PayLolly Payment Gateway

The Payment Gateway is a PCI compliant payment solution covering all your needs and requirements

In general to integrate you have to choose an integration path, depending on your PCI level (https://listings.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf)

PCI Level Description
SAQ A CNP - outsourced - no electronic storage, processing, or tgransmission of any cardholder data on the merchant's system or premises'
SAQ A-EP E-Commerce - outsourced - website not receiving cardholder data but can impact the security of the payment transaction. No electronic storage, processing or tramission of any cardholded data on the merchant's systems or premises
SAQ B Physical - imprint with no electrnoic cardholded data storage or standalone dial-out terminals with no electronic cardholder data storage
SAQ B-IP Physical - standalone PTS approved payment terminals with an IP connection to the payment processor, with no electrnic cardholder storage
SAQ C No E-Commerce - payment application systems connected to the Internet with no electronic cardholder data storage
SAQ C-VT Merchants entering manual transaction via keyboard into a internet baset virtual terminal solution with no electronic cardholder data storage
SAQ D - Merchant If not classified above
SAQ D - Service Provider Gateway to gateway
SAQ P2PE No E-commerce - P2PE solution via payment terminals

API Call Category and PCI Level required

API PCI Level Description
Sync SAQ D Gives very low level API - requires external 3dsecure solution - sync payment is an API call which returns a completed outcome
Async SAQ D Gives very low level API - can utilise PayLolly 3dsecure solution - async payment is an API call which returns a redirected outcome to be determined later after cardholder interaction
Hosted SAQ A Gives high level API - automatically utilise PayLolly 3dsecure solution - Hosted payment is an API call which returns a redirected outcome to be determined later after cardholder interaction
Token SAQ D Gives low level API to tokenize cards
ThreeDS SAQ D Gives low level API to perform 3DS calls
TokenJS SAQ A+EP Gives low level API to tokenize cards via javascript
TokenJS + Sync SAQ A-EP Combining TokenJS and sync to allow SAQ A-EP implementation
TokenJS + Async SAQ A-EP Combining TokenJS and async to allow SAQ A-EP implementation
TokenJS + ThreeDS SAQ A-EP Combining TokenJS and async to allow SAQ A-EP implementation
TokenJS + ThreeDS + Sync SAQ A-EP Combining TokenJS and ThreeDS and Sync to have SAQ A-EP implementation
Note

Please note that SAQ levels get more intensive ie SAQ A is simpler to achieve than SAQ A-EP and SAQ D

Tip

We strongly suggest using Hosted, unless you have specific particular requirements to go for TokenJS + Async, or TokenJS + ThreeDS + Sync

Endpoint

Please choose appropriate endpoint depending on whether you are using LIVE or STAGING

Note

Please note that different endpoints require different keys and credentials

Warning

Please note that Staging endpoint does not actually process any transactions, ie no funds are sent / received, and has no connectivity to actual card networks.

API

API is compliant with swagger to enable rapid API prototyping and calls
See your programming language documentation for importing swagger definitions
Alternatively, you can hardcode the requests
Examples for hardcoding are possible using the Endpoint URL and try it out

Warning

Remember to authenticate using the MerchantKey

Api swagger definition

API Key

Please add header MerchantKey to all your requests to authenticate

using (var requestMessage =
            new HttpRequestMessage(HttpMethod.Get, "https://APIURL"))
{
    requestMessage.Headers.Authorization =
        new AuthenticationHeaderValue("MerchantKey", your_key);

    await httpClient.SendAsync(requestMessage);
}