Sign In

Developer Hub

API Documents

The BOIPA Payment Gateway supports Direct API and Hosted Payment Page integrations.

Direct API

Direct API Integration is designed for technologically enabled merchants who manage systems that provide and manage the full customer shopping experience, including taking card data and integrating with alternate payment methods. The merchants will provide their payment pages and store the data in their systems. Hence, the merchant must have a PCI DSS Compliant environment to process the payment card and other cardholder sensitive data.

The primary feature of this integration method with the Gateway is the merchant’s ability to develop and manage applications that incorporate their website functionality, payment forms and other payment methods.

Merchants may have:

  • ECommerce websites or apps where their customers shop and pay for goods and services online – ECOM transactions, and/or
  • Customer Order Management system where merchant operators take orders over the phone or from other remote communications methods – MOTO transactions

The merchant’s applications use the Gateway to process payment authorisations and the supporting functionality (captures, voids, refunds, etc.) and such applications must also be able to handle 3D-Secure redirections triggered by the gateway.

Hosted Payment Page (HPP)

Hosted Payment Page Integration is designed for technologically enabled merchants who manage systems that provide and manage the full customer shopping experience, but do not have PCI Compliant environments to process payment cards and other cardholder sensitive data. The primary feature of this integration method with the Gateway is that the merchant incorporates the Gateway’s Hosted Payment Page into the website’s checkout page.

The Hosted Payment Page will provide for card payments and alternate payment methods.

Merchants may have:

  • eCommerce websites or apps where their customers shop and pay for goods and services online – ECOM transactions
  • and/or Customer Order Management system where merchant operators take orders over the phone or from other remote communications methods – MOTO transactions

The merchant’s applications use the Gateway to process payment authorisations and the supporting functionality (captures, voids, refunds, etc.) and 3DS authentications.

An additional feature of this integration method is a Hybrid Integration, where Hosted Payment Page Integrated merchants will also use the Direct API integration in other scenarios (e.g. for repeat transactions (recurring) using a stored card token generated using the Hosted Payment Page).

There are 3 integration modes available for the Hosted Payment Page:

1. HostedPayPage (a standard payment page with static BOIPA/EVO branding), fully redirected from the merchant site;

2. Standalone iFrame (a customisable payment page where fonts/colours may be changed), fully redirected from the merchant site;

3. Embedded iFrame (a customisable payment page where fonts/colours may be changed), embedded in a container within the merchant site;

Strong Customer Authentication

3D Secure Version 2 & SCA (Strong Customer Authentication)

 

The EU’s Second Payment Services Directive (2015/2366 PSD2) came into force in January 2018, aiming to improve consumer protection across all payment types, promoting an even more open, competitive payments landscape.

One of the key requirements of PSD2 relates to Strong Customer Authentication (SCA) which is now required on all electronic transactions within the European Economic Area (EEA).

SCA will require cardholders to authenticate themselves with at least TWO out of the following three methods:

Something you know

Something only the customer knows:

  • Password
  • Pin
  • Secret fact
Phone Clip Art

Something you own

Something only the customer owns:

  • Mobile phone
  • Wearable device
  • Token

Something you are

Something only the customer is:

  • Fingerprint
  • Facial feature
  • Voice pattern

3DS v2 will send important data, such as the shipping address, the customer’s device ID and other additional information to the cardholder’s bank. Based on this information, the bank can then assess the risk level of the payment. If the bank trusts the transaction, the payment flow is made seamless without any friction (no challenge to the cardholder).

API Documents

Below are the API documents required to integrate with the BOIPA Payment Gateway.

Plugins

Below is a list of free plugins to integrate with the BOIPA Payment Gateway.

Woo Commerce Logo
Oscommerce Logo
OpenCart Logo
Magento Logo
PrestaShop Logo

Additional plugins for the BOIPA Payment Gateway are available for purchase online through our partner Sellxed.

Download the BOIPA Back Office and Virtual Terminal Manual here.

Email Support

Send our support team an email below.