tokenized again.
OUr APIs are language agnostic, so choose any language you please (CURL, Java, Node, Python, Ruby, iOS, Android, etc) that lets you make a RESTful call. And we are always interested in hearing your thoughts on where else we could be focusing! Comment in our Forum to see what others are thinking.
Provisioning and acceptance for mobile wallets are enhancements to the many innovative solutions that First Data has introduced, including Payeezy. In addition to ensuring both Financial Institution and Acquiring platform readiness and compliance with Network requirements, First Data is helping Issuers participate in the In-App experience by provisioning their payment accounts with new mobile account provisioning and processing services.
Android Pay™ is a cloud-based service which enables merchants to create a frictionless checkout experience for buyers using Android devices. Android users securely store their payment and shipping information in their Google Wallet. At the time of checkout, with a single tap, users grant merchants access to their billing address, shipping address and payment token information. The merchants then use the payment information received to complete the purchase. For customers, this means a hassle-free and secure checkout experience while for merchants it means less abandoned carts and happy customers.
For in-app transactions, the merchant must integrate the Android Pay button using a Google Software Development Kit (SDK). Also, all US merchants must be subscribed to First Data’s TransArmor solution.
* Availability of Android Pay depends on merchant’s country of domicile. Click here to check availability.
Yes. We have a strong community of shopping carts and eCommerce software platforms who integrate with us. Learn more about these partners and how they are leveraging our APIs by visiting their websites!
| Shopping Carts | eCommerce Platforms | |
|---|---|---|
| Ecwid | CashKlick.com | |
| Spree webstore | Red Knight Marketing | |
| PictureCart | Micro Computer Systems | |
| ProductCart (Netsource) | Servers-Inc | |
| iVenue.com |
In addition to the partners who are integrated via the REST API, we also have partners who have integrated via our SOAP based APIs.
U.S. SOAP partner directory
U.K. SOAP partner directory
Becoming a Payeezy Partner is easy! Whether you are a developer and decide to integrate and certify your solution, or you are an eCommerce software provider and/or a shopping cart, you can decide which level of partnership is right for you. Once you become a payeezy partner, we will share our revenue with you whenever a merchant referred by you processes a transaction. Email us at eCommercePartners@firstdata.com to learn more about the benefits of these programs.
To do a partial refund, you would just specify the amount that you want to refund. Later, if you would like to refund the remaining portion, you can do so by specifying the remaining amount. In any refund transaction, you would reference the transaction id and transaction tag of the initial purchase or pre-authorization completion transaction.
You can accept the following currencies from your customers.
| Currency code | Currency Name | Currency code | Currency Name | Currency code | Currency Name | Currency code | Currency Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| AED | UAE Dirham | EGP | Egyptian pound | LRD | Liberian pound | SBD | Solomon islands dollar | |||
| AFN | New Afghani | ERN | Nafka | LSL | Maloti | SCR | Rupee | |||
| ALL | Lek | ESH | Moroccan Dirham | LTL | Litas | |||||
| AMD | New Ruble/Dram | ETB | Birr | LVL | Lats | SEK | Swedish Krona | |||
| ANG | Netherlands Antilles Guilder | EUR | Euro | MAD | Dirham | SGD | Singapore dollar | |||
| AOA | New Kwanza | FJD | Fiji dollar | MDL | Leu | SHP | St. Helena Pound | |||
| ARS | Argentinian Peso | FKP | Falkland island pound | MGA | Ariary | SLL | Leone | |||
| AUD | Australian dollar | FLK | Danish krone | MKD | Denar | SOS | Somali shilling | |||
| AWG | Guilder | GBP | Britain Pound Sterling | MMK | Kyat | SRD | Suriname Dollar | |||
| AZN | Manat | GEL | Lari | MNT | Tugrik | STD | Sao Tome Dobra | |||
| BAM | Convertible mark | GHS | Cedi | MOP | Pataca | SVC | El Salvador Colon | |||
| BBD | Barbados dollar | GIP | Gibraltar pound | MRO | Ouguiya | SZL | Lilangeni | |||
| BDT | Taka | GMD | Dalasi | MUR | Mauritius rupee | THB | Baht | |||
| BGN | Lev | GNF | Franc | MVR | Rufiya | TJS | Tanzanian Shilling | |||
| BIF | Burundi Franc | GTQ | Quetzal | MXN | Mexican peso | TMT | New Manat | |||
| BMD | Bermuda dollar | GYD | Guyana dollar | MYR | Rinngit | TOP | Pa'anga | |||
| BND | Brunei dollar | HKD | Hong Kong dollar | MZN | Metical | TRY | Turkish Lira | |||
| BOB | Bolivia Boliviano | HNL | Lempira | NAD | Namibian dollar | TTD | Trinidad and Tobago dollar | |||
| BRL | Brazilian Real | HRK | Kuna | NGN | Naira | TWD | New Taiwan Dollar | |||
| BSD | Bahamian dollar | HTG | Gourde | NIO | Cordoba | UAH | Ukrainian Hryvnia | |||
| BTN | Ngultrum | HUF | Hungary Forint | NOK | Norwegian Krone | UGX | Uganda Shilling | |||
| BWP | Pula | IDR | Rupiah | NOK | Norwegina Krone | USD | US Dollar | |||
| BYR | New Ruble | ILS | Shekel | NPR | Nepalese rupee | USD | US Dollar | |||
| BZD | Belize dollar | INR | Indian rupee | NZD | New Zealand dollar | UYU | Peso Uruguayo | |||
| CAD | Canadian dollar | ISK | Krona | PAB | Balboa | UZS | Sum | |||
| CDF | CFA Franc BEAC3 | JMD | Jamaican dollar | PEN | Nuevo Sol | VEF | Venezuela Bolivar Fuerte | |||
| CHF | Swiss Franc | JPY | Yen | PGK | Kina | VND | Vietnam Dong | |||
| CLP | Chilean Peso | KES | Kenyan shilling | PHP | Phillipine peso | VUV | Vatu | |||
| CNY | Yuan renminbi | KGS | New Ruble | PKR | Pakistani rupee | WST | Tala | |||
| COD | Congo franc | KHR | Riel | PLN | Polish New Zloty | XAF | CFA Franc BCEAO3 | |||
| COP | Colombian peso | KMF | Comoros Franc | PYG | Guarani | XCD | East Carribean dollar | |||
| CRC | Costa Rican Colon | KRW | Won | QAR | Qatar Rial | XOF | CFA Franc BCEAO2 | |||
| CVE | Cape verde escudo | KYD | Caymans island dollar | RON | Leu | XPF | CFA Franc | |||
| CZK | Koruna | KZT | Tenge | RSD | Serbian Dinar | YER | Rial | |||
| DJF | Djibouti franc | LAK | Kip | RUB | New Ruble | ZAR | Rand | |||
| DKK | Danish Krone | LBP | Pound | RWF | Rwanda Franc | ZMK | Kwacha | |||
| DOP | Dominican peso | LKR | Sri Lanka rupee | SAR | Saudi Riyal | ZWE | Zimbabwe dollar | |||
| DZD | Algerian Dollar |
Our Payeezy APIs support payments via credit cards of all major card associations (VISA®, Mastercard®, American Express®, Discover®, JCB® and Diners Club®), Paypal™, e-Check and gift cards. Additionally mobile payments from Apple Pay® and Android Pay™ can also be processed. And of course we will continue to lead the charge with new and innovative capabilities when available. Check back regularly for updates.
* Availability of certain payment methods depend on merchant’s domicile. Click here for details.
Our Payeezy APIs support all of the basic payment instructions you would expect in running your ecommerce business including purchases, authorizations, pre-authorizations, refunds, reversals, voids, split shipments and more. See our Docs & Sandbox area for more specifics.
* Availability of certain transactions depend on the payment methods available at the merchant’s domicile. Click here for details.
Absolutely! Coding for Split Shipment is easy. The authorization request is identical to any other authorization request that is used in instances that payment is not being requested upon authorization.
Here how it works: A merchant sends an authorization request for the total amount of the purchase. Then, upon shipment of one or more items, the merchant sends a follow-up transaction to request payment for the amount of the shipped items. The merchant will continue to send follow-up transactions until all items have been shipped. For example,
- An originating authorization request (for example transaction XYZ for total amount)
- Request for payment for shipped item(s) - transaction XYZ, amount, item 01 of 05 shipped (use 01 of 99 if total number is unknown)
- Repeat step two for each item shipped until final – transaction XYZ, amount, item 05 of 05 shipped (classifying it as 05/05 will let us know that this will close things out)
If the authorization has expired prior to the final shipment(s), then the merchant is instructed to send a re-authorization for the amount that has yet to ship. There is a response advice code as well in case anything changes with the card that was used as part of the original authorization.
Make sense? Of course you can dig into the details and test out some scenarios in our Docs & Sandbox area.
With e-commerce transactions, when a customer pays with a credit card, reading the data on the credit card is not an option. The e-commerce never sees the customer, let alone the physical card. The e-commerce customer’s signature cannot be obtained or compared to the signature on the back of the credit card. Considering that a cardholder can initiate a chargeback on a transaction, even though the issuing bank approved it, these inherent limitations place an e-commerce merchant at a distinct disadvantage compared to their brick-and-mortar counterparts. Luckily, the credit card industry introduced extra tools that allow e-commerce merchants to verify a credit card.
Address Verification System
The first tool e-commerce merchants have available is the Address Verification System or AVS for short. It’s a system that verifies an address provided by the cardholder with the address the bank has on record. Something to keep in mind is that AVS only checks the street address and the postal code.
It doesn’t check the street name.
It doesn’t check the city.
It doesn’t check the state.
It doesn’t check the country.
Even with the street address, it checks only the numbers, not the words or even the letters in the street address. The means if the street address is 2120 Midlake Drive, AVS only checks 2120. The customer could enter 2120 Midlake Drive or 2120 Elmer Fudd Drive, and AVS will return the same positive response. When submitting a credit card for approval, AVS will return a one-letter code to indicate the results. These codes are:
Y – The street address and the postal code match.
N – The street address and the postal code do not match.
Z – The street address doesn’t match, but the postal code does.
A – The street address matches, but the postal code does not.
Keep in mind that a bank will approve or decline a credit card independent of AVS. The issuing bank makes its decision without considering AVS. As an e-commerce merchant accepting a credit card for payment, the responsibility for considering the AVS results is solely yours. AVS is a tool for the merchant, not the bank.
Another aspect to consider with AVS is that it’s only supported by banks in the United States, Canada, and Great Britain. That means if your customer is using a credit card issued by Indonesia or Germany, AVS will not be applied to the transaction.
Card Security Code
The other tool e-commerce merchants have available to them is the Card Security Code. It’s often referred to as CVV2 or CID. On Visa, Mastercard, and Discover, it’s a 3-digit number located on the back of the card. With American Express, it’s a 4-digit number on the front of the card. A unique aspect of the security code is that the only place it appears is printed on the card. It’s not on the magnetic strip or the EMV chip. It doesn’t appear in the transaction information. It’s never used for face-to-face transactions. It’s against credit card industry rules for a merchant to record or retain this number. It’s only to be supplied by the cardholder at the time of the transaction.
When submitting a credit card for approval with a security code, the issuing bank will return a one-letter code to indicate the security code results. These codes are:
M – The code submitted matches.
N – The code submitted does not match.
P – Card expiration not provided or card does not have a valid security code.
S – Merchant indicated the security code is not present on the card.
U – Card issuer is not certified for card security code verification.
I – Card security code is invalid or empty.
As with AVS, the issuing bank will approve or decline a card regardless of the outcome of the card security code check. The responsibility for accepting the card for payment is placed solely on the merchant.
E-Commerce merchants should be highly suspicious of any credit card payment where the address and the card security code doesn’t match what the bank has in its records. Just because the bank approved it, doesn’t mean the transaction cannot be reversed in a chargeback. If a customer initiates a chargeback, and the transaction record shows that the address didn’t match or that the card security code didn’t match, the chargeback will almost always be decided for the cardholder.
Create an account with your email address to get access to our sandbox environment. It should take just 20 seconds.
If you are dealing with payments in any capacity, you absolutely should be concerned about PCI. We encourage all merchants to learn more about PCI DSS compliance, and to develop and implement a strategy to reduce and protect the cardholder data environment. And if you have further questions pertaining to PCI, please feel free to reach out to us.
How you view PCI will guide which integration makes the most sense for your business. There are several primary factors to consider: how much flexibility you want within your payments page, how risk averse your business is with respect to cardholder data, and whether or not you have the right IT resources.
Hosted Payment Page (HPP) or Hosted Checkout (HCO) - this integration method will offer you the quickest path to market for your payments page. In essence, we provide template payments pages that are hosted within our domain which will guarantee that you never have to touch cardholder data. Some configuration is available with respect to cascading style sheets, logo placement, etc.
Direct API - this integration method allows you to retain full control over branding & look and feel of your payments page. The page is fully within your domain, and you can design the page however you like including where you place payment entry fields. Once all necessary information is gathered just execute the instructions against our APIs. Since the page is within your domain, any responsibilities associated with collecting cardholder data and/or PCI compliance will also fall within your domain. Learn more.
Payeezy.js - this integration method offers the best of both worlds. Card entry fields execute a .js script that tokenizes the cardholder data within our domain such that you are never touching that information. And of course, you can still design the page however you like. Learn more.
Payeezy is dedicated to leading the charge when it comes to tokenization & encryption of data as a further means of protecting sensitive cardholder data and preventing theft of credit card information in storage. Whether you are looking for information on supporting the latest standards from the card associations replacing traditional account numbers with digital payment 'tokens' for online or mobile transactions, leveraging 3DS and encrypted tokens for in-app payments, or exploring our existing Transarmor/Data Vault tokenization capabilities, we've got you covered.
Specifics surrounding how this can be implemented can be found in our Docs & Sandbox area.
Payeezy users have access to the Transarmor® and Data Vault solutions which use tokenization technology to remove the need for merchants to store card data by replacing it with a randomly assigned number, called a 'token', after authorization. Furthermore this token enables multi-pay, allowing the ability to perform an authorized financial transaction under strict control measures within the merchant environment. The merchant submits a token that it already has on file for a specific consumer/card, and we retrieve the PAN to complete the transaction. By using this type of token in the payment authorization process, the merchant reduces the risk of having the real PAN stolen as it is being collected from the consumer.
Specifics surrounding how this can be implemented can be found in our Docs & Sandbox area.
Yes, Payeezy offers velocity controls. Depending on which region you are coding for, different controls are available that allow a merchant to monitor transaction flow, transactions by IP address, by card number, and amount right down to the hour.
Security & fraud prevention take on many forms with Payeezy. At its most basic level, our APIs support gateway level and network level tokenization, address verification (AVS), card verification (CVC), and 3-D Secure processing. Depending on your business need, other value-added capabilities can also be explored including fraud filters & scoring, velocity controls, encryption services and more.
Acceptance of payments from a mobile device will not impact TransArmor or Data Vault processing; they are complimentary transaction protection methods for handling mobile acceptance.
Most eCommerce developers are familiar with the concept of credit card vaults, which receive the PAN and replace it with a token to use instead. Many of the most popular providers use these vaults in their payment gateways including our TransArmor® and Data Vault solutions. This type lets users put credit cards on file and can be referred to as “gateway-side” tokenization. The defining characteristic of these tokens is that they’re scoped to a single merchant. They’re useful for a developer who wants to keep a credit card on file to enable low-friction transactions. But they don’t have the burden of securing and maintaining a database of PANs and the associated compliance issues.
With the onset of payments with mobile devices, a new form of tokenization emerged; one that is closely associated with EMV, and that payment networks such as Visa®, MasterCard®, Amex®, etc. built. This new form is referred to as “network-level” tokenization.
More on EMVCo specifications can be downloaded here.
Through our engagement with mobile wallet providers, we are intricately involved with network-level tokenization. Payeezy.com and, as a result, any developer coding in-app solutions on the Payeezy.com platform uses network-level tokenization.
Network-level tokens are very different. They are essentially aliases for PANs that are exchanged during an authorization by the network. In the case of the mobile wallet services, these tokens are provisioned (see below) into the device and used in authorization flows (further protected with 3-D Secure —see below).
Here’s the authorization flow when a network-side token is used:
The TransArmor® and Data Vault solutions are First Data's innovative technologies that employs a combination of end-to-end encryption and tokenization, solving for our merchant clients many of the vulnerabilities that exist in the payments-processing chain. When combined, encryption and tokenization provide an effective method for securing sensitive data throughout their lifecycle.
First Data's integrated token services supports issuing clients with cardholder protection. It replaces the personal account number (PAN) with a token (a proxy number) within a digital passbook or card-on-file merchant. The solution uses the token rather than the PAN between the merchant and the Brand (American Express®, MasterCard®, and Visa®). The token remains valid as long as the PAN is valid. The token is stored and maintained at the corresponding Brand, serving as the TSP.
Mobile payment software on supported devices will leverage Tokens to initiate transactions, eliminating the use of the card number within the transaction flow (from the merchant to the Acquirer and the Network). The Tokens are generated by the wallet provider and are stored either in the secure element or a host cloud. Both methods of token storage provide a high level of security. Authentication on the device is required (either biometric or pin based) for initiating the transaction and further secures against the possibility of fraudulent transactions being conducted on stolen devices.
On the acquiring side, merchants may also be eligible for transaction protection with the TransArmor® or Data Vault solutions. This protects all transactions – not just those from mobile payment transactions – with data encryption and tokenization throughout the payment journey.
If you have already tried our Docs & Sandbox area or collaborated with others in the Forums and still have questions, please contact us via email or give us a call at +1 855 799 0790 (US) or +44 (0) 1268-567136 (UK)
Payeezy strives to support all current versions and current version -1 of IE, Firefox and Chrome. If you have an issue with Payeezy on a specific browser, please contact us so we can take a look.
Contact Us
+1 855 799 0790 (US)
+44 (0) 1268 567136 (UK)
