Additional Guidance for Specific Payment Gateways

Some of the payment gateways require additional parameters to be sent, or they offer optional functionality. The list below highlights the specific requirements of each such payment gateway. Any gateway not listed here uses the standard request.

Unique Requirements Per Payment Gateway

3GDirectPay

• CompanyID and ServiceType credentials are required; the Company Token also selects sandbox vs production.
• isDigitalGoods sets the service description sent to the processor.
• No real-time Void — an authorisation can only be cancelled before its Payment Time Limit lapses, and a paid transaction cannot be cancelled. Refunds are testable in production only.

Adyen

• The ShopperInteraction parameter specifies the sales channel through which the shopper provides their card details, and whether they are a returning customer. For POS accounts set this to Ecommerce (also the default).

AdyenCheckout

• ShopperInteraction and RecurringProcessingModel may be supplied; Currency acts as the fallback currency for stand-alone tokenization.

Airwallex

• OrderDesc sets the statement descriptor.
• Any keys in the Parameters object are passed through to the gateway as metadata.
• The CustomerID credential is required in order to tokenize.

AMEX

• The myRef parameter is required and must contain 6 or more characters (only the first 6 are used as the trace number).
• No Charge and no Refund operations — use PreAuth + Capture, and Void to reverse.

Authorize.Net

• The ECCenabled parameter is only relevant to refund requests; it indicates whether PCI Booking sends the full card details with the request. When set to False, customers cannot perform refunds later than 120 days after the original charge.

Azul

• A client certificate must be configured on the account.

BAC

• TerminalID, Username and Password credentials are required (Live also needs the service API URL).
• CVV is mandatory (manual-entry mode). Integration documentation is private — you must be a BAC Credomatic bank customer.

Better

• Credentials: APIKey, PartnerId, MerchantId.
• OrderDesc may be supplied.
• Tokenisation only happens within a Charge/PreAuth — there is no stand-alone Tokenize call.

BML

• Only Charge and Void operations are supported.

Bold

• OrderDesc sets the payment description.
• No PreAuth / Capture.
• Partial refund is not supported.

Borgun

• The myRef parameter must be exactly 12 characters, using A–Z and 0–9 only.

BorgunBGateway

• The myRef parameter must be exactly 12 characters, using A–Z and 0–9 only.

CardNet

• Only Charge and Void operations are supported.
• Partial refund is not supported.

CardStream

• OrderDesc provides an additional description / order reference for the payment.
• Set TransactionType to MOTO to allow charging without CVV.
• Refund is only possible after the transaction has settled (ACCEPTED).

CaterPay

• OrderDesc provides an additional description related to the order the payment is for (CardStream white-label).
• Set TransactionType to MOTO to allow charging without CVV.

CCV

• The Language credential must be one of eng, nld, deu, fra.
• OrderDesc may be supplied; the AuthExemption credential is also available.

Checkout

• Credentials: SecretKey, PublicKey, URLPrefix (acquirer URL prefix); ProcessingChannelId is optional.
• OrderDesc may be supplied.

Credorax

• OrderDesc is sent only when longer than 4 characters.
• VoidType may be AuthVoid (default), CaptureVoid or SaleVoid.
• PCI Booking's integration is certified with Credorax, so no extra certification step is required of you.

Datatrans

• Tokens are created only via a dedicated Tokenize call — not within a Charge/PreAuth.

DECTA

• Refund is only possible within 30 days of payment; partial refund is not supported.

DLocal

• SplitAccounts (marketplace split payments) and NotificationURL may be supplied.

Easebuzz

• SURL and FURL credentials (success/failure return URLs) are used by the form-charge flow.
• Hosted OTP/redirect (form-charge) flow; supports UPI.

Eigen

• APPID, EPAKey and NodeID credentials are required.

Elavon

• The PaymentGateway object must include the RebatePWD parameter containing the rebate (refund) password.
• Refund is allowed up to 115% of the original; the original currency must match.

ElavonConvergePay

• Do not send a currency — the account is single-currency and supplying a currency value will error.

ElavonFusebox

• Credentials: ClientId, ClientSecret, Chain, Location, Terminal (OAuth).
• OrderDesc may be supplied.

ePDQ

• The merchant IP must be whitelisted in the ePDQ back-office.
• A sale cannot be voided (refund only), and partial refund is not supported.

eWAY

• PayerDetails.ClientIPAddress is required.

FatZebra

• Username and APIToken credentials are required.
• Payer details are required on Charge/PreAuth — PayerDetails.ClientIPAddress is sent as the customer IP.

FirstData

• Payeezy / Fiserv REST gateway — distinct from FirstDataIPG (the SOAP IPG gateway that needs a client certificate).
• Credentials: APIKey, Token, APISecret.
• Refund re-sends the full card details.

FirstDataIPG

• First Data (FirstDataIPG) requires authentication by client certificate — you must upload the certificate to the account. This gateway is not the same as Payzee.
• PayerDetails.ClientIPAddress (cardholder IP) is forwarded, falling back to a default if not supplied.

Gateline

• Gateline requires authentication by client certificate — you must upload the certificate to the account.
• The myRef parameter must be numeric only.
• Gateline requires that the card owner's IP address be provided in the ClientIPAddress parameter of the PayerDetails object.

GPWebPay

• The myRef parameter must be a 15-digit numeric value.
• PayerDetails.Email is mandatory.

Heartland

• The myRef parameter must be numeric only.
• Set CertiMode to 1 for certification mode, which then also requires the DeveloperID and VersionNumber credentials.
• PCI Booking's integration is certified with Heartland, so no extra certification step is required of you.

Ingenico

• SkipAuthentication may be supplied.
• Refund is only possible after the transaction is COMPLETED.

KortaPay

• The OriginalAmount credential is mandatory for Void or Refund operations.
• myRef has a maximum of 15 characters.
• Partial refund is not supported.

LianLianPay

• Product credentials are required: ProductID, ProductName, ProductSKU, ProductURL, ProductShippingProvider (plus optional shipping fields).
• No PreAuth / Capture.

MaksuPay

• Credentials: MerchantId, PrivateKey, PublicKeyHash.
• OrderDesc may be supplied.

Monek

• No real-time Void — reverse via Refund; a pre-auth lapses after 28 days.

Moneris

• The ProcessingCountry credential is required.
• Void is only possible after completion.

MyPOS

• Credentials include PrivateKey and PublicKey (used to sign requests and encrypt card / CVV data), plus SID, WalletNumber, KeyIndex, IPCVersion, Language.
• isDigitalGoods sets the cart item description.

NETS

• A Sale can only be refunded (not voided); only an Auth can be voided.

Network.ae

• APIKey and OutletReference credentials are required.

NEXI

• OrderDesc may be supplied.

NMI

• Authenticate with either an APIKey credential, or Username + Password.

NomuPay

• The Region credential is required; AuthorizationType and CaptureType credentials are also available.
• Tokenisation is not available in Turkey.

OpenPay

• MerchantID and PrivateKey credentials are required.
• The cardholder device IP is forwarded as X-Forwarded-For (required by Mexican anti-fraud rules).
• OrderDesc sets the payment description.
• Void is processed as a Refund and works cleanly with MXN.

PayArc

• OrderDesc must be under 25 characters; address fields must be at least 5 characters.

PayDollar

• Credentials: MerchantId, LoginId, Password, SecureHashSecretKey (AsiaPay secure-hash signing).

PayGate

• You must ensure that your merchant account in PayGate is configured with the "auto-settle" flag set to OFF; the payer country must be a 3-letter code.

PayPalPaymentsPro

• Credentials: Username, Password, Vendor, Partner (PayPal Payflow Pro).
• The billing country must be a 3-digit numeric country code; cardholder IP is forwarded when present.
• For a full refund omit the amount. Distinct from PayPalWebsitePaymentsPro.

PayPalWebsitePaymentsPro

• Credentials: Username, Password, Signature, Version (PayPal NVP DoDirectPayment).
• US / UK / CA only. For a full refund omit the amount. Distinct from PayPalPaymentsPro (Payflow Pro).

Payplug

• OrderDesc may be supplied.
• Do not send a currency — the account is single-currency.

Paystack

• Pin (optional card PIN) may be supplied.
• Capture / Void are not supported.

Paystation

• OrderDesc may be supplied.
• No Void.

PayULatam

• OrderDesc may be supplied.
• The Country credential drives behaviour.
• In Panama only Charge is supported (no PreAuth/Capture).

PayZen

• The CaptureDelayDays credential sets the capture delay at authorization (0 = same-night); there is no separate Capture call.

Payzone

• OrderDesc and PayerDetails.Email are mandatory.
• No Authorization Code is returned.

PCIBookingEU

• NomuPay white-label — same behaviour as NomuPay.
• The Region credential is required.

PCIBookingUSA

• OrderDesc, CaptureSeq + CaptureTotal (partial capture) may be supplied.
• SendReceipt (Yes/No) may be supplied.

PeleCard

• A PreAuth cannot be voided online.

PesoPay

• The myRef parameter must be unique on every submission.
• A Void operation must be performed with the GatewayReference returned from PreAuth, and not from Capture.

PomeloPay

• Only Charge and Void operations are supported.

PXP

• MerchantID, StoreID, UserID and Password credentials are required.
• VoidType may be reversalSale or reversalPreAuthorization (defaults to pre-auth reversal).
• An amount is required on every operation, including Void / Capture / Refund.

Quickpay

• The APIKey credential is required.
• Card tokenisation is rejected for EEA cards.

RapydCardPayments

• AccessKey and SecretKey credentials (HMAC request signing) are required.
• The card brand is currently sent as Visa regardless of the actual card — confirm with support before use.

RedDotPayment

• Only PreAuth and Charge operations are supported.
• Partial refund is not supported.

Ryft

• OrderDesc sets the statement descriptor.

SaferPay

• OrderDesc (payer note) may be supplied.
• Merchant IP allow-listing is required.

SagePay

• US / CA / GB only.

Shift4

• The myRef parameter must be numeric (10 digits).

Shift4Clone

• The myRef parameter must be numeric (10 digits).

SiamPay

• An Auth cannot be voided (charges only); Refund is only possible after settlement (~1 day).

Stripe

• Void is performed as a full Refund.

StripeConnect

• ConnectedAccount, ApplicationFeeAmount (platform fee), and HotelID/SiteName/ReservationID (metadata) may be supplied.
• Void is performed as a full Refund.

StripePaymentIntent

• To enable 3DS transaction support, contact Stripe and ask them to enable the 3DS Import (payment_method_options.card.request_three_d_secure) option on your test/live account.
• SetupFutureUsage lets you use Stripe Subscriptions with the PaymentIntents integration. It is provided in the credential object and the value can be on_session or off_session.
• ApplicationFeeAmount lets your platform take an application fee on direct charges. Provide it in the credential object together with ConnectedAccount data, and include a ConnectionType of standardconnect or connect.
• A captured charge cannot be voided.

StripeStandardConnect

• OrderDesc may be supplied.
• ConnectedAccount and ApplicationFeeAmount may be supplied.

TotalProcessing

• Authorization Code is only returned on live captures (not on PreAuth or test).

Trust

• Tokenize is performed as an ACCOUNTCHECK (zero-amount) request.
• TokenCurrency sets the tokenize currency (default GBP).

Tyro

• MerchantID and APIPassword credentials (Mastercard MPGS platform) are required.
• myRef is used as the order id, transaction id and reference — it must be unique and URL-safe per transaction.

USAePay

• Credentials: SourceKey, PIN, EndpointID.
• OrderDesc may be supplied.

Valitor

• ServiceType may be ONLINEPAYMENT, TELEPHONEPAYMENT or MAILORDER (MOTO modes suppress CVV).
• Refunds are not allowed on debit cards.

ValitorPay

• Tokenisation creates a virtual card.
• MCCCode (a travel/hotel MCC switches to PreAuthorization), TransactionType, and DefaultClearingDays/DefaultClearingAction may be supplied.

Verifone

• PayerDetails first and last name are required.
• TokenScope may be supplied (for tokenize).

VersioPay

• The Crypto credential (account secret) is required.

Viva

• GroupId can be set on Tokenize.
• Separate token-client credentials (TokenClientId, TokenClientSecret) are used for tokenize / refund / void.

Windcave

• EnableAddBillCard may be supplied.

Wirecard

• OrderDesc provides a payment reason for the payment gateway. The field is optional for Charge and PreAuth operations and is sent as false by default.

Worldline TravelHub

• OrderDesc may be supplied.

WorldPay

• The isDigitalGoods parameter sets the goods type (DIGITAL/PHYSICAL) and is sent as digital (true) by default.
• PCI Booking's integration is certified with WorldPay (SecureNet), so no extra certification step is required of you.

WorldPayOnline

• The ServiceKey credential is used as the authorization header.
• isDigitalGoods overwrites the order description (the gateway has no free-text descriptor); amounts are in the smallest currency unit.

WorldPayVantiv

• Only the first 6 characters of myRef are used (ticket number).

WorldPayWPG

• OrderDesc may be supplied.

WSPay

• One account does either Charge or PreAuth→Capture, not both.

Xendit

• The Country credential (2-letter, default PH) may be supplied.

YeePay

• Hosted SMS-OTP (form-charge) flow.

Zeamster

• OrderDesc provides an additional description related to the order the payment is for.

Zoop

• The NoOfInstallments parameter lets you use an installment plan and split the cost into multiple credit-card payments (micro credit). The value must be between 1 and 12.

ZoozPaymentsOS

• AppID, PublicKey, PrivateKey and APIVersion credentials are required.
• Amounts are in the smallest currency unit.