SaaS · API-first · no installer

Payment gateway software delivered as a cloud-hosted platform.

topropay's payment gateway software runs in the cloud — API and SDKs on the merchant side, PCI DSS Level 1 vault and multi-acquirer routing on the platform side. No installer to download, no self-hosting to maintain, no scheme-rule upgrades to ship.

SaaS
cloud-hosted, no on-prem install
REST + SDK
web, iOS, Android, server
60+
connected acquirers behind the software
1 ledger
reconciliation across every provider

Key benefits

Why online payment gateway software beats a bespoke build

Four properties that show up the moment a merchant compares shipping a bespoke gateway against integrating a SaaS one.

Cloud-hosted, always current

topropay ships as a hosted SaaS gateway. Merchants integrate against a stable REST API and pinned SDK versions; scheme-rule changes, 3DS updates and per-acquirer message-format tweaks land server-side without a code push on the merchant.

API-first, not installer-based

There is no gateway installer to download. The 'software' side is the platform SDKs (web, iOS, Android, server-side languages) and the REST API. Sandbox credentials are issued per-merchant; production credentials follow KYB.

Multi-acquirer routing built in

The routing engine is part of the software — not a bolt-on. Per-BIN, per-currency and per-country scoring picks the best connected acquirer for each authorisation, and cascades soft declines inside the same authorisation.

Unified vault and ledger

PCI DSS Level 1 vault plus one reconciliation feed sit at the heart of the software. Settlements, refunds, chargebacks and interchange from every connected acquirer normalise into one ledger the merchant reads once.

How the payment gateway software provider role runs underneath

From merchant record to reconciled ledger in five steps

What actually happens between the merchant record being provisioned in the dashboard and the first row landing in the reconciliation feed.

  1. 01

    Provision merchant + credentials

    The dashboard issues sandbox API keys the moment the merchant record is created; KYB unlocks production keys. No install step on the merchant side.

  2. 02

    Wire up the SDK or REST endpoint

    Pick hosted checkout, embedded hosted fields or the low-level SDK depending on the merchant's PCI and UI constraints. The back-end contract is identical.

  3. 03

    Enable connected acquirers

    Underwriting activates one or more connected acquirers per geography and vertical. The routing policy is set from the dashboard — no code change to swap providers.

  4. 04

    Take payments

    Each authorisation runs through the ranked provider, cascades on soft decline, tokenises into the vault, and returns a stable receipt event to the merchant.

  5. 05

    Reconcile & report

    Settlement files from every connected acquirer normalise into one ledger; daily exports as CSV or via API; per-provider fee attribution surfaced for finance.

Main use cases

Where the best payment gateway software actually earns its keep

Six recurring shapes that reach for a SaaS gateway rather than build one — SaaS merchants, PSPs, enterprise migrations, marketplaces, vertical SaaS and B2B billing.

  • SaaS

    SaaS merchants embedding acceptance

    The gateway software drops into an existing SaaS product — one integration exposes card, wallet, bank rail and BNPL as a menu of methods the SaaS's own customers see.

  • PSP

    PSPs and resellers building on top

    Payment service providers use topropay as their gateway back-end; they resell it under their own brand to downstream merchants with per-merchant routing policies.

  • Ent

    Enterprise merchants replacing legacy

    Merchants migrating away from a single-acquirer legacy gateway swap it out with the software here; parallel-running during the cutover measures approval and cost per acquirer before absorbing volume.

  • Plat

    Marketplaces routing per seller

    Different sellers on the same platform can land on different connected acquirers based on risk profile and volume; the software handles the routing while reconciliation rolls up per seller.

  • Vert

    Vertical SaaS with embedded payments

    Vertical SaaS (fitness studios, salons, invoicing tools, event ticketing) embed the gateway software and inherit compliance posture instead of running their own PCI programme.

  • B2B

    B2B billing systems

    Accounting and ERP tools embed the gateway software to add card and ACH pay-now on invoices; the vault tokens survive re-issuance and drive recurring on renewal.

Platform features

Capabilities inside the payment gateway software

Twelve capabilities grouped by build phase — integration surfaces, routing & compliance, operations & finance. Each applies whether the merchant integrates the hosted checkout, the embedded fields or the low-level SDK.

Integration surfaces

  • Unified REST API

    One JSON-over-HTTPS contract covers authorise, capture, refund, void, dispute lookup, settlement lookup and webhook management.

  • Web / iOS / Android / server SDKs

    Idiomatic SDKs per stack, pinned versions and backwards-compatible upgrades on major bumps.

  • Hosted, embedded & SDK checkout

    Three surface shapes share the same back-end; picked per merchant's PCI scope preference.

  • Signed webhooks

    Replay-safe event IDs, HMAC signatures, retry-with-backoff and per-endpoint delivery logs.

Routing & compliance

  • Smart routing engine

    Per-transaction scoring on BIN, scheme, currency, country pair and risk across the connected panel.

  • Cascade & retry

    Soft declines cascade to the next ranked provider inside the same authorisation.

  • PCI DSS Level 1 vault

    Card data never lands on the merchant's origin; vault tokens drive refunds, retries and recurring.

  • 3DS2 / SCA orchestration

    Selective challenges per PSD2 exemption logic; frictionless passes through; step-up where required.

Operations & finance

  • Unified dispute queue

    One queue across every connected acquirer; evidence-pack templates per vertical.

  • One reconciliation feed

    Settlements, fees, refunds and chargebacks normalised across every connected provider into one ledger.

  • Operator dashboard & alerts

    Live authorisation feed, per-BIN approval rates, operator refund controls with audit log.

  • ERP & accounting connectors

    Push receipts into popular accounting systems (Xero, QuickBooks, NetSuite, Sage) via signed events.

Industry relevance

Built for licensed merchants and PSPs across EU, UK, APAC and LATAM

The gateway software targets licensed merchants and PSPs operating across Europe, the UK, APAC and LATAM — SaaS embedding acceptance, PSPs reselling the platform, enterprise merchants migrating from legacy single-acquirer gateways, and marketplaces routing per seller. Verticals bound to specific operating licences (gaming, regulated financial services) are supported only where those licences exist.

  • SaaS merchants embedding acceptance
  • PSPs reselling under their own brand
  • Enterprise migrations from legacy gateways
  • Marketplaces routing per seller
  • Vertical SaaS (fitness, salons, ticketing)
  • B2B billing and ERP integrations
  • Licensed gaming (where licensed)
  • Adult-content acceptance · out of scope
  • Unlicensed gambling · out of scope

Trust & compliance

Compliance posture baked into the gateway software

One audited environment underpins the software. Sub-merchants inherit the posture across every connected acquirer without carrying separate certifications themselves.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture across every connected provider.
Scheme programmes
Visa VDMP / VAMP / VFMP and Mastercard ECP / EFMP positions surfaced per connected acquirer; routing weights rotate around at-risk lanes.
SCA & PSD2
Selective 3DS2 on the authorisation path keeps approval high in Europe without skipping the SCA bar.
Bank-rail mandate handling
NACHA authorisations for ACH, SEPA mandate IDs for SEPA Direct Debit; captured and retained per scheme rules.
Sanctions & AML alignment
Sanctions screening on onboarding; AML monitoring tuned per merchant vertical, volume and country mix.
Licensed verticals only
Licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope regardless of software surface.

Ready to integrate

Integrate payment gateway software once, run every provider.

A 30-minute technical review covers your stack, the connected acquirers relevant to your geographies, the SDK path that fits your PCI posture, and a sandbox to build against before any commercial commitment.

Frequently asked

Buyer questions about payment gateway software on topropay

Definitions, the software-download disambiguation, SDKs, self-hosting, white-labelling and the practicalities of running SaaS gateway software instead of a bespoke build.

  1. 01

    What does 'payment gateway software' mean on topropay?

    Payment gateway software on topropay means the platform's SaaS-delivered gateway — REST API, SDKs (web, iOS, Android, server-side), operator dashboard and routing engine. It's software the merchant integrates against, not software the merchant installs on their own servers. Updates ship server-side; the merchant tracks stable API versions and pinned SDK versions.

  2. 02

    Is there a payment gateway software download for on-premise deployment?

    There is no payment gateway software download for on-premise deployment. The gateway is a cloud-hosted SaaS product. Merchants integrate against SDK packages (available via npm, pip, RubyGems, Composer, Maven, CocoaPods and Gradle) plus the REST API — those install into the merchant's app, but the gateway logic itself runs in the platform's PCI DSS Level 1 environment.

  3. 03

    Does topropay do payment gateway software development for third parties?

    Payment gateway software development on topropay is delivered as a managed SaaS platform, not as bespoke development for third parties. Merchants and PSPs integrate against topropay's API; if the customer needs bespoke code around it (custom checkout, connector to an unusual back-office system) that development is either the customer's own engineering work or handled by an implementation-partner consultancy — not something topropay ships as a service.

  4. 04

    Is topropay a payment gateway software development company in the classical sense?

    A payment gateway software development company in the classical sense builds bespoke gateways for individual clients on a project basis. topropay operates a different model — a productised, cloud-hosted gateway software platform that many merchants and PSPs share, with per-merchant routing policies and per-merchant branding. Merchants get the benefits of a full gateway build without a bespoke development project.

  5. 05

    Who is the payment gateway software provider — topropay or the connected acquirers?

    topropay is the payment gateway software provider. The connected acquirers hold the acquiring licences and clear the underlying card transactions; topropay is the gateway software that sits in front of them, exposing one API to the merchant, tokenising in the vault, routing across the panel and reconciling the settlements.

  6. 06

    How does the best payment gateway software actually get compared?

    The best payment gateway software for any given merchant depends on the merchant's method mix, geographies, dispute posture and existing tech stack. Rather than picking a single gateway, topropay's approach exposes many connected acquirers behind one gateway software integration, so the merchant doesn't have to gamble on which single provider will perform best — the routing engine picks per authorisation.

  7. 07

    How does online payment gateway software differ from a standalone gateway?

    Online payment gateway software historically meant a single-acquirer connection with basic tokenisation. Modern online payment gateway software — like topropay's — adds multi-acquirer routing, cascading, network tokens (VTS, MDES), a unified dispute queue and one reconciliation feed. The merchant integrates once and gets the whole panel, not a single point connection.

  8. 08

    What SDKs does the payment gateway software ship?

    The gateway software ships SDKs for JavaScript (browser and Node), TypeScript, PHP, Python, Ruby, Go, Java, .NET, iOS (Swift) and Android (Kotlin). All SDKs speak the same REST API underneath. Sandbox parity is full — every capability exposed in production is also available in sandbox.

  9. 09

    Can the software be white-labelled for a PSP?

    Yes. PSPs and resellers can white-label the operator dashboard and hosted checkout with their own brand — colours, logo, favicon, domain (via CNAME). The API endpoints stay on topropay's infrastructure; the buyer never sees topropay's brand unless the PSP chooses to surface it.

  10. 10

    How is the software priced?

    Payment gateway software pricing on topropay is per-transaction (interchange-plus for card, fixed-plus for bank rail and wallet), with no per-seat or per-SDK licence fee. Volume tiers and per-vertical adjustments are quoted after underwriting. There's no upfront licence fee because there's no on-prem software to license.

  11. 11

    How quickly can a merchant integrate the software?

    Most merchants integrate the software in 1–4 weeks. The variables are the merchant's PCI scope choice (hosted checkout is fastest at SAQ A, low-level SDK gives more control but takes longer), the languages in the merchant's stack and any scheme-programme registrations the connected acquirers need to file.

  12. 12

    Does the software support high-risk verticals?

    The software supports licensed high-risk verticals (subscription, travel, ticketing, licensed gaming, nutraceuticals) through the same routing engine and connected acquiring panel. Grey and black-market verticals — adult content, unlicensed gambling, illegal goods — are out of scope regardless of software configuration.

  13. 13

    What happens on scheme-rule changes (e.g. new 3DS2 message versions)?

    Scheme-rule changes land server-side inside the gateway software. Merchants don't ship code to keep up with EMV 3DS2 spec bumps, new Visa or Mastercard scheme rules, or per-acquirer message-format tweaks — topropay's platform absorbs those and the merchant's API contract stays stable.

  14. 14

    Can we self-host or run the software in our own cloud account?

    Self-hosting or running the software in the merchant's own cloud account isn't a supported deployment shape. The gateway software's PCI L1 posture depends on the platform's audited environment; putting it in another account would fork the PCI scope and break the inheritance model. Merchants who need very tight data residency can request per-region-hosted variants where the platform supports them.

  15. 15

    Is there a free tier or trial?

    Sandbox access is free — merchants can build against the full API from day one with test credentials. Production pricing kicks in on the first live authorisation, per the merchant's contract.