PayLolly Payment Gateway
The Payment Gateway is a PCI compliant payment solution covering all your needs and requirements
In general to integrate you have to choose an integration path, depending on your PCI level (https://listings.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf)
PCI Level | Description |
---|---|
SAQ A | CNP - outsourced - no electronic storage, processing, or tgransmission of any cardholder data on the merchant's system or premises' |
SAQ A-EP | E-Commerce - outsourced - website not receiving cardholder data but can impact the security of the payment transaction. No electronic storage, processing or tramission of any cardholded data on the merchant's systems or premises |
SAQ B | Physical - imprint with no electrnoic cardholded data storage or standalone dial-out terminals with no electronic cardholder data storage |
SAQ B-IP | Physical - standalone PTS approved payment terminals with an IP connection to the payment processor, with no electrnic cardholder storage |
SAQ C | No E-Commerce - payment application systems connected to the Internet with no electronic cardholder data storage |
SAQ C-VT | Merchants entering manual transaction via keyboard into a internet baset virtual terminal solution with no electronic cardholder data storage |
SAQ D - Merchant | If not classified above |
SAQ D - Service Provider | Gateway to gateway |
SAQ P2PE | No E-commerce - P2PE solution via payment terminals |
API Call Category and PCI Level required
API | PCI Level | Description |
---|---|---|
Sync | SAQ D | Gives very low level API - requires external 3dsecure solution - sync payment is an API call which returns a completed outcome |
Async | SAQ D | Gives very low level API - can utilise PayLolly 3dsecure solution - async payment is an API call which returns a redirected outcome to be determined later after cardholder interaction |
Hosted | SAQ A | Gives high level API - automatically utilise PayLolly 3dsecure solution - Hosted payment is an API call which returns a redirected outcome to be determined later after cardholder interaction |
Token | SAQ D | Gives low level API to tokenize cards |
ThreeDS | SAQ D | Gives low level API to perform 3DS calls |
TokenJS | SAQ A+EP | Gives low level API to tokenize cards via javascript |
TokenJS + Sync | SAQ A-EP | Combining TokenJS and sync to allow SAQ A-EP implementation |
TokenJS + Async | SAQ A-EP | Combining TokenJS and async to allow SAQ A-EP implementation |
TokenJS + ThreeDS | SAQ A-EP | Combining TokenJS and async to allow SAQ A-EP implementation |
TokenJS + ThreeDS + Sync | SAQ A-EP | Combining TokenJS and ThreeDS and Sync to have SAQ A-EP implementation |
Note
Please note that SAQ levels get more intensive ie SAQ A is simpler to achieve than SAQ A-EP and SAQ D
Tip
We strongly suggest using Hosted, unless you have specific particular requirements to go for TokenJS + Async, or TokenJS + ThreeDS + Sync
Endpoint
Please choose appropriate endpoint depending on whether you are using LIVE or STAGING
- Staging - https://api.stg.paylolly.app
- Live - https://api.paylolly.app
Note
Please note that different endpoints require different keys and credentials
Warning
Please note that Staging endpoint does not actually process any transactions, ie no funds are sent / received, and has no connectivity to actual card networks.
API
API is compliant with swagger to enable rapid API prototyping and calls
See your programming language documentation for importing swagger definitions
Alternatively, you can hardcode the requests
Examples for hardcoding are possible using the Endpoint URL and try it out
Warning
Remember to authenticate using the MerchantKey
Api swagger definition
- Staging - https://api.stg.paylolly.app/swagger/v1.0/swagger.json
- Live - https://api.paylolly.app/swagger/v1.0/swagger.json
API Key
Please add header MerchantKey to all your requests to authenticate