Guides
Manual Integrations
Direct Integration

Direct Integration

With direct integration, your merchant’s website (complete with secure certificate) captures the user’s personal and credit card details and then forwards these behind the scenes to the secure NPI gateway. NPI then performs any necessary fraud and security checks, clears the payment with the acquiring bank and sends a response back to your merchant’s website, which then delivers a formatted response back to the customer.

Direct integration is more complex than the hosted forms method, but it does mean that the entire shopping process can occur within your merchants’ websites, providing a seamless experience for their customers.

For standard Visa and MasterCard Testing use merchant ID 100001, or for 3D Secure Testing use 100856.

As a white label payment gateway Partner, the direct integration is fully branded as your own; sits on your URL with your logo and branding; and provides your merchants with your own test credentials.

Sale Transaction example (with 3-D Secure)

The following example PHP code shows how to send a SALE transaction with support for 3-D Secure:

<?php
 
// Signature key entered on MMS. The demo account is fixed to this value,
$key = 'Circle4Take40Idea';
 
// Gateway URL
$url = 'https://gateway.example.com/direct/';
 
// Setup PHP session as use it to store data between 3DS steps
if (isset($_GET['sid'])) {
    session_id($_GET['sid']);
}
 
session_start(); 15.
 
// Compose current page URL (removing any sid and acs parameters)
$pageUrl = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://'). $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : ''). preg_replace('/(sid=[^&]+&?)|(acs=1&?)/', '', $_SERVER['REQUEST_URI']);
 
// Add back the correct sid parameter (used as session cookie may not be passed when the page is redirected from an IFRAME)
$pageUrl .= (strpos($pageUrl, '?') === false ? '?' : '&') . 'sid=' . urlencode(session_id());
 
// If ACS response into the IFRAME then redirect back to parent window
if (!emptyempty($_GET['acs'])) {
     echo silentPost($pageUrl, array('threeDSResponse' => $_POST), '_parent');
     exit();
}
if (!isset($_POST['threeDSResponse'])) {
// Initial request
// Gather browser info - can be done at any time prior to the checkout
if (!isset($_POST['browserInfo'])) {
    echo collectBrowserInfo();
    exit();
}
 
// Direct Request
$req = array(
'merchantID' => 100001,
'action' => 'SALE',
'type' => 1,
'currencyCode' => 826,
'countryCode' => 826,
'amount' => 1001,
'cardNumber' => '4012001037141112',
'cardExpiryMonth' => 12,
'cardExpiryYear' => 15,
'cardCVV' => '083',
'customerName' => 'Test Customer',
'customerEmail' => 'test@testcustomer.com',
'customerAddress' => '16 Test Street',
'customerPostCode' => 'TE15 5ST',
'orderRef' => 'Test purchase',
// The following fields are mandatory for 3DS
'remoteAddress' => $_SERVER['REMOTE_ADDR'],
'threeDSRedirectURL' => $pageUrl . '&acs=1',
// The following field allows options to be passed for 3DS
// and the values here are for demonstration purposes only
'threeDSOptions' => array(
    'paymentAccountAge' => '20190601',
    'paymentAccountAgeIndicator' => '05',
    ),
);
// Append the fields contained in browserInfo to the request as some are
// mandatory for 3DS as detailed in section 5.5.5 of the Integration Guide.
 
$req += $_POST['browserInfo'];
 
} else {
// 3DS continuation request
$req = array(
// The following field are only required for tbe benefit of the SDK
'merchantID' => 100001,
'action' => 'SALE',
 
// The following field must be passed to continue the 3DS request
'threeDSRef' => $_SESSION['threeDSRef'],
'threeDSResponse' => $_POST['threeDSResponse'],
);
}
 
try {
$res = Gateway::directRequest($req);
} catch (\Exception $e) {
// You should exit gracefully
die('Sorry, the request could not be sent: ' . $e);
}
 
// Check the response code
if ($res['responseCode'] === Gateway::RC_3DS_AUTHENTICATION_REQUIRED) {
    // Send request to the ACS server displaying response in an IFRAME
    // Render an IFRAME to show the ACS challenge (hidden for fingerprint method)
    $style = (isset($res['threeDSRequest']['threeDSMethodData']) ? 'display: none;' : '');
    echo "<iframe name=\"threeds_acs\" style=\"height:420px; width:420px; {$style}\"></iframe>\n";
 
    // Silently POST the 3DS request to the ACS in the IFRAME
    echo silentPost($res['threeDSURL'], $res['threeDSRequest'], 'threeds_acs');
 
    // Remember the threeDSRef as need it when the ACS responds
    $_SESSION['threeDSRef'] = $res['threeDSRef'];
 
} else if ($res['responseCode'] === Gateway::RC_SUCCESS) {
    echo "<p>Thank you for your payment.</p>";
} else {
    echo "<p>Failed to take payment: " . htmlentities($res['responseMessage']) . "</p>";
}
 
// Render HTML to silently POST data to URL in target brower window
function silentPost($url = '?', array $post = null, $target = '_self') {
 
    $url = htmlentities($url);
    $target = htmlentities($target);
    $fields = '';
 
 
    if ($post) {
        foreach ($post as $name => $value) {
        $fields .= Gateway::fieldToHtml($name, $value);
        }
     }
 
    $ret = "
        <form id=\"silentPost\" action=\"{$url}\" method=\"post\" target=\"{$target}\">
        {$fields}
        <noscript><input type=\"submit\" value=\"Continue\"></noscript
        </form>
        <script>
        window.setTimeout('document.forms.silentPost.submit()', 0);
        </script>
    ";
    return $ret;
}
 ?>
To learn more about our API, we recommend that you check out our latest API guide.
Last updated on 18 September 2023
Manual IntegrationsHosted Integration