Overview
What is the Payloft Payment Gateway API?
The Payloft Payment Gateway API allows businesses to accept and manage electronic payments easily and securely. With support for multiple card schemes and industry-grade security protocols, the API is built to scale with your business — whether you're a startup or a large enterprise.
It provides a unified interface to initiate transactions, verify statuses, process refunds, and onboard merchants while adhering to PCI DSS standards.
Key Capabilities
Multi-Scheme Support: Accept payments from Visa, Mastercard, American Express, Verve, and PayAttitude.
Secure Transaction Handling: Card data is encrypted using AES and verified through 3D Secure.
Real-Time Status Tracking: Monitor transactions, receive responses instantly, and act on them programmatically.
Merchant Operations: Onboard merchants, retrieve credentials, and manage business information via API.
Built for Scale: Optimized for performance under high transaction volumes and integrated failover for high availability.
Merchant Types
Payloft supports two merchant integration models. Choosing the right model depends on how you intend to handle customer payments.
1. Generic Merchant
Generic merchants use the Payloft-hosted checkout page. This is the simplest and most secure way to accept payments with minimal development overhead.
Use Case: Ideal for merchants who want a quick and secure way to accept payments without handling sensitive card data directly.
Workflow:
Customer is redirected to Payloft’s secure checkout page.
Card data is collected and processed by Payloft.
Transaction result is returned to the merchant after processing.
2. Aggregator Merchant
Aggregator merchants (or payment facilitators) use their own payment interfaces and pass encrypted card data to Payloft for processing. This model offers more control but comes with greater responsibility.
Use Case: Ideal for platforms that onboard and serve multiple sub-merchants or want a fully customized payment experience.
Workflow:
Merchant collects card data using their own frontend.
Data is encrypted using AES as per Payloft specifications.
Encrypted payload is submitted to Payloft for authentication and processing.
Typical Payment Flow
The transaction process follows these steps:
Initiate Payment: The merchant creates a payment request by calling the
createOrderendpoint.Encrypt & Submit: For aggregator merchants, card data is encrypted and submitted. For generic merchants, the customer is redirected to Payloft’s hosted page.
3D Secure Authentication (if applicable): The cardholder is verified using 3D Secure.
Authorization & Settlement: The transaction is authorized with the issuer and settled.
Response Handling: The merchant receives a response with the transaction status.
Security & Compliance
AES Encryption: All sensitive card data must be encrypted using the AES-256 standard.
3D Secure (3DS): Transactions are authenticated using 3D Secure to reduce fraud risk.
PCI DSS Compliance: The API complies with PCI standards to ensure secure handling of cardholder data.
Getting Started
To start integrating with the Payloft Payment Gateway API:
Sign Up at merchant.mypayloft.com.
Retrieve Test Credentials (Merchant ID & Secret Key) from your dashboard.
Review API Reference to understand endpoint usage and response formats.
Build & Test your integration using the sandbox environment.
Request Production Access after successful testing.
Go Live with your production credentials.