Server-to-server
Key Requirements and Flow
Step 1: Achieve PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard designed to protect payment data from fraud and theft.
Any merchant processing card payments must validate their compliance annually.
To certify your compliance, you must provide tZero Pay with the following documentation:
- ASV Scan Report: Required for all merchants. This is a vulnerability scan performed by an Approved Scanning Vendor.
- Self-Assessment Questionnaire (SAQ): For merchants processing up to 6 million transactions annually. This is a self-evaluation of your security controls.
- Attestation of Compliance (AOC): For merchants processing over 6 million transactions annually. This is a formal document signed by a Qualified Security Assessor (QSA).
For more information on the PCI certification procedure, visit the PCI DSS website.
Once your business is PCI DSS compliant, you can process payments and card data safely.
Step 2: Collect and Submit Payment Data
In this integration mode:
- The customer enters their credit card details directly on your website.
- Your server must be PCI DSS certified to securely collect this data.
- You then send the encrypted payment details directly to the tZero Pay server using a
POSTrequest.
Once submitted:
- tZero Pay will respond with a unique URL.
- Redirect the customer to this URL to finalize the payment.
- After completion, they will be returned to a predefined URL on your site.
- Real-time confirmations are provided via callbacks or email notifications.
Step 3: Obtain a Secret Key
Refer to this section
Step 4: Use the Secret Key in API Requests
Include the secret key in the Authorization header for all API requests:
POST /payment/authorise
Host: sandboxurl
X-Secret-Key: sk_8e5f700cfdde447ea9b651736dec3e5f
Content-Type: application/jsonAuthorization API Request
Example of a Direct API server call:
{
"channel": "assigned_ref...",
"amount": 100,
"currency": "USD",
"device_info" : {
// will be different for in-app vs web
"ip_address": "1.2.3.4",
"accept_header": "text/html",
"screen_colorDepth": "48",
"javaEnabled": "false",
"language": "en",
"screenHeight": "1200",
"screenWidth": "1600",
"timezone": "60",
"challengeWindow": "4",
"userAgent": "Mozilla/4.0 (MSIE 6.0; Windows NT 5.0)"
}
"reference": "merchant_txn_ref",
"metadata": {
"key_1": "value_1",
"key_2": "value_2"
},
"customer": {
"reference": "abc123",
"email": "[email protected]",
"name": "customer name",
"phone": "12"
},
"payment_method": {
"type": "card",
//payment method vairant here...
},
"payment_data": {
"payment_type": "cit",
"payment_sub_type": "recurring-initial",
"credential_on_file": true,
"industry_usage": "none",
"previous_network_reference": "scheme_txn_id",
"previous_payment_id": "internal_payment_id"
},
"capture": "auto",
"capture_delay": "1d",
"billing_details" : {
"name" : {
"first_name" : "",
"last_name" : "",
"middle_name" : "",
},
"email": "[email protected]",
"phone": {
"country" : "",
"number" : ""
},
"address": "123 Main St",
"city": "New York",
"country": "US",
"line_1_address": "123 Main St",
"line_2_address": "Apt 4B",
"postal_code": "10001",
"state": "NY"
},
"shipping_details" : {
"name" : {
"first_name" : "",
"last_name" : "",
"middle_name" : "",
},
"email": "[email protected]",
"phone": {
"country" : "",
"number" : ""
},
"address": "123 Main St",
"city": "New York",
"country": "US",
"line_1_address": "123 Main St",
"line_2_address": "Apt 4B",
"postal_code": "10001",
"state": "NY"
},
}
Payment Method Variants
Card Json
{
"number": "4242424242424242",
"expiry_month": 12,
"expiry_year": 2077,
"cvc": "012",
"name" : {
"first_name" : "",
"last_name" : "",
"middle_name" : "",
},
"store_for_future_use": true
}
- For Full Details, refer to the API Reference section
Updated about 2 months ago