For resellers · PSPs · ISVs

Create a payment gateway — ship your branded surface in weeks, not years.

Build your own branded payment gateway on top of topropay's orchestration layer. The PCI L1 vault, the connected acquirer panel, the routing engine, the dispute queue and the reconciliation feed already exist; your team writes the surface and owns the merchant relationship.

Day 1
API access · sandbox keys
Week 1
Hosted-page surface live
Month 1
Routing policy across providers
Month 3
Branded gateway live to customers

Build vs buy

create a payment gateway from scratch vs build on a platform

Six axes that tend to flip between building scheme-licensed acquiring from scratch and building a branded gateway on top of an orchestration layer.

Axis From scratch On topropay
Time to first transaction 6–18 months of compliance & engineering work Days to first sandbox auth; weeks to live merchant traffic
PCI scope Full PCI DSS Level 1 audit own-built; storing, processing and transmitting PAN PCI L1 inherited; merchant operates at SAQ A or SAQ A-EP scope
Scheme licensing Direct Visa / Mastercard / Amex / Discover scheme registration required Connected acquirers carry the scheme licences; the merchant rides them
Acquirer relationships Negotiate per-region individually; BIN sponsorship for each Connected panel already in place across EU, UK, APAC and LATAM
Routing & cascade Build BIN-based routing logic, retry handling, fraud signal ingestion Routing engine and cascade already shipped; tunable per merchant
Reconciliation Normalise N settlement-file formats into one ledger Settlement files from every connected provider already normalised

Key benefits

Why teams who set out to create their own payment gateway end up here

Four properties that show up once the scope of a from-scratch build hits engineering and finance — and the appetite for inheriting solved infrastructure grows.

Skip the scheme-licensing year

Direct scheme registration with Visa, Mastercard, Amex and Discover is a year-plus project for new entrants. Building on top of a connected acquiring panel means the licensed entities ride underneath; your gateway brand sits on the surface.

Skip the per-acquirer integration year

Each direct acquirer integration is months of work. The platform already speaks to a panel of connected acquirers — adding a region or a provider is a routing-policy change rather than a re-integration on your side.

Inherit PCI DSS Level 1 from day one

Card data captures into the platform vault before any of your code or any connected provider touches it. Your gateway never holds PAN data, which collapses your own PCI scope to SAQ A or SAQ A-EP.

Ship a branded gateway, not a science project

Your team builds the surface (checkout UI, dashboard, branding, merchant onboarding flow). Everything beneath — vault, routing, cascade, dispute, reconciliation — is shipped already and runs as a managed service.

How it works

Six steps to ship a branded payment gateway website and product

From scoping the gateway's product surface to scaling it across downstream merchants. Each step is a concrete deliverable; none of them are scheme-licensing work, because that sits with the connected acquirers.

  1. 01

    Map your gateway's product surface

    Decide what your branded gateway will expose to its merchants — checkout shape (hosted / embedded / SDK), supported methods per market, onboarding flow, dashboard scope, pricing model.

  2. 02

    Onboard as a topropay reseller / PSP

    KYB on your entity; agreed commercials; access to the connected provider panel and the routing-policy editor. Sandbox keys issued for your engineering team.

  3. 03

    Build the surface in your brand

    Your team wraps topropay's unified API with your gateway brand, your checkout UI, your dashboard. Hosted-fields tokenisation runs through the platform vault; PAN never lands on your origin.

  4. 04

    Configure per-merchant routing

    Define routing weights per BIN, currency, country pair and merchant vertical. Resellers configure each downstream merchant independently; the policy editor is dashboard-driven, not code.

  5. 05

    Pilot with first merchants

    Onboard one or two pilot merchants, parallel-run against an existing provider where possible, measure approval rate, dispute outcomes and time-to-settle before scaling.

  6. 06

    Scale the gateway brand

    Once the pilot proves out, onboard additional merchants through your gateway's branded surface; the connected panel scales horizontally without re-engineering work on your side.

Main use cases

Where the create your own payment gateway pattern earns its keep

Five common shapes for teams creating branded gateways — PSPs, vertical ISVs, smaller banks, MoR platforms, and multi-brand merchant groups.

  • PSP

    Independent payment service providers

    Build a branded gateway with your own checkout, dashboard and merchant-onboarding flow. The platform sits underneath as the orchestration layer; you keep the merchant relationship and contracting.

  • ISV

    Vertical SaaS / ISVs embedding payments

    Software platforms (events ticketing, hospitality, professional-services billing) embed payments under their own brand instead of redirecting customers to a third-party gateway.

  • Bank

    Banks adding non-card rails

    Smaller banks and neobanks add card and bank-rail acceptance for SMB customers through a white-labelled gateway without standing up a full acquiring stack themselves.

  • MoR

    Merchant-of-record platforms

    MoR / payments-on-behalf platforms surface a single gateway brand to their seller base; topropay handles the multi-acquirer side; the platform owns the seller relationship.

  • Group

    Multi-brand merchant groups

    Retail or hospitality groups operating many brands centralise on a single internal 'group gateway' so finance, dispute and reconciliation stay unified across the estate.

Platform features

Capabilities your branded gateway inherits on day one

Twelve platform capabilities your gateway brand exposes to its merchants without building them — the primitives that make a from-scratch project a 12–18 month job.

  • Unified payments API One REST contract your gateway brand wraps — card, ACH, SEPA, wallet, BNPL, crypto across the connected provider panel.
  • Hosted, embedded & SDK Three integration shapes your gateway can offer downstream merchants; same back-end across all three.
  • PCI DSS Level 1 vault Card data captures into the platform vault; your gateway surface holds tokens, not PAN.
  • Smart routing across providers Per-transaction scoring across the connected acquiring panel; your gateway brand inherits the routing capability.
  • Cascade & retry Soft declines cascade to the next ranked provider inside the same authorisation; nothing leaks back to the buyer or your downstream merchant.
  • Per-merchant routing policies Independent routing weights per downstream merchant — resellers configure each one independently.
  • Network tokens & updaters Network tokens (VTS, MDES) by default for card; scheme updaters keep saved credentials alive.
  • 3DS2 / SCA orchestration Selective EMV 3DS2 per authorisation — PSD2-compliant in Europe without breaking conversion.
  • Unified dispute queue One queue across providers your gateway brand surfaces to its merchants; evidence-pack templates per vertical.
  • Sub-merchant onboarding hooks KYB / KYC API surfaces for your gateway to plug into its own onboarding flow; sanctions screening on the platform side.
  • One reconciliation feed Settlements, fees, refunds and chargebacks from every connected provider normalised into one ledger your gateway can re-expose.
  • Webhooks & SDKs Signed lifecycle events plus server SDKs (Node, Python, PHP, Go, Ruby) for the gateway team to wrap.

Industry relevance

Built for licensed gateway brands across EU, UK, APAC and LATAM

topropay's reseller / PSP offering targets licensed gateway operators serving licensed merchants in EU, UK, APAC and LATAM. Vertical fits include payments-focused PSPs, vertical SaaS platforms embedding payments, smaller banks and neobanks adding acceptance, MoR platforms, and multi-brand merchant groups consolidating internally.

  • Independent PSPs
  • Vertical SaaS / ISVs
  • Smaller banks & neobanks
  • MoR / payments-on-behalf platforms
  • Multi-brand merchant groups
  • Licensed gaming aggregators (where licensed)
  • Adult-content gateways · out of scope
  • Unlicensed gambling · out of scope
  • Grey-market / IP-infringing goods · out of scope

Trust & compliance

Compliance posture inherited by every branded gateway

One audited environment underpins every gateway brand on the platform; per-provider scheme-programme positions surface in the dashboard so the gateway-builder sees where the panel stands.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; your gateway brand and its downstream merchants inherit the posture without standalone certification.
Scheme programme posture
Visa VDMP / VAMP / VFMP and Mastercard ECP / EFMP positions surfaced per connected provider; routing weights can rotate around at-risk lanes.
SCA & PSD2
Selective EMV 3DS2 on the authorisation path keeps approval high in Europe without skipping the SCA bar.
Bank-rail mandate posture
NACHA authorisations for ACH, SEPA mandate IDs for SEPA SDD; captured and retained per scheme rules.
Sanctions & AML alignment
Sanctions screening at onboarding; AML monitoring tuned per downstream merchant vertical, volume and country mix.
Licensed verticals only
Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of which gateway brand sits in front.

Ready to ship a branded gateway

Don't reinvent acquiring. Wrap an orchestration layer instead.

A 30-minute reseller / PSP call confirms the connected provider panel relevant to your geographies, the per-merchant routing capability, the sandbox you can test against, and the commercial structure before any contract.

Frequently asked

Buyer questions about how to create a payment gateway on topropay

What it really takes to ship a branded gateway, what's free vs paid, who owns the merchant relationship, and how migration / exit work.

  1. 01

    What does it actually take to create a payment gateway today?

    To create a payment gateway from scratch you need scheme registration with Visa, Mastercard, Amex and Discover; relationships with one or more acquiring banks per region; a PCI DSS Level 1 environment for card data; a routing engine; a reconciliation pipeline; a dispute / chargeback handler; merchant onboarding (KYB, sanctions screening); and a 24×7 ops team. Realistically it's a 12–24 month project with a seven-figure budget before the first merchant transacts.

  2. 02

    Is there a faster way to create a payment gateway?

    Yes. The faster path is to create your branded payment gateway on top of an orchestration platform like topropay. The platform contributes the scheme connections, PCI L1 vault, routing, dispute and reconciliation layers; your team contributes the gateway brand, checkout UI, dashboard and downstream-merchant onboarding flow. Time-to-live drops from 12–24 months to roughly 6–12 weeks.

  3. 03

    Can you really create your own payment gateway for free?

    Searches for 'create your own payment gateway for free' usually surface either open-source PCI-compliant code libraries (which don't include acquiring) or sandbox accounts on commercial gateways (which let you build against a test environment without commercial commitment). Production traffic always involves licensed acquiring, scheme registration and PCI compliance — none of which are free in the long run. The honest answer is 'free sandbox, paid production'.

  4. 04

    What does it mean to create your own payment gateway on topropay?

    Creating your own payment gateway on topropay means standing up a branded gateway product on top of the platform — your checkout UI, your dashboard, your onboarding flow, your pricing — with topropay's connected provider panel and orchestration layer doing the heavy lifting underneath. Your merchants see your brand; the per-transaction routing across acquirers happens transparently behind it.

  5. 05

    Can the platform be used for payment gateway create-on-demand workflows?

    Yes. payment gateway create-on-demand patterns — e.g. ISVs spinning up a per-customer gateway brand programmatically — work because the platform's reseller / PSP onboarding flow can be driven via API. Per-downstream-merchant onboarding, routing policy and dashboard scoping are all configurable per merchant rather than baked into a single shared deployment.

  6. 06

    Is creating a payment gateway website different from creating the gateway itself?

    Yes, the create payment gateway website side is the surface — marketing site, sales funnel, merchant portal, brand pages — that customers experience. The payment gateway underneath is the technical product. Many resellers ship the website first (Astro / Next / WordPress) while the technical integration runs in parallel; the platform side is API-driven and decoupled from your marketing site stack.

  7. 07

    What if I literally want to create a payment gateway website only?

    If the goal is just to create a payment gateway website (a brochure-and-funnel site for an existing gateway), the platform side isn't strictly needed — any modern static-site stack works. If the goal is to ship both the site and the underlying gateway product, the platform side handles the back; the site handles the merchant-facing front.

  8. 08

    Who owns the merchant relationship in this model?

    Your branded gateway owns the merchant relationship — contracting, pricing, support, account management. topropay sits below as the infrastructure / orchestration layer that your team writes against. Downstream merchants don't see topropay's brand in their day-to-day.

  9. 09

    What pricing model does the platform run for gateway-builders?

    Pricing for gateway-builders / PSPs is usage-based: a platform fee per transaction (typically expressed as a basis-points spread or a flat fee depending on volume tier), plus pass-through scheme and acquirer fees. The reseller sets its own margin on top when pricing to its downstream merchants. Detailed numbers are part of the commercial conversation.

  10. 10

    How does the platform handle compliance for the gateway-builder?

    Compliance posture is layered. PCI DSS L1 on the vault, switch and tokenisation runs at the platform level; the gateway-builder inherits it. Sanctions screening and AML monitoring run at the platform level on every downstream merchant. The gateway-builder is responsible for any local-jurisdictional requirements specific to its market (e.g. local consumer-protection registration, marketing-conduct rules).

  11. 11

    Can a single gateway brand serve multiple regions?

    Yes. A single branded gateway can serve EU, UK, APAC and LATAM merchants through one platform record. Per-region acquiring sits with licensed connected acquirers in each region; the gateway-builder doesn't need separate per-region integrations on its side.

  12. 12

    Are there verticals the platform won't carry?

    Yes. Licensed gaming, regulated financial services and other compliance-bound verticals are supported only where current operating licences exist. Grey and black-market verticals (unlicensed gambling, adult content, IP-infringing goods, etc.) are out of scope regardless of which branded gateway sits in front. Gateway-builders inherit this position by virtue of the connected provider panel.

  13. 13

    How is dispute handling shared between the gateway brand and the platform?

    The platform ships the unified dispute queue, the evidence-pack templates and the automated-representment paths for select scheme types. The gateway brand surfaces these to its downstream merchants under its own branding, optionally enriches the evidence with merchant-specific metadata (order details, delivery proof, customer correspondence) and routes the case back through the platform for submission.

  14. 14

    What happens if we want to migrate from the platform to direct-acquiring later?

    Migration is supported — the platform doesn't lock you in. Vault tokens can be migrated to the merchant's new vault (subject to PCI scheme-compatible handover procedures), settlement history can be exported in full, and merchant records can be portable subject to the underlying acquirer's contract terms. Most gateway-builders stay on the platform precisely because direct-acquiring carries the costs they were trying to avoid in the first place.

  15. 15

    Is the platform a good fit for a single-merchant gateway brand?

    A single-merchant 'own gateway' — where the merchant just wants to brand the checkout under their own name — is normally better served by topropay's standard merchant onboarding plus checkout-branding options, not the reseller / PSP onboarding. The reseller path is right when the merchant intends to onboard other downstream merchants under the gateway brand.