Payment gateway integration

Payment gateway integration — days to live, many gateways behind one API.

topropay's integration is one API in front of every connected acquirer, PSP and method. Pick the surface — hosted, embedded or low-level SDK — drop it into the merchant's web or mobile checkout, and the routing engine handles the multi-gateway traffic split behind it.

step 1 · install
$ npm install @topropay/sdk
step 2 · authorise
await topropay.payments.create({ amount: 18900 })
step 3 · ship
200 authorised · acquirer · 184ms
Three commands. Many gateways behind them.
Days
to live on the hosted path
1 API
in front of many gateways
SDKs
for web · iOS · Android · server
Sandbox
mirror of production

Key benefits

Why an orchestrated payment gateway integration wins on every axis

Four outcomes that show up consistently once one integration sits in front of the multi-gateway portfolio rather than per-provider plumbing.

  1. 01

    A simple payment gateway integration that scales

    Drop-in hosted checkout for the fastest start, embedded hosted fields for inline UI, low-level SDK for full control. All three back onto the same authorisation engine — pick the simplest shape that fits and upgrade later without re-integrating.

  2. 02

    Multiple payment gateway routing inside one integration

    The merchant writes one integration; the routing engine fans authorisations out across the connected acquirer panel. Multiple-payment-gateway behaviour without per-gateway plumbing — the merchant doesn't maintain a separate webhook handler per provider.

  3. 03

    Mobile-application payment-gateway integration inherited from web

    Native iOS and Android SDKs share the same authorisation engine, vault and webhook model as the web checkout. A mobile payment gateway integration is the same back-end as the desktop one — different surface, identical contract.

  4. 04

    Transparent payment gateway integration cost

    No platform retainer, no monthly minimum, no per-environment fee. Pricing is per-authorisation on top of underlying provider economics; the sandbox is free. Payment gateway integration charges are predictable line-items on the invoice, not bundled into a long-form quote.

Integration shapes

Three integration shapes — pick the simplest one that fits

Three valid integration shapes back onto the same orchestration. The difference is PCI scope and UI control; pick the shape that fits the team, not the platform.

Embedded

Hosted fields inline on the merchant's page

Card-number, expiry and CVV render as hosted iframes inside the merchant's own checkout. The rest of the page is fully under merchant control; sensitive fields still capture into the vault.

  • Full UI control around the form
  • PCI SAQ A-EP scope
  • Inline 3DS / SCA flows
SDK

Low-level SDK for full surface control

Server SDKs (Node, Python, PHP, Ruby, Java, Go) wrap the REST API with idiomatic helpers; native iOS and Android SDKs cover mobile surfaces with the same primitives.

  • Full custom checkout UI
  • Same authorisation engine
  • OpenAPI-generated where the language supports it

How it works

The payment gateway integration process in six stages

Six concrete stages between the first scope call and live traffic. Hosted-path merchants reach the live stage in days; embedded and SDK builds take weeks.

  1. 01

    Scope

    30-minute integration review covers method mix, geography, traffic shape and the integration shape that fits the team — hosted, embedded or SDK.

  2. 02

    Sandbox keys

    Sandbox tenant and signed API keys issued. Engineering starts building against the sandbox; no live volume needed during integration.

  3. 03

    Drop in the surface

    Pick the integration shape and drop it into the checkout. Hosted-page: a redirect / iframe and a webhook handler. Embedded: hosted fields. SDK: the merchant's own surface against the primitives.

  4. 04

    Configure methods and routing

    Method availability per market and routing policy (approval-, cost- or composite-weighted) are dashboard configuration. Engineering integrates once; ops tunes afterwards.

  5. 05

    Test against the sandbox

    Deterministic helpers in the sandbox trigger specific outcomes — soft / hard declines, 3DS challenges, iDEAL bank-confirmation, ACH R-code rejections, webhook replays. Build confidence before live traffic.

  6. 06

    Switch keys to live

    Onboarding / KYB completes in parallel; live API keys are issued and the merchant flips traffic over. Most merchants reach live in days on the hosted path, weeks on embedded or SDK builds.

Main use cases

Where multiple payment gateway integration earns its keep

Six merchant shapes that share the same integration but stress it differently — website, mobile, multi-gateway, marketplace, PSP and recurring.

  • Website

    Payment gateway integration with website

    Most common shape: drop the hosted checkout into the merchant's existing website via a redirect or iframe. Methods per market and routing policies are dashboard-configurable; the merchant doesn't ship a release every time the method mix changes.

  • Mobile

    Payment gateway integration in mobile application

    Native iOS and Android SDKs surface Apple Pay, Google Pay, regional wallets and cards inside the same authorisation engine the web checkout uses. A mobile-application payment-gateway integration ships alongside the web one, not as a separate build.

  • Multi

    Multiple payment gateway integration

    Where merchants ran several gateways separately, topropay collapses the lot behind one API. Multiple-payment-gateway integration becomes one integration job, plus dashboard configuration to switch on each connected provider per market.

  • Platform

    Marketplaces and platforms

    Split payments, per-seller payouts and per-tenant reporting on one orchestration layer. The platform handles facilitation; the marketplace handles its sellers.

  • PSP

    PSPs and ISVs reselling capacity

    Resellers ride the connected portfolio downstream. The integration is one-off for the PSP; their merchants inherit the routing, method coverage and reconciliation.

  • Subs

    Subscriptions and recurring billing

    Vault-token-driven recurring on cards, plus ACH and SEPA Direct Debit, share the same scheduling engine. Renewals run server-to-server; cancel surfaces are dashboard-configurable.

Cost structure

Payment gateway integration cost and charges — line by line

Six lines that explain how the cost stacks. No bundled "effective rate" — every component is named and reconcilable against the daily export.

  • 01

    No platform retainer

    There's no fixed monthly fee for accessing the integration — pricing is per-authorisation on top of underlying acquirer / rail economics.

  • 02

    Interchange-plus on cards

    Card authorisations carry interchange and scheme fees as pass-through where the underlying acquirer supports it; the platform fee is a separate line.

  • 03

    Sandbox is free

    The sandbox environment is unmetered — payment gateway integration testing doesn't add to the invoice.

  • 04

    Volume bands

    Per-authorisation fees compress at higher monthly authorisation counts, agreed up-front and surfaced in the dashboard.

  • 05

    No per-environment fee

    Production and sandbox keys, multi-tenant API keys, scoped sub-merchant keys — all included.

  • 06

    Integration services

    Most merchants self-serve the integration via docs, SDKs and sandbox. Where high-complexity migrations or marketplace facilitation flows need help, a paid integration-services engagement is available.

Platform features

Capabilities behind the integration

What the platform actually ships — the API contract, the SDK family, the routing engine and the operator surface.

  • Unified payment gateway API

    JSON-over-HTTPS REST surface with idempotency, signed webhooks and OpenAPI specs.

  • Server SDKs

    Node, Python, PHP, Ruby, Java, Go and .NET — idiomatic helpers with webhook-signature verification built in.

  • Mobile SDKs

    Native iOS and Android SDKs share the same authorisation engine as web.

  • Hosted page

    Drop-in checkout via redirect or iframe; signed session tokens; brandable surface; localised method ordering per market.

  • Hosted fields

    Inline iframes for PAN / expiry / CVV that keep PCI scope on the platform side.

  • Smart routing engine

    Per-transaction scoring across the connected acquirer panel — chosen route varies per BIN, scheme, currency and country pair.

  • Cascade & retry

    Soft declines fail over to the next ranked acquirer inside the same authorisation; nothing leaks back to the buyer.

  • PCI DSS Level 1 vault

    Card data captures into the vault before it touches the merchant's origin; refunds, retries and recurring run on vault tokens.

  • Network tokens & updaters

    Network-token-by-default plus scheme account updaters keep saved cards alive across re-issuance.

  • 3DS2 / SCA orchestration

    Selective challenges per transaction — PSD2-compliant in Europe without breaking conversion elsewhere.

  • Operator portal

    One dashboard for authorisations, refunds, disputes and chargebacks across every connected gateway.

  • Sandbox parity

    Per-environment sandbox that mirrors production with deterministic decline / 3DS / cascade scenarios.

Trust & compliance

Compliance posture across every integration shape

Every authorisation runs through a single audited environment regardless of integration shape. Merchants inherit posture rather than carrying separate certifications per provider or per surface.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture regardless of integration shape.
SCA & PSD2
Selective 3DS2 on the authorisation path keeps approval high in Europe without skipping the compliance bar.
Signed events
Webhook events HMAC-signed with rotation; replay-safe with idempotency keys; SIEM-friendly out of the box.
Scheme programme tracking
Visa VDMP / VAMP and Mastercard ECP / EFMP thresholds tracked across the connected acquirer panel.
Data residency
Regional data-residency options for merchants under regulators that require it.
Licensed verticals only
Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals — including unlicensed gambling — are out of scope regardless of integration shape.

Ready to integrate

One integration. Many gateways. Days to live.

A 30-minute integration review covers the shape that fits your team — hosted, embedded or SDK — the SDK family for your stack, the routing policy that fits, and a sandbox to test against before any commercial commitment.

Frequently asked

Buyer questions about payment gateway integration

Questions buyers ask before committing — integration shape, mobile, multi-gateway, cost / charges, sandbox parity and the licensed-verticals-only boundary.

  1. 01

    What does payment gateway integration mean on topropay?

    Payment gateway integration on topropay means wiring the merchant's checkout (web, mobile or both) against the platform's unified payments API. The merchant picks an integration shape — hosted page, embedded hosted fields or low-level SDK — and the platform handles the routing across multiple connected acquirers behind it.

  2. 02

    How long does online payment gateway integration usually take?

    Online payment gateway integration on the hosted-page path takes days for most merchants — a redirect / iframe, a signed session token, one webhook handler. Embedded hosted-fields builds take a few weeks; full custom SDK builds take longer depending on the complexity of the merchant's surface.

  3. 03

    How does payment gateway integration in website work end-to-end?

    Payment gateway integration in website flows: the website calls topropay to create a payment session, redirects (or embeds) the hosted checkout, the buyer completes the payment, the platform fires a signed webhook back to the merchant's URL with the authorisation result, and the merchant ships the order. The same shape powers refunds and disputes through different endpoints.

  4. 04

    What does payment gateway integration with website look like for an existing stack?

    Payment gateway integration with website on an existing stack is usually a one-week sprint for a senior engineer on the hosted-page path: install the SDK, render the hosted checkout from the cart page, wire one webhook handler, swap sandbox keys for live keys. Common ecommerce platforms (Shopify-like, WooCommerce-like, custom) can wire it in hours rather than days.

  5. 05

    Are payment gateway integration services included, or do I need help?

    Most merchants self-serve the integration via docs, SDKs and the sandbox — payment gateway integration services on the platform side aren't required. For high-complexity migrations (legacy gateway swap, marketplace facilitation flows, custom routing requirements), a paid integration-services engagement is available.

  6. 06

    What about gambling payment gateway integration services specifically?

    Gambling payment gateway integration services are available only for licensed operators in permitted jurisdictions. The operator must hold a current operating licence and run full KYC, AML and responsible-gaming controls; the platform's underlying acquirers must underwrite the vertical for the operator's market. Unlicensed gambling and grey-market betting are out of scope regardless of integration shape.

  7. 07

    Is there a simple payment gateway integration shape that ships fastest?

    The simple payment gateway integration shape is the hosted page on a redirect — minimal merchant-side code, minimal PCI scope, one webhook handler. Most low-volume merchants and ecommerce-platform-based stores pick this path. Upgrading to embedded or SDK later doesn't require re-integrating; the back-end stays the same.

  8. 08

    How does multiple payment gateway integration work without re-integrating?

    Multiple payment gateway integration on topropay isn't multiple integrations — it's one integration against the platform API, plus dashboard configuration to switch on each connected provider per market. The merchant doesn't pick a different SDK per gateway; the routing engine handles the cross-gateway traffic split.

  9. 09

    What's the payment gateway integration process from sign-up to live traffic?

    Payment gateway integration process on topropay: scope review (30 minutes) → sandbox keys → drop in the surface → configure methods and routing → test against the sandbox → switch keys to live. Hosted-path merchants reach live in days; embedded and SDK paths take weeks. KYB / underwriting runs in parallel.

  10. 10

    How does mobile payment gateway integration differ from web?

    Mobile payment gateway integration differs only at the surface level — native iOS and Android SDKs render the pay-sheet and handle wallet handoff (Apple Pay, Google Pay). Behind the surface, the same authorisation engine, vault and webhook model power both. A web-then-mobile rollout is a second SDK install, not a second integration project.

  11. 11

    How does payment gateway integration in mobile application work specifically?

    Payment gateway integration in mobile application uses the native SDK (iOS / Android) — install via Cocoapods / SPM or Gradle, instantiate the client with a publishable key, present the platform-rendered pay-sheet, handle the resulting authorisation in the app's back-end via the same /v1/payments endpoint as web. PCI scope stays on the platform; PAN never lands in the app process.

  12. 12

    What's the payment gateway integration cost on the platform?

    Payment gateway integration cost is per-authorisation on top of underlying acquirer / rail economics — no platform retainer, no monthly minimum, no per-environment fee. Interchange and scheme fees pass through where the underlying provider supports it; the platform fee is a separate line. Sandbox is free.

  13. 13

    How transparent are payment gateway integration charges?

    Payment gateway integration charges are split into explicit invoice lines: interchange (pass-through where supported), scheme fees (pass-through where supported), acquirer markup, platform fee per authorisation. No bundled 'effective rate' — every component is named and reconcilable against the daily export.

  14. 14

    Is topropay a payment gateway integration company in the traditional sense?

    Topropay sits one level above traditional payment-gateway-integration companies — instead of selling one gateway integration, the platform integrates with multiple gateways and exposes them through one unified API. The merchant gets the result of a multi-gateway integration without doing the integration work per gateway.

  15. 15

    What does the sandbox look like during the payment gateway integration?

    The sandbox during integration mirrors production endpoints exactly — same REST shape, same error model, same signed webhooks (with rotating test secrets). Deterministic helpers trigger specific outcomes (soft/hard decline, 3DS challenge / frictionless, iDEAL bank-confirmation, PIX timing, ACH R-codes, refund and chargeback simulations) so the merchant builds the full integration against the sandbox before any live traffic.