Implementation guide · three shapes

Add a payment gateway to website — one integration, every method.

Sign the KYB paperwork, pick an integration shape (hosted checkout, embedded fields or SDK), and go live. Card, ACH, SEPA, wallets and crypto all sit behind the same API, routed per authorisation across a panel of connected acquirers.

Hosted
Drop-in redirect or iframe — live in days, SAQ A
Embedded
Hosted fields inside your own checkout — SAQ A-EP
SDK
Server SDK + client primitives for full UI control

Key benefits

Why merchants add payment gateway to website through topropay

Four properties that show up the moment a website stops looking for one perfect provider and starts running on a routed panel.

  1. 01

    One integration, many acquirers

    The gateway you add is topropay's unified API; behind it sits a panel of connected acquirers routed per authorisation. You don't pick a lane on day one — the routing engine picks the highest-EV lane per transaction.

  2. 02

    Same-week go-live for hosted checkout

    Merchants who pick the hosted-checkout shape typically go live inside the first week — KYB and sandbox testing dominate the timeline, not integration work. Embedded and SDK shapes take 2–4 weeks depending on team size.

  3. 03

    Add more methods without re-integration

    New payment methods on the same gateway (cards, ACH, SEPA, wallets, BNPL, crypto) become dashboard toggles, not code changes. The merchant's checkout stays static; the method list surfaces per market.

  4. 04

    PCI DSS Level 1 vault from day one

    Card data captures into the platform vault regardless of shape. The merchant's PAN exposure is either zero (hosted) or scoped down to SAQ A-EP (embedded fields), without wearing the full PCI L1 audit themselves.

How to add payment method to website

Six steps from KYB paperwork to first live authorisation

What actually happens between the merchant signing paperwork and the first live payment landing in the settlement file — and where topropay picks up the work on each step.

  1. 01

    Sign the KYB paperwork

    Merchant onboarding through the platform's dashboard — KYB, KYC on beneficial owners, vertical / volume declarations.

  2. 02

    Pick the integration shape

    Hosted checkout, embedded hosted fields, or low-level SDK. Same back-end for all three; the choice depends on the merchant's PCI-scope preference and UI-control needs.

  3. 03

    Point the checkout at sandbox

    The merchant's dev team points their sandbox checkout at topropay's sandbox endpoint. Test card numbers and test method flows run end-to-end without touching production.

  4. 04

    Enable methods per market

    The methods you want to add — card, ACH, SEPA, iDEAL, PIX — turn on per market from the dashboard. Method availability follows the connected acquirer's coverage.

  5. 05

    Cutover to production

    Swap the sandbox key for the production key; the routing policy activates for real authorisations. Parallel-running with an existing gateway during migration is supported.

  6. 06

    Reconcile in one feed

    Settlement files from every connected acquirer normalise into one ledger; daily exports tagged by acquirer, method, currency and merchant.

Main use cases

Where "add payment gateway to website" earns its keep

Five merchant shapes that consolidate around one gateway integration rather than wiring in per-region providers by hand.

  • Retail

    DTC retail adding checkout for the first time

    New retail websites where the owner wants to add payment gateway to website without hand-integrating a per-region provider. Hosted checkout goes live inside the first week.

  • SaaS

    SaaS adding recurring billing beside one-off

    SaaS websites adding both card-on-file recurring and one-off invoice pay-now, on the same gateway integration, with vault tokens carried across.

  • Marketplace

    Marketplaces adding a payments layer to an existing site

    Existing marketplaces retro-fitting a payments layer that supports per-seller routing without re-onboarding the seller base — sub-merchant model handles the split.

  • Ent

    Enterprise migrating from a legacy gateway

    Enterprises retiring an old gateway integration — the new topropay layer supports parallel-running so the cutover measures approval-lift before absorbing the rest of the volume.

  • Regional

    Cross-border merchants expanding into new markets

    Merchants adding regional method coverage (PIX for Brazil, iDEAL for the Netherlands, SEPA for the EU) on top of an existing card gateway — the new methods are toggle-added, not re-integrated.

Platform features

Capabilities behind the gateway you add to your website

Twelve capabilities that ship once and reuse across every integration shape — hosted, embedded and SDK — the primitives that make "add payment gateway" feel like one product rather than a stack of separate integrations.

  • One unified API

    Same REST contract for card, ACH, SEPA, wallet, BNPL and crypto — one integration covers the lot.

  • Three integration shapes

    Hosted checkout, embedded hosted fields, low-level SDK — pick per merchant's PCI-scope and UI-control needs.

  • Smart routing across acquirers

    Per-BIN, per-currency, per-country scoring routes each authorisation across the connected acquiring panel.

  • Cascade & retry

    Soft declines cascade to the next ranked provider inside the same authorisation — nothing leaks back to the buyer.

  • PCI DSS Level 1 vault

    Card data lands in the platform vault before any acquirer sees it; PAN never touches the merchant server.

  • Network tokens & updaters

    VTS and MDES network tokens by default; scheme account updaters keep saved credentials alive across re-issuance.

  • 3DS2 / SCA orchestration

    Selective EMV 3DS2 challenges per authorisation — PSD2-compliant in Europe without breaking conversion.

  • ACH & bank-rail methods

    US ACH with NACHA mandate handling, SEPA Direct Debit, Bacs and Open Banking through the same authorise endpoint.

  • Wallets, BNPL & crypto

    Apple Pay, Google Pay, Click to Pay, Klarna, Afterpay, stablecoin and major-token acceptance via licensed partner gateways.

  • Unified dispute queue

    One queue across providers; per-vertical evidence-pack templates; automated representment for select scheme types.

  • Signed webhooks

    Replay-safe lifecycle events fire on auth, capture, settlement and dispute — same shape regardless of which acquirer cleared the auth.

  • One reconciliation feed

    Settlements, fees, refunds and chargebacks from every connected acquirer in one normalised ledger.

Industry relevance

Licensed merchants across EU, UK, APAC and LATAM

topropay's gateway-add posture targets licensed merchants operating across Europe, the UK, APAC and LATAM — new websites, existing websites migrating from a legacy gateway, marketplaces retro-fitting a payments layer, enterprises consolidating multi-region providers, and licensed gaming operators where current operating licences exist. Grey and black-market verticals are out of scope regardless of integration shape.

  • New retail websites
  • SaaS websites
  • Marketplaces
  • Enterprise migrations
  • Cross-border expansion
  • Licensed gaming (where licensed)
  • Adult content · out of scope
  • Unlicensed gambling · out of scope

Trust & compliance

Compliance posture inherited from day one

One audited environment underpins every integration shape; sub-merchants inherit the relevant posture per rail without carrying separate certifications themselves.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture across every connected acquirer and integration shape.
Scheme programmes
Visa VDMP / VAMP / VFMP and Mastercard ECP / EFMP positions surfaced per connected acquirer; routing weights can rotate around at-risk lanes.
SCA & PSD2
Selective EMV 3DS2 on the authorisation path keeps approval high in Europe without skipping the SCA bar.
Bank-rail mandate posture
NACHA authorisations for ACH, SEPA mandate IDs for SEPA SDD, Bacs mandates for UK — captured and retained per scheme rules.
Sanctions & AML alignment
Sanctions screening at onboarding; AML monitoring tuned to each merchant's vertical, volume and geographic mix.
Licensed verticals only
Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of integration shape.

Ready to add the gateway

Add topropay to your website this week.

A 30-minute integration review covers the shape that fits your stack, the methods relevant to your buyer base, and a sandbox key you can test against before any commercial commitment.

Frequently asked

Buyer questions about adding a payment gateway to a website

Integration timeline, PCI-scope trade-offs, hosted-platform paths, parallel-running migrations and the practicalities of adding methods on top of the base card gateway.

  1. 01

    How do I add a payment gateway to website through topropay?

    To add a payment gateway to website through topropay, sign the KYB paperwork, pick an integration shape (hosted / embedded / SDK), point sandbox traffic at topropay's sandbox endpoint, enable the methods you want per market, then swap the sandbox key for the production key. Hosted-checkout deployments typically go live inside the first week.

  2. 02

    What's the fastest way to add payment gateway to website?

    The fastest way to add payment gateway to website is the hosted-checkout shape — a drop-in redirect or iframe. The merchant's PCI scope shrinks to SAQ A, integration work is minimal (an API call to create a session plus a redirect), and go-live is a matter of days rather than weeks.

  3. 03

    How do I add payment method to website without re-integrating?

    Once the gateway is live, add payment method to website by toggling the method on in the topropay dashboard. Cards, wallets, ACH, SEPA SDD, iDEAL, PIX and other regional rails become part of the same hosted checkout without a code change on the merchant's side. Availability follows the connected acquirer's coverage per market.

  4. 04

    Can I add ACH payment to my website?

    Yes. add ach payment on topropay uses US ACH connectivity through a partner ACH processor. Mandate authorisation captured at first debit; R-code-aware retries handle NSF returns; settlement flows into the same reconciliation feed as card. The buyer picks ACH on the same hosted surface as card.

  5. 05

    How do I add payment system to website that covers multiple regions?

    add payment system to website that covers multiple regions is topropay's default configuration — the same integration surfaces card everywhere, plus SEPA / iDEAL / Bancontact in the EU, ACH in the US, PIX in Brazil, PayID in Australia, and card + partner-licensed methods in APAC. Method availability follows connected acquirer coverage per market.

  6. 06

    Do I need my own merchant account to add payment gateway?

    No — to add payment gateway on topropay's sub-merchant model, the merchant rides the platform's connected acquirer relationships. Merchants who already hold a direct MID can bring it in as an additional connected lane; the routing engine treats it as one more provider in the panel.

  7. 07

    How does the payment gateway add in website affect PCI scope?

    PCI scope depends on the integration shape. Hosted-checkout shrinks the merchant's scope to SAQ A. Embedded hosted fields sit at SAQ A-EP. Low-level SDK is a full-scope integration but with the vault handling PAN storage, so the merchant server still never sees a raw PAN. All three inherit topropay's PCI DSS Level 1 service-provider posture underneath.

  8. 08

    Can I add a payment gateway to an existing website without downtime?

    Yes. Add a payment gateway to an existing website by running topropay in parallel with an existing provider — one gateway carries the old traffic while the new one takes a percentage of new traffic. Once the routing policy is tuned, cut the balance over; there's no requirement to switch overnight.

  9. 09

    Which methods can I add on top of card on my website?

    On top of card, merchants typically add Apple Pay, Google Pay and Click to Pay first (mobile-first wallets), then regional bank rails per market (SEPA SDD in the EU, ACH in the US, PIX in Brazil, iDEAL in the Netherlands), then BNPL (Klarna, Afterpay, Clearpay) on merchants where cart uplift matters, and finally crypto via licensed partner gateways where the buyer base wants it.

  10. 10

    How much code do I need to write to add a payment gateway to a website?

    For hosted checkout, roughly 20–50 lines of server-side code to create a payment session plus a redirect on the client. For embedded hosted fields, add another 40–80 lines to mount the iframes and handle the tokenisation callback. For SDK, count on the merchant's team owning a normal integration project.

  11. 11

    Do I need to add per-region gateways for each market?

    No. The reason topropay's connected acquirer panel exists is so the merchant doesn't run one gateway integration per region. The panel behind the same unified API covers US, EU, UK, APAC and LATAM connectivity — expanding into a new market is a routing-policy change, not a per-region integration project.

  12. 12

    How are refunds handled once the gateway is live?

    Refunds run against the vault token issued by the original authorisation. Operators trigger refunds from the topropay dashboard or via API, with a justification and reason code logged for audit. The refund reverses the authorisation through whichever connected acquirer cleared it.

  13. 13

    Can I add recurring billing on the same gateway?

    Yes. Card-on-file recurring, SEPA Direct Debit and ACH recurring all run through the same authorise endpoint; cycle scheduling, smart retries and network tokens are platform-side. The merchant doesn't fork billing per scheme.

  14. 14

    How do I add a payment gateway if my website is on a hosted platform (Shopify, Webflow, WordPress)?

    For merchants on hosted platforms without native topropay support, the standard path is a hosted-checkout redirect from a checkout button. The merchant's website links to a topropay-hosted payment session; the buyer completes payment there and redirects back with a confirmation. No plugin is required.

  15. 15

    Is there a sandbox to test before I add the payment gateway to production?

    Yes. Every integration shape has a sandbox environment with test card numbers, test bank-rail mandates and test webhooks. The merchant can rehearse the full flow — auth, capture, refund, dispute — before switching the API key to production.