Paytend Pay

Paytend Pay API provides acquiring merchants with a convenient and fast access method to connect to the Paytend payment gateway to support multiple payment methods. These payment methods include major bank card payments such as Mastercard, Visa, UPI, Discover, American Express (AM), as well as various local payment methods (APM), such as WeChat Pay, UnionPay Pay, and cryptocurrency payments. Way. Through the Paytend Pay API, merchants can easily expand payment options and provide more convenient payment methods to their customers.

Paytend Pay API supports multiple payment methods, including but not limited to the following:

2.1 Bank card payment

• Mastercard
• Visa
• UPI
• Discover
• American Express (AM)

2.2 Local Instant Payment Method (APM)

• WeChat Pay
• UnionPay payment (applicable to Chinese market)
• Other local instant payment methods around the world (multiple supported depending on region)

2.3 Cryptocurrency payments

• Cryptocurrency Payment: Supports multiple major cryptocurrencies, such as Bitcoin, Ethereum, etc., to meet the needs of digital payments.

Paytend Pay API provides the following main functions for merchants to easily access and manage payment methods:

3.1 Quick access

• Quick Access: Simplifies the access process, allowing merchants to quickly access the Paytend payment gateway, reducing the complexity of technical integration.

3.2 Multiple payment methods support

• Multiple payment methods support: Through a single interface, merchants can access multiple payment methods to provide customers with more payment options.

3.3 Secure payment

• Secure Payment: Paytend Pay API adopts advanced security measures to ensure that customers' payment information is protected and meets the security standards of the payment industry.

3.4 Accepting Payments on Your Website with Embedded Payment Forms

Embedded Payment Forms allow you to securely process payment details on your website while maintaining compliance with industry standards. Customers can input their card details directly into a secure form, and the system will generate a token representing the payment information. This token can then be used to process the payment request.

Who Should Use Embedded Payment Forms?

Embedded Payment Forms are ideal for businesses that:

• Are not currently compliant with PCI security standards.
• Want a fast and customizable solution for integrating payment forms.
• Seek an additional payment method to complement their existing online setup.

How It Works

• Integrate the embedded payment form into your website.
• Customers securely enter their payment details on your checkout page.
• The system processes sensitive payment information and provides a token representing these details. This process is called tokenization.
• Use this token to submit a payment request via the payment API.

What Is Tokenization?

Tokenization is the process of securely collecting sensitive payment details and converting them into a short-term, single-use token. This token represents the payment information without exposing the sensitive data. Since the service provider handles all sensitive information, PCI compliance is managed on their end. You use the token to initiate payments through a unified API.

Instructions for Integration

• Download and Review Code**: Obtain the example code file, PPayIframe.zip, unzip it, and carefully review its code and comments.
• Logic of Core Code: Invoke the init method of PPayFrame with sessionId, merchantId, and url to initialize the PPayFrame component. (Both test and production URLs are available.)
• Custom Events: There are two events—paymentSuccess and paymentFailed—that you can use to implement your logic accordingly.
• Pay attention to: Ensure that the sessionId (a unique identifier for the session) is properly generated to prevent conflicts. The merchantId (your unique merchant code) must be included.
• Include the Required Fields: When submitting the form, make sure the cardToken field is included. Refer to the API documentation for further details.

This solution helps you simplify payment acceptance while maintaining security and compliance.

Detailed access and integration documentation will be provided on the Paytend official website, including information such as API endpoints, authentication, request examples, and response examples. Merchants can access according to the documents and customize the integration according to their needs.

4.1 Interface communication method

• Communication Method

  Communicate using HTTPS, the message format is JSON

• Character Set

  Messages are uniformly encoded in UTF-8

4.2 Signature verification field description

• bizData: Encrypted by randomly generated AES KEY.
• randomKey: AES KEY is encrypted by Paytend public key.
• signature: The signature source string is composed of all non-empty field contents except the signature field, sorted according to the ASCII code of the message field, and connected with the "&" symbol in the manner of "field name = field value".
  • for example: Send SMS verification code to request data

{
  "randomKey":"qeM/mnvepEv5MFe7n77brQ==",
  "requestId":"20231025102930718",
  "signType":"RSA",
  "bizData":{
    "mobile":"13261402222",
    "type":"1"
  },
  "partnerId":"888666000100260",
  "version":"2.0"
}

The signature source string signature is as follows. The signature source string uses the partner RSA private key signature to generate the signature.

bizData={"mobile":"8613261402222","type":"1"}&partnerId=888666000100260&randomKey=gNx86vc1yttHs8ZWOf7+5g==&requestId=20231025095118321&signType=RSA&version=2.0

• Precautions
  • The signature algorithm of RSA is SHA256withRSA.
  • The maximum encrypted plaintext length of RSA is 117.
  • The maximum decryption ciphertext length of RSA is 128.
  • The signature field in the request data is generated by the Partner RSA private key signature.
  • The signature field in the response data is generated by the Paytend RSA private key signature.
  • randomKey and bizData plain text participate in the signature.
  • For specific implementation, please refer to the Sandbox demo in Support and Contact
  • When decrypting the returned data or verifying the signature, you need to first determine whether the field has a value. Some errors will not result in a signature, such as: The request field type is wrong.

4.3 Precautions:

Cardholder ID: EEA region supports passport or ID card. Other regions only support passport. Cardholder photo information must correspond to cardholder information (idnoType).

4.4 Main interface calling process：

• Payment.

• Cancel. Cancellation can be initiated within 24 hours. UnionPay transactions can be canceled before 23:00 Beijing time on the same day.

• Refund. Partial returns can be initiated.

  • Return conditions
    • Transactions within 180 days can be returned
    • The consumption transaction on the day is greater than the return amount

• Submit logistics information

• Upload logistics file

• Dictionary
• MCC list
• List of country (region) and city
• Sandbox demo
• Error code msg

Payment Controller

Pos Payment Controller

Wave Web Hook Controller