Overview

Version 1.0

The Smartpay Fuse REST API provides all the features required for a seamless backend integration into our payment processing and order management system. It allows you to initiate and manage transactions, as well as perform certain key administrative functions.

The REST API is our strategic interface and is the future single point of integration for Smartpay Fuse.

You can use the REST API on its own to process a transaction if you capture cardholder details directly on your own site. Alternatively, you can use the API to progress and manage transactions that have been performed using the Secure Acceptance Hosted Checkout or initiated using Flex Microforms solutions.

This guide will provide you with an introduction to the REST API, it’s key features and benefits, API integration flows, and some important information about PCI compliance that you should consider before handling cardholder details yourself.

To get going with the REST API, the following steps are required at a minimum:

  • Choose a method of authentication: shared secret and certificate based. Both are legitimate authentication options, select the option that best fits with your experience and estate.
  • Formulate your REST API requests:
    • Pass order and card data to Smartpay Fuse using the REST API to initiate a payment.
    • Integrate 3D Secure (payer authentication) if implementing ecommerce transactions.
  • Perform appropriate testing to validate your integration.


Review each Key information section below to gain a deeper understanding of the REST API and the scenarios and functionality it enables. Consider this information carefully before starting integration and ensure that a direct integration is right for your use case; it may be that our other integration options will work equally well for you, providing the right functionality with less direct implementation effort.

Key information

  • Full control of your user experience
  • Full control over the payment process
  • Suitable for web and mobile journeys
  • Access all features of the Smartpay Fuse platform
  • Use this API to complete transactions started with Plugin, Virtual Terminal, Hosted Checkout and Flex Microform Hosted Field integrations

Direct REST API integration is one integration option available for you to start accepting payments on your site. It exists alongside the other key integration options offered by Smartpay Fuse, each of which offers a subtly different range of capabilities. Before starting integration, it is important to ensure that the option you select provides the right features to meet your business needs.

The table below compares and contrasts the key features of Smartpay Fuse and how these are supported by the different integration options.

 Features  Virtual Terminal (in EBC *1)  Plugins (eCommerce platforms)   Hosted Payment Page   Direct API Integration (REST API Only)   Hosted Fields (Flex Microform + REST API) 
 PCI overhead SAQ C-VT Mixed *2 SAQ A SAQ D SAQ A *3
 Transaction Types  
  • Auth only
yes yes (all plugins) yes yes yes *7
  • Auth and capture
yes yes (all plugins) yes yes yes *7
  • Tokenise card (Credentials on file) 
yes yes yes *4 yes yes *7

 CIT (initial/subsequent)

yes yes yes *4 yes yes *7

MIT (continuous authority)

no some *6 no yes yes *7
  • Refund (standalone)
yes *8 some *6 via REST API & EBC*1 yes yes *7
  • Refund (existing transaction)
yes yes (all plugins) via REST API & EBC*1 yes yes *7
  • Reversal
yes yes (all plugins) via REST API & EBC*1 yes yes *7
  • Capture of standalone auth
no yes (all plugins) via REST API & EBC*1 yes yes *7
 3D Secure Payer Authentication (v2)  n/a yes (all plugins) yes yes yes *7
 Account validation / verification n/a some *6 yes yes yes *7
 Basic fraud check rules *5 yes yes (all plugins) yes yes yes *7
 Low value exemptions n/a no yes yes yes *7
 AVS/CSC auto reversal/blocking yes *8 yes *6 *8 yes *8 yes *8 yes *7*8
 Digital wallets / APMs  
  • Apple Pay
n/a some *6 no yes no *7
  • Google Pay
n/a some *6 no yes no *7
 Card types supported  
  • Visa
yes yes yes yes yes
  • Mastercard
yes yes yes yes yes
  • Amex
yes *8 yes *8 yes *8 yes *8 yes *8
 Channels  
  • eCommerce
no yes yes yes yes *7
  • Moto
yes some *6 yes *8 yes yes *7

If the capability you need is not supported by direct REST API integration, then you should consider one of the alternate integration options.

For more information on each of the options please see the following Quick Start guides:

 

  •  eCommerce Platform Pluginseasy integration to supported eCommerce platforms
  • Virtual Terminalno integration required, servicing agents can take payments using our back office portal
  • Hosted Fieldscapture individual payment card details as PCI safe fields
  • Hosted Paymentminimal integration, initiate the payment page & it takes care of the whole payment flow

If you have any questions about the Direct Integration REST API or its suitability for your needs then please don’t hesitate to get in contact.

Notes:
*1 - EBC is our back-office servicing portal; the Enterprise Business Center.
*2 - Different plugins use different integration methods. Please see te Hosted Payment Page, Hosted Fields (Flex Microform) and REST API guides for more details on the PCI implications of those integration approaches. If you are in any doubt about PCI, please get in contact.
*3 - SAQ A when using Flex Microforms to tokenize from web-applications.
*4 - Secure Acceptance Hosted Checkout can create tokenise from initial CIT transactions that can be used for subsequent CIT transactions.
*5 - Basic velocity rules via Decision Manager only available to SME clients; advanced fraud check and TRA on a case by case base.
*6 - Only available on some of our plugins, please see individual plugin solution pages.
*7 - Flex Microform simply allows card numbers to be tokenised in a PCI safe way; using the resulting transient token to process or manage the transaction is done with the direct integration REST API.
*8 - These features are not enabled out of the box and need further configuration by support teams, please contact support.

Using the REST API to take payments exposes the full capability of the Smartpay Fuse platform and offers your full control over the payment flow and processing. You will need to capture the cardholder details in your own front-end applications and relay cardholder details through your own back-end system to initiate the payment process with Smartpay Fuse. While this offers you a good level of control over the payment flow, you should be aware that if you choose to capture card details and pass them to Smartpay Fuse, then those card details will be passing through your own back-end service. This may bring your service in to scope of PCI compliance, level SAQ D, and should be carefully considered. Please see the PCI considerations section below for more details. Please get in contact if you are considering this integration approach so our technical and sales support teams can ensure you are fully aware of implementation processes, overheads, costs and compliance requirements.

 

The following flow illustrates the stages of the payment flow when using the REST API:

 

Please see the Getting Started section below for step by step instructions on how to use the REST API.

PCI overheads vary depending how you use the REST payments API:

 

  • If you capture card details on your own webpages and pass those to Smartpay Fuse using the REST API then card details will pass through your system and network. In this case, using the REST API will incur the highest PCI overhead of SAQ D.
  • If you tokenize card details using the Flex Microform Hosted Fields solution, cardholder data will have already been exchanged with Smartpay Fuse and the use of the REST API will not require you to pass cardholder data through your service and network. In this case, you will incur the lowest PCI overhead of SAQ A.

 

Consider how you will collect cardholder data as this will have an impact on the compliance requirements that you will be obliged to meet.

If you have any questions or concerns about the PCI implications of using the REST API for Direct Integration then please don’t hesitate to get in contact.

Getting started

Further information



The full REST API integration guide can be found here

Smartpay Fuse REST API reference and request builder here

Process a payment request builder here

GitHub REST repositories list: Java, C#, PHP, NodeJS, Ruby, Python

Test card numbers and the testing guide here

Payer authentication test card numbers and use cases here

Implementing Payer Authentication Direct REST API here

Apple Pay Integration using REST API here

Google Pay Integration using REST API here

If you have any questions about the REST API its suitability for your needs then please don’t hesitate to get in contact.