Version 1.0
The Smartpay Fuse REST API provides all the features required for a seamless backend integration into our payment processing and order management system. It allows you to initiate and manage transactions, as well as perform certain key administrative functions.
The REST API is our strategic interface and is the future single point of integration for Smartpay Fuse.
You can use the REST API on its own to process a transaction if you capture cardholder details directly on your own site. Alternatively, you can use the API to progress and manage transactions that have been performed using the Secure Acceptance Hosted Checkout or initiated using Flex Microforms solutions.
This guide will provide you with an introduction to the REST API, it’s key features and benefits, API integration flows, and some important information about PCI compliance that you should consider before handling cardholder details yourself.
To get going with the REST API, the following steps are required at a minimum:
Review each Key information section below to gain a deeper understanding of the REST API and the scenarios and functionality it enables. Consider this information carefully before starting integration and ensure that a direct integration is right for your use case; it may be that our other integration options will work equally well for you, providing the right functionality with less direct implementation effort.
Direct REST API integration is one integration option available for you to start accepting payments on your site. It exists alongside the other key integration options offered by Smartpay Fuse, each of which offers a subtly different range of capabilities. Before starting integration, it is important to ensure that the option you select provides the right features to meet your business needs.
The table below compares and contrasts the key features of Smartpay Fuse and how these are supported by the different integration options.
Features | Virtual Terminal (in EBC *1) | Plugins (eCommerce platforms) | Hosted Payment Page | Direct API Integration (REST API Only) | Hosted Fields (Flex Microform + REST API) |
---|---|---|---|---|---|
PCI overhead | SAQ C-VT | Mixed *2 | SAQ A | SAQ D | SAQ A *3 |
Transaction Types | |||||
|
yes | yes (all plugins) | yes | yes | yes *7 |
|
yes | yes (all plugins) | yes | yes | yes *7 |
|
yes | yes | yes *4 | yes | yes *7 |
CIT (initial/subsequent) |
yes | yes | yes *4 | yes | yes *7 |
MIT (continuous authority) |
no | some *6 | no | yes | yes *7 |
|
yes *8 | some *6 | via REST API & EBC*1 | yes | yes *7 |
|
yes | yes (all plugins) | via REST API & EBC*1 | yes | yes *7 |
|
yes | yes (all plugins) | via REST API & EBC*1 | yes | yes *7 |
|
no | yes (all plugins) | via REST API & EBC*1 | yes | yes *7 |
3D Secure Payer Authentication (v2) | n/a | yes (all plugins) | yes | yes | yes *7 |
Account validation / verification | n/a | some *6 | yes | yes | yes *7 |
Basic fraud check rules *5 | yes | yes (all plugins) | yes | yes | yes *7 |
Low value exemptions | n/a | no | yes | yes | yes *7 |
AVS/CSC auto reversal/blocking | yes *8 | yes *6 *8 | yes *8 | yes *8 | yes *7*8 |
Digital wallets / APMs | |||||
|
n/a | some *6 | no | yes | no *7 |
|
n/a | some *6 | no | yes | no *7 |
Card types supported | |||||
|
yes | yes | yes | yes | yes |
|
yes | yes | yes | yes | yes |
|
yes *8 | yes *8 | yes *8 | yes *8 | yes *8 |
Channels | |||||
|
no | yes | yes | yes | yes *7 |
|
yes | some *6 | yes *8 | yes | yes *7 |
If the capability you need is not supported by direct REST API integration, then you should consider one of the alternate integration options.
For more information on each of the options please see the following Quick Start guides:
If you have any questions about the Direct Integration REST API or its suitability for your needs then please don’t hesitate to get in contact.
Notes:
*1 - EBC is our back-office servicing portal; the Enterprise Business Center.
*2 - Different plugins use different integration methods. Please see te Hosted Payment Page, Hosted Fields (Flex Microform) and REST API guides for more details on the PCI implications of those integration approaches. If you are in any doubt about PCI, please get in contact.
*3 - SAQ A when using Flex Microforms to tokenize from web-applications.
*4 - Secure Acceptance Hosted Checkout can create tokenise from initial CIT transactions that can be used for subsequent CIT transactions.
*5 - Basic velocity rules via Decision Manager only available to SME clients; advanced fraud check and TRA on a case by case base.
*6 - Only available on some of our plugins, please see individual plugin solution pages.
*7 - Flex Microform simply allows card numbers to be tokenised in a PCI safe way; using the resulting transient token to process or manage the transaction is done with the direct integration REST API.
*8 - These features are not enabled out of the box and need further configuration by support teams, please contact support.
Using the REST API to take payments exposes the full capability of the Smartpay Fuse platform and offers your full control over the payment flow and processing. You will need to capture the cardholder details in your own front-end applications and relay cardholder details through your own back-end system to initiate the payment process with Smartpay Fuse. While this offers you a good level of control over the payment flow, you should be aware that if you choose to capture card details and pass them to Smartpay Fuse, then those card details will be passing through your own back-end service. This may bring your service in to scope of PCI compliance, level SAQ D, and should be carefully considered. Please see the PCI considerations section below for more details. Please get in contact if you are considering this integration approach so our technical and sales support teams can ensure you are fully aware of implementation processes, overheads, costs and compliance requirements.
The following flow illustrates the stages of the payment flow when using the REST API:
Please see the Getting Started section below for step by step instructions on how to use the REST API.
PCI overheads vary depending how you use the REST payments API:
Consider how you will collect cardholder data as this will have an impact on the compliance requirements that you will be obliged to meet.
If you have any questions or concerns about the PCI implications of using the REST API for Direct Integration then please don’t hesitate to get in contact.
The full REST API integration guide can be found here
Smartpay Fuse REST API reference and request builder here
Process a payment request builder here
GitHub REST repositories list: Java, C#, PHP, NodeJS, Ruby, Python
Test card numbers and the testing guide here
Payer authentication test card numbers and use cases here
Implementing Payer Authentication Direct REST API here
Apple Pay Integration using REST API here
Google Pay Integration using REST API here
If you have any questions about the REST API its suitability for your needs then please don’t hesitate to get in contact.