Payment Flow & Core Elements
To help provide a clearer understanding of how each core element of the payment flow works and how they fit together within the overall lifecycle, we will now take a closer look at each of them, explaining their purpose, behavior, and role in the payment process.
Depending on your integration type, you will need to handle from one to all of the below elements. Before going over each element definition, please see the below table to know which elements might be needed for your integration type.
| Integration type | Handled by you | Handled by us |
|---|---|---|
|
Hosted Payment Page
Quickly launch a secure checkout experience hosted by us — ideal for fast integration and minimal PCI scope.
|
Checkout | Tokenization Order |
|
Hosted Elements
Embed secure payment elements directly in your UI for having more control of the checkout experience.
|
Checkout Order | Tokenization ⓘ On your end, you will need to catch the token onSubmit and use it for order creation. Read more here. |
|
Direct API
Build custom payment flows with our flexible REST API — ideal for complete control and advanced integrations.
|
Checkout Tokenization Order | N/A |
Checkout
A checkout represents a payment session created by the merchant before the customer enters their payment details.
When a checkout is created using the /checkout endpoint, the merchant defines the parameters of the transaction, such as:
- the payment amount and currency
- redirect URLs for the customer journey: accept, pending, decline, cancel
- payment configuration and integration type
- authentication preference
- others if needed
The checkout acts as the entry point of the payment flow and provides the context. It prepares the payment session and allows the customer to proceed to the step where payment details are collected, either through a hosted payment page, hosted elements, or in direct API integration.
Tokenization
Tokenization is the process of securely converting sensitive payment information (such as card details) into a token that can safely be used by the platform for payment processing.
During this step:
- the customer submits their payment information
- the platform securely processes the data within a PCI-compliant environment
- the original sensitive data is replaced with a token
This token can then be used for subsequent payment operations without exposing the underlying payment details.
Tokenization helps ensure PCI compliance, improves security, and enables the platform to handle payment data safely across different payment providers.
Order
An order represents the actual payment transaction and all details corresponding to it.
When you call the /order endpoint, we use the previously created checkout (checkout_id) and tokenized payment method (token) to initiate the payment process. At this stage, the following actions will take place in connection to the transaction:
- selecting the appropriate PSP (Smart Routing logic is applied, unless there are specific routing rules in place)
- 3DS authentication: based your preference (ask for 3DS or none 3DS) and the acquirer final decision on 3DS either in frictionless or challenge flow
- sending the authorization request to the PSP
The order therefore represents the execution of the payment, and its lifecycle may include additional operations such as capture, refund, or cancellation depending on the payment flow.
Depending on the provided and your use case, the automatic capture request is applied.
Maintenance Operations
Once an order has been created and processed, additional operations may be performed to manage the transaction lifecycle. These operations include:
- Capture (if no auto capture was applied) – completing a previously authorized payment when manual capture is enabled.
- Cancel – cancelling an authorized payment before it is captured.
- Refund – returning funds to the customer after a payment has been captured.
These maintenance endpoints allow merchants to control the post-authorization lifecycle of a payment when needed.
Updated 3 days ago