Implementation guide · three shapes
Add a payment gateway to website — one integration, every method.
Sign the KYB paperwork, pick an integration shape (hosted checkout, embedded fields or SDK), and go live. Card, ACH, SEPA, wallets and crypto all sit behind the same API, routed per authorisation across a panel of connected acquirers.
- Hosted
- Drop-in redirect or iframe — live in days, SAQ A
- Embedded
- Hosted fields inside your own checkout — SAQ A-EP
- SDK
- Server SDK + client primitives for full UI control
Key benefits
Why merchants add payment gateway to website through topropay
Four properties that show up the moment a website stops looking for one perfect provider and starts running on a routed panel.
- 01
One integration, many acquirers
The gateway you add is topropay's unified API; behind it sits a panel of connected acquirers routed per authorisation. You don't pick a lane on day one — the routing engine picks the highest-EV lane per transaction.
- 02
Same-week go-live for hosted checkout
Merchants who pick the hosted-checkout shape typically go live inside the first week — KYB and sandbox testing dominate the timeline, not integration work. Embedded and SDK shapes take 2–4 weeks depending on team size.
- 03
Add more methods without re-integration
New payment methods on the same gateway (cards, ACH, SEPA, wallets, BNPL, crypto) become dashboard toggles, not code changes. The merchant's checkout stays static; the method list surfaces per market.
- 04
PCI DSS Level 1 vault from day one
Card data captures into the platform vault regardless of shape. The merchant's PAN exposure is either zero (hosted) or scoped down to SAQ A-EP (embedded fields), without wearing the full PCI L1 audit themselves.
How to add payment method to website
Six steps from KYB paperwork to first live authorisation
What actually happens between the merchant signing paperwork and the first live payment landing in the settlement file — and where topropay picks up the work on each step.
- 01
Sign the KYB paperwork
Merchant onboarding through the platform's dashboard — KYB, KYC on beneficial owners, vertical / volume declarations.
- 02
Pick the integration shape
Hosted checkout, embedded hosted fields, or low-level SDK. Same back-end for all three; the choice depends on the merchant's PCI-scope preference and UI-control needs.
- 03
Point the checkout at sandbox
The merchant's dev team points their sandbox checkout at topropay's sandbox endpoint. Test card numbers and test method flows run end-to-end without touching production.
- 04
Enable methods per market
The methods you want to add — card, ACH, SEPA, iDEAL, PIX — turn on per market from the dashboard. Method availability follows the connected acquirer's coverage.
- 05
Cutover to production
Swap the sandbox key for the production key; the routing policy activates for real authorisations. Parallel-running with an existing gateway during migration is supported.
- 06
Reconcile in one feed
Settlement files from every connected acquirer normalise into one ledger; daily exports tagged by acquirer, method, currency and merchant.
Main use cases
Where "add payment gateway to website" earns its keep
Five merchant shapes that consolidate around one gateway integration rather than wiring in per-region providers by hand.
- Retail
DTC retail adding checkout for the first time
New retail websites where the owner wants to add payment gateway to website without hand-integrating a per-region provider. Hosted checkout goes live inside the first week.
- SaaS
SaaS adding recurring billing beside one-off
SaaS websites adding both card-on-file recurring and one-off invoice pay-now, on the same gateway integration, with vault tokens carried across.
- Marketplace
Marketplaces adding a payments layer to an existing site
Existing marketplaces retro-fitting a payments layer that supports per-seller routing without re-onboarding the seller base — sub-merchant model handles the split.
- Ent
Enterprise migrating from a legacy gateway
Enterprises retiring an old gateway integration — the new topropay layer supports parallel-running so the cutover measures approval-lift before absorbing the rest of the volume.
- Regional
Cross-border merchants expanding into new markets
Merchants adding regional method coverage (PIX for Brazil, iDEAL for the Netherlands, SEPA for the EU) on top of an existing card gateway — the new methods are toggle-added, not re-integrated.
Platform features
Capabilities behind the gateway you add to your website
Twelve capabilities that ship once and reuse across every integration shape — hosted, embedded and SDK — the primitives that make "add payment gateway" feel like one product rather than a stack of separate integrations.
-
One unified API
Same REST contract for card, ACH, SEPA, wallet, BNPL and crypto — one integration covers the lot.
-
Three integration shapes
Hosted checkout, embedded hosted fields, low-level SDK — pick per merchant's PCI-scope and UI-control needs.
-
Smart routing across acquirers
Per-BIN, per-currency, per-country scoring routes each authorisation across the connected acquiring panel.
-
Cascade & retry
Soft declines cascade to the next ranked provider inside the same authorisation — nothing leaks back to the buyer.
-
PCI DSS Level 1 vault
Card data lands in the platform vault before any acquirer sees it; PAN never touches the merchant server.
-
Network tokens & updaters
VTS and MDES network tokens by default; scheme account updaters keep saved credentials alive across re-issuance.
-
3DS2 / SCA orchestration
Selective EMV 3DS2 challenges per authorisation — PSD2-compliant in Europe without breaking conversion.
-
ACH & bank-rail methods
US ACH with NACHA mandate handling, SEPA Direct Debit, Bacs and Open Banking through the same authorise endpoint.
-
Wallets, BNPL & crypto
Apple Pay, Google Pay, Click to Pay, Klarna, Afterpay, stablecoin and major-token acceptance via licensed partner gateways.
-
Unified dispute queue
One queue across providers; per-vertical evidence-pack templates; automated representment for select scheme types.
-
Signed webhooks
Replay-safe lifecycle events fire on auth, capture, settlement and dispute — same shape regardless of which acquirer cleared the auth.
-
One reconciliation feed
Settlements, fees, refunds and chargebacks from every connected acquirer in one normalised ledger.
Industry relevance
Licensed merchants across EU, UK, APAC and LATAM
topropay's gateway-add posture targets licensed merchants operating across Europe, the UK, APAC and LATAM — new websites, existing websites migrating from a legacy gateway, marketplaces retro-fitting a payments layer, enterprises consolidating multi-region providers, and licensed gaming operators where current operating licences exist. Grey and black-market verticals are out of scope regardless of integration shape.
- New retail websites
- SaaS websites
- Marketplaces
- Enterprise migrations
- Cross-border expansion
- Licensed gaming (where licensed)
- Adult content · out of scope
- Unlicensed gambling · out of scope
Trust & compliance
Compliance posture inherited from day one
One audited environment underpins every integration shape; sub-merchants inherit the relevant posture per rail without carrying separate certifications themselves.
- PCI DSS Level 1
- Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture across every connected acquirer and integration shape.
- Scheme programmes
- Visa VDMP / VAMP / VFMP and Mastercard ECP / EFMP positions surfaced per connected acquirer; routing weights can rotate around at-risk lanes.
- SCA & PSD2
- Selective EMV 3DS2 on the authorisation path keeps approval high in Europe without skipping the SCA bar.
- Bank-rail mandate posture
- NACHA authorisations for ACH, SEPA mandate IDs for SEPA SDD, Bacs mandates for UK — captured and retained per scheme rules.
- Sanctions & AML alignment
- Sanctions screening at onboarding; AML monitoring tuned to each merchant's vertical, volume and geographic mix.
- Licensed verticals only
- Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of integration shape.
Ready to add the gateway
Add topropay to your website this week.
A 30-minute integration review covers the shape that fits your stack, the methods relevant to your buyer base, and a sandbox key you can test against before any commercial commitment.
Frequently asked
Buyer questions about adding a payment gateway to a website
Integration timeline, PCI-scope trade-offs, hosted-platform paths, parallel-running migrations and the practicalities of adding methods on top of the base card gateway.
- 01
How do I add a payment gateway to website through topropay?
To add a payment gateway to website through topropay, sign the KYB paperwork, pick an integration shape (hosted / embedded / SDK), point sandbox traffic at topropay's sandbox endpoint, enable the methods you want per market, then swap the sandbox key for the production key. Hosted-checkout deployments typically go live inside the first week.
- 02
What's the fastest way to add payment gateway to website?
The fastest way to add payment gateway to website is the hosted-checkout shape — a drop-in redirect or iframe. The merchant's PCI scope shrinks to SAQ A, integration work is minimal (an API call to create a session plus a redirect), and go-live is a matter of days rather than weeks.
- 03
How do I add payment method to website without re-integrating?
Once the gateway is live, add payment method to website by toggling the method on in the topropay dashboard. Cards, wallets, ACH, SEPA SDD, iDEAL, PIX and other regional rails become part of the same hosted checkout without a code change on the merchant's side. Availability follows the connected acquirer's coverage per market.
- 04
Can I add ACH payment to my website?
Yes. add ach payment on topropay uses US ACH connectivity through a partner ACH processor. Mandate authorisation captured at first debit; R-code-aware retries handle NSF returns; settlement flows into the same reconciliation feed as card. The buyer picks ACH on the same hosted surface as card.
- 05
How do I add payment system to website that covers multiple regions?
add payment system to website that covers multiple regions is topropay's default configuration — the same integration surfaces card everywhere, plus SEPA / iDEAL / Bancontact in the EU, ACH in the US, PIX in Brazil, PayID in Australia, and card + partner-licensed methods in APAC. Method availability follows connected acquirer coverage per market.
- 06
Do I need my own merchant account to add payment gateway?
No — to add payment gateway on topropay's sub-merchant model, the merchant rides the platform's connected acquirer relationships. Merchants who already hold a direct MID can bring it in as an additional connected lane; the routing engine treats it as one more provider in the panel.
- 07
How does the payment gateway add in website affect PCI scope?
PCI scope depends on the integration shape. Hosted-checkout shrinks the merchant's scope to SAQ A. Embedded hosted fields sit at SAQ A-EP. Low-level SDK is a full-scope integration but with the vault handling PAN storage, so the merchant server still never sees a raw PAN. All three inherit topropay's PCI DSS Level 1 service-provider posture underneath.
- 08
Can I add a payment gateway to an existing website without downtime?
Yes. Add a payment gateway to an existing website by running topropay in parallel with an existing provider — one gateway carries the old traffic while the new one takes a percentage of new traffic. Once the routing policy is tuned, cut the balance over; there's no requirement to switch overnight.
- 09
Which methods can I add on top of card on my website?
On top of card, merchants typically add Apple Pay, Google Pay and Click to Pay first (mobile-first wallets), then regional bank rails per market (SEPA SDD in the EU, ACH in the US, PIX in Brazil, iDEAL in the Netherlands), then BNPL (Klarna, Afterpay, Clearpay) on merchants where cart uplift matters, and finally crypto via licensed partner gateways where the buyer base wants it.
- 10
How much code do I need to write to add a payment gateway to a website?
For hosted checkout, roughly 20–50 lines of server-side code to create a payment session plus a redirect on the client. For embedded hosted fields, add another 40–80 lines to mount the iframes and handle the tokenisation callback. For SDK, count on the merchant's team owning a normal integration project.
- 11
Do I need to add per-region gateways for each market?
No. The reason topropay's connected acquirer panel exists is so the merchant doesn't run one gateway integration per region. The panel behind the same unified API covers US, EU, UK, APAC and LATAM connectivity — expanding into a new market is a routing-policy change, not a per-region integration project.
- 12
How are refunds handled once the gateway is live?
Refunds run against the vault token issued by the original authorisation. Operators trigger refunds from the topropay dashboard or via API, with a justification and reason code logged for audit. The refund reverses the authorisation through whichever connected acquirer cleared it.
- 13
Can I add recurring billing on the same gateway?
Yes. Card-on-file recurring, SEPA Direct Debit and ACH recurring all run through the same authorise endpoint; cycle scheduling, smart retries and network tokens are platform-side. The merchant doesn't fork billing per scheme.
- 14
How do I add a payment gateway if my website is on a hosted platform (Shopify, Webflow, WordPress)?
For merchants on hosted platforms without native topropay support, the standard path is a hosted-checkout redirect from a checkout button. The merchant's website links to a topropay-hosted payment session; the buyer completes payment there and redirects back with a confirmation. No plugin is required.
- 15
Is there a sandbox to test before I add the payment gateway to production?
Yes. Every integration shape has a sandbox environment with test card numbers, test bank-rail mandates and test webhooks. The merchant can rehearse the full flow — auth, capture, refund, dispute — before switching the API key to production.
Related
Related on the topropay platform
- Gateway Payment gateway overview The wider single-gateway framing — what a gateway covers on its own and where the panel picks up.
- Ecommerce Payment gateway for ecommerce The gateway-side framing of an ecommerce checkout — one API in front of every connected acquirer.
- Acceptance Accept online payment, MID optional Acceptance-side framing — sub-merchant or direct MID, every method through one integration.
- Surface Payment page on the website The hosted, embedded or hybrid checkout surface the added gateway drives underneath.
- API Web payment systems on one API The web payment API and SDK family the added gateway exposes.
- Providers Payment gateway providers, consolidated The connected provider panel the added gateway sits one layer above.