Card Payment Flow

The checkout flow for an online card payment differs depending on a couple of factors such as whether or not you are tokenising the card, and what your scope of PCI DSS compliance is.

High level steps are for each method are outlined below:

Online Card Payment - Direct API Integration

A direct API integration is simply a single API call from your server to the Global Payments API.

Step 1: POST to the /transactions endpoint with the card Payment Instrument.

Step 2: Handle the response from the API and redirect the customer to an order confirmation page if approved, or back to the checkout to provide new payment details if declined.

Online Card Payment - Secure Panel

Secure Panel differs from a direct API integration, as the card details are being captured in an iframe hosted by Global Payments, rather than entered directly on your website.

Step 1: POST to the /tokens with a scope of securepanel.

Step 2: Pass the oneTimeToken obtained from the /tokens response into the Secure Panel JavaScript object and initialise the Secure Panel.

Step 3: The customer enters their card details into the Secure Panel. This triggers a callback function to let you know that the fields have been completed.

Step 4: POST to the /transactions endpoint, passing the oneTimeToken as the payment.instrument

Step 5: Handle the response from the API and redirect the customer to an order confirmation page if approved, or back to the checkout to provide new payment details if declined.