menu

  Quickstart Guide

Select a workflow part below to see the required steps, review process diagrams, and jump directly to the relevant operations in the API Explorer.

Part 1: Settings Profile & Middleware Token #authenticate

Your journey begins by exchanging gateway credentials for a middleware token. This token (x-credentials) authenticates all subsequent requests for that specific gateway.

  1. Call GET /api/gateway/list to find the exact system name for your gateway (e.g., "ncpv1").
  2. Fetch the settings template with GET /api/{gateway_name}/settings. This shows the exact fields required to build your settings profile in the next step.
  3. Submit your completed settings profile to POST /api/gateway/credentials and collect your middleware token from the response.
  4. Cache the returned x-credentials token and refresh every 20 minutes to keep alive if unused. If token is used at least once per 20 minutes, there is no expiration.
    • When using this site's API toolkit to send a credentails request, your token will be automatically saved as a variable for use in subsequent test calls across the API Explorer.
  5. It is also suggested that integrators fetch and cache paymentMethods for the active gateway using /api/paymentmethod. Refresh periodically or on invalidation - never hard-code values.
    • Note that paymentMethod is sent in all calls which setup a user interface for user payment to determine which interface to present.
flowchart TD subgraph User Actions A["**Get a list of supported gateways**
Capture your gateway's name."] B["**Get the settings template**
Gather the required values."] C["**Submit your completed settings profile**
Receive your token."] D(("Used For All
Operations")) end subgraph Middleware MW(PAYMENT MIDDLEWARE) end %% Define the main vertical workflow A --> B --> C --> D %% Define the request/response data flows A -- "/api/gateway/list" --> MW MW -- "gateway names list" --> A B -- "/api/{gateway}/settings" --> MW MW -- "{JSON} Settings Template" --> B C -- "/api/gateway/credentials" --> MW MW -- "Middleware x-credentials Token" --> C

This is the fundamental first step: exchange your gateway settings for a middleware token that you will use globally.

Part 2: CC Payment with Surcharge (InterPayments) #surcharge

This workflow demonstrates a common credit card transaction that includes an automatically calculated surcharge via InterPayments.

  1. Obtain your x-credentials token (with InterPayments) for your gateway (NCP in this example), ensuring the InterPayments fields are included in your settings profile.
  2. (Optional) Pre-calculate the fee for customer disclosure using POST /api/surcharge/compute.
  3. Request a hosted UI for user payment account entry with /api/transaction/processtransaction
    1. set amount and subtotalAmount accordingly
    2. set surchargeAmount to null (calculated/added automatically)
    3. set paymentMethod to the desired value from your cached gateway paymentMethod values
    4. set customerID and other billing details to further customize the user experience.
    5. set isConfirm=false to auto-close the iFrame at the end of the transactions or set isConfirm=true to keep it open (read only) and close as part of your workflow.
      • Regardless of the value set for isConfirm, the same response payload will still be sent through the iFrame message.
  4. Use Reports - Inquire to retrieve the final transaction status and confirm the persisted surchargeAmount.
flowchart TD S([Start]) --> C{Pre-disclose fee?}; C -- Yes --> SC[POST Surcharge - Compute]; C -- No --> A[Process Payment]; SC --> A; A --> IQ[GET Reports - Inquire]; IQ --> E([End]);

To trigger surcharge calculation, send subtotalAmount and set surchargeAmount: null in your Authorization request.

Part 3: User-Added Card-On-File for Speedy Authorizations #pay-and-store

This workflow enables end-users to save (tokenize) a payment method for later authorization

  1. Prompt user to enter payment method for vault storage using Account - Save.
    • Be sure to include the correct postal/ZIP code for accurate surcharge calculations.
  2. Authorize vaulted payment method at a later time Process - Transaction.
    • Use your gateway's "cc token" equivalent paymentMethod value to set paymentMethod in the request body.
    • Set transactionType to "capture"
  3. Confirm final status and amounts by calling Reports - Inquire.
flowchart TD S([Start]) --> SAVE[User CC Account Vaulted]; SAVE --> A[Authorize from Stored Account]; A --> IQ[GET Reports - Inquire]; IQ --> E([End]);

The postal/ZIP code stored on the profile impacts surcharge outcomes for token-based payments.

Part 4: Alternative Payment Methods via Hosted IFrame #APMs

Alternative Payment Method (APM) availability varies by gateway and a host of other factors. Please call api/gateway/paymentMethods to confirm values and availability for all paymentMethods.

  1. Launch the hosted UI via POST ProcessTransaction, specifying the APM required in the request body and present the URL or HTML response to the user in an iFrame to complete payment.
  2. The user completes the payment flow within the hosted UI.
  3. Call GET Reports - Inquire to get the final, persisted transaction status and details from the middleware.
flowchart TD S([Start]) --> PROC["POST ProcessTransaction (SEPA)"]; PROC --> UI["User completes flow in IFrame"]; UI --> IQ["GET Reports - Inquire"]; IQ --> E([End]);

The SEPA flow remains in the same popup/iframe. Some other APMs may open a second window.

Part 5: Post-Transaction Void/Refund & Reporting #credit

After a transaction is complete, you may need to reverse it. The correct action depends on whether the transaction has been settled.

  1. If the transaction has not yet settled, reverse it using the appropriate Void endpoint (e.g., PayaConnect Void or NCP Void).
  2. If the transaction has already settled, you must issue a Refund (e.g., PayaConnect Refund or NCP Refund).
  3. In either case, use the Inquire endpoint (e.g., PayaConnect Inquire or NCP Inquire) to confirm the final status and amounts.
flowchart TD S([Start]) --> Q{Settled?}; Q -- No --> V[POST Void]; Q -- Yes --> R[POST Refund]; V --> IQ[GET Reports - Inquire]; R --> IQ; IQ --> E([End]);
Part 6: Understanding API Responses & Error Handling #errors

The middleware uses a two-layer response system. Your code should first check for middleware-level errors before parsing the gateway's response.

Layer 1: Middleware Validation Errors

These errors occur if your request fails initial validation before it can be sent to the gateway.

  • 401 Unauthorized: Your x-credentials token is missing or invalid.
    Action: Ensure you are sending a valid token in the x-credentials header. Generate a new one if necessary.
  • 422 Unprocessable Entity: Your request is valid JSON, but a required field is missing or a value has the wrong format. The response body will detail the specific error.
    Action: Correct the field(s) named in the error message and retry the request.
  • 400 Bad Request: Your request body is not well-formed JSON.
    Action: Check your JSON for syntax errors like missing commas, quotes, or brackets.

Layer 2: Gateway Responses

If your request passes middleware validation, it is sent to the gateway. The middleware passes the gateway's response back to you transparently.

  • 200 OK: The gateway successfully processed the request.
    Action: Parse the response body for the gateway's specific success payload, which includes the transactionID and final status.
  • 402 Payment Required: The gateway rejected the transaction. The response body will contain the gateway's specific error message (e.g., "Declined," "Invalid Card Number").
    Action: Parse the gateway's error message and handle it appropriately (e.g., display a message to the user).
flowchart LR subgraph Middleware Req[Request with token] --> V{Validation}; end subgraph Gateway GW[Send to Gateway] end V -- Invalid --> L1[4xx Layer-1 Errors]; V -- Valid --> GW; GW -- Success --> OK[200 Gateway Success]; GW -- Failure --> ERR[402 Gateway Error];
Part 7: Integration Certification – What to Expect #certify

Certifying your Nuvei Payment Middleware integration ensures your ISV solution can securely and reliably execute all required transaction operations, in full compliance with Nuvei guidelines. Before production enablement, each essential transaction type included in your integration must be tested and certified.

Required Transaction Types for Certification

  • Tokenization: Test transactions where sensitive card data is replaced with secure tokens for storage and future use, enhancing security and compliance.
  • Authorization: Validate that a customer's payment method is active and has sufficient funds or credit. This step reserves the amount but does not transfer funds.
  • Capture: Complete the payment by transferring reserved funds after authorization. Some gateways combine authorization and capture; others allow them separately.
  • Sale (Auth + Capture): Combines authorization and capture in a single step, typically used for instant delivery of goods or services.
  • Refund: Return funds to the customer after a completed sale. Test both full and partial refunds to ensure flexibility.
  • Void: Cancel a previously authorized payment before capture—useful if an order is canceled before fulfillment.
  • Reversal: Similar to a void, but may apply after settlement depending on the payment network. Important for dispute resolution and error correction.
  • Declined Transaction: Simulate scenarios where payments are declined due to insufficient funds, expired cards, or incorrect data.
  • 3DS Transaction Testing:

    • "Force Challenge" transaction with amount set to 151
    • "Frictionaless" transaction with cardholder name set to "CL‑BRW1"
    • "For more details on 3DS testing, see the sandbox testing section of this quickstart guide.
  • Interpayments Surcharge Testing:

    • Credit Card transactions with expected surcharge
    • Debit Card transactions (no surcharge expected)
flowchart TD CERT[Start Certification] CERT --> TOK[Tokenization] CERT --> AUTH[Authorization] AUTH --> CAP[Capture] CERT --> SALE[Sale] CERT --> REF[Refund] CERT --> VOID[Void] CERT --> REV[Reversal] CERT --> DECL[Declined Transaction] CERT --> SUR[Interpayments Surcharge Testing] SUR --> CC[Credit Card] SUR --> DC[Debit Card] CC --> END[Ready for Production] DC --> END TOK --> END CAP --> END SALE --> END REF --> END VOID --> END REV --> END DECL --> END

Note: Each transaction type relevant to your integration must be successfully tested and certified before production deployment.

Part 8: Sandbox Transaction Testing and Test Cards by Gateway #test

Sandbox Testing & Gateway Alignment

While the Payment Middleware consolidates and simplifies many functions across gateways, transaction testing in sandbox environments requires alignment with each gateway's testing practices and test values. This section centralizes the essential test data and scenarios that integrators need across gateways.

NCP (Nuvei Card Present)

Gateway Documentation: https://docs.nuvei.com/api/

Test Credit Cards
BrandPANCVVOutcome
Visa4012001037141112123Approved
Mastercard5425233430109903123Approved
Discover6011000991300009123Approved
Amex3742454554001261234Approved
Visa (Decline)4000000000000002123Declined
Test Debit Cards (InterPayments)
BrandPANCVVOutcome
Visa Debit4217651111111119123Approved (No Surcharge)
MC Debit5200828282828210123Approved (No Surcharge)
3DS Test Scenarios
ScenarioTriggerExpected Result
Force ChallengeAmount = 1513DS Challenge Flow
FrictionlessCardholder Name = "CL-BRW1"Frictionless Approval
ACH Test Accounts
Routing NumberAccount NumberOutcome
021000021123456789Approved
021000021987654321Declined

gateway docs

PayaConnect

Gateway Documentation: https://docs.payaconnect.com/

Test Credit Cards
BrandPANCVVOutcome
Visa4111111111111111999Approved
Mastercard5454545454545454999Approved
Discover6011111111111117999Approved
Amex3714496353984319999Approved
ACH Test Accounts
Routing NumberAccount NumberAccount TypeOutcome
0720003261234567890CheckingApproved
0720003260987654321SavingsApproved

gateway docs

Fiserv CardPointe

Gateway Documentation: https://developer.cardpointe.com/

Test Credit Cards
BrandPANCVVOutcome
Visa4788250000028291123Approved
Mastercard5439750001500347123Approved
Discover6011000000000012123Approved
Amex3714496353923761234Approved
Decline Simulation

To simulate declines, use CVV 555 or specific amounts as documented by CardPointe.

ACH Test Accounts
  • Use any valid 9-digit routing number and 4–17 digit account number in sandbox.
  • Validate flows through the middleware API using the provided test data.

gateway docs

Part 9: Validating Transaction Throughput to Your Gateway #validate

Why It Matters

Validating that all transactions and related operations sent via Payment Middleware are received, recorded, and (when applicable) settled by your payment gateway protects against mapping errors, field mismatches, or lost webhooks and ensures that what your application sends is exactly what your gateway processes. Remember, the Payment Middleware is designed to centralize, streamline, and enhance your connection to the destination gateway and only knows which response was recieved for your request.

Transaction-Based Activities to Validate
  • /payment — use when your flow posts a single-step Sale (Auth+Capture) or a two-step Authorization that may capture later. Confirm the gateway shows a corresponding sale/auth record.
  • /transaction — use for operational actions like capture, void, and refund, and for certain APM or hosted flows. Confirm the gateway shows the correct follow-on entry tied to the original authorization/sale.
  • Reporting / Inquiry — if your integration calls an inquiry endpoint (e.g., Reports – Inquire), confirm the values returned by middleware match what the gateway's reporting/VT shows for the same transaction.

Tip: For multi-step flows, validate in this order: Authorization → Capture (or Sale only) → Void/Refund (as applicable) → Settlement/Funding (batch).

What to Validate Within Those Calls
Field / Aspect What to Check
Transaction Type Auth, Capture, Sale, Void, Refund (and APM equivalents) match your intended call (/payment vs. /transaction) and gateway record.
Amounts Base amount, currency, and any surcharge, tax, or tip amounts equal the values displayed in the gateway. For Auth→Capture, ensure captured amount equals or is ≤ authorized amount per your flow.
Status & Codes Approved/Declined/Voided/Refunded states, plus gateway authCode, transactionId/reference, and (if present) AVS/CVV and 3DS results.
Custom Data Your external identifiers (e.g., orderId, invoiceNumber, customerID, metadata) are persisted and searchable in the gateway UI/reports.
Payment Method Masked PAN (last 4), brand, wallet/APM labels, token indicators, and card-present vs. card-not-present flags appear as expected.
Batch / Settlement For captured sales, verify the transaction moved to an open/closed batch as expected and appears on funding/deposit reports.
Descriptor / MID            Correct MID, location, and (if applicable) soft descriptor values are associated to the transaction.
Timestamps Time zone and ordering (Auth before Capture, Refund after Sale, etc.) are consistent between middleware responses and the gateway.

Validate in Your Gateway's Reporting / Virtual Terminal (VT)
  1. Open your gateway's reporting or VT tool and filter by the transaction timestamp window used in testing.
  2. Search by a reliable key (amount, last 4, reference/transaction ID, order/invoice number, or customer ID).
  3. Open the gateway detail view and compare each item in "What to Validate" against your middleware request/response records.
  4. For two‑step flows, confirm the relationship: Auth → Capture (or Sale only) and any subsequent Void/Refund entries are properly linked.
  5. Confirm settlement (batch close, deposit/funding line) when applicable.

If any value doesn't match: re-check your request body (types, formatting, currency), confirm the correct headers/token were used, and re‑run a controlled test with a unique external reference to isolate the entry in reports.

Part 10: The Anatomy of ProcessTransaction & Payment UI #transactions

Path: api/Transaction/ProcessTransaction Open in SDK Studio


Understanding the ProcessTransaction endpoint is key to completing your middleware integration. Mastering this request unlocks all hosted UI controls available through the middleware, ensuring a seamless and dynamic payment experience. Expand each section below to view details on how each data element affects the workflow and/or UI.

Required Headers:
x-version: 3 → Enables surcharge support
x-gateway: [Gateway Name] → e.g., ncpv1, payaconnect
x-credentials: [Middleware Token] → From /api/gateway/credentials
Root Level Fields
"language": "en",
ISO 639-1 language code for UI localization. Examples: en, es, fr
"locale": "en-US",
BCP 47 locale identifier for regional formatting. Examples: en-US, es-MX
"displayInIframe": true,
When true, renders payment UI inside an iframe. When false, opens popup window.
"displayReCaptcha": true,
Enables Google reCAPTCHA verification on the payment form.
"isConfirm": true,
Keeps iframe open after transaction for confirmation display.
"validateSurchargeResponse": true
Validates surcharge calculations from InterPayments service.
UI Impact: These root-level flags control the overall payment experience—iframe vs popup, language, reCAPTCHA security, and confirmation behavior.
"customFields": {
"isCvvRequired": true,
Enforces CVV/CVC entry on the payment form.
"isBillingInfoRequired": true,
Requires full billing address entry for AVS verification.
"isEmailRequired": true,
Makes email a required field for receipts.
"transaction_c1": "custom value",
Custom pass-through field for reporting. Use for invoice/order references.
"description": "Payment",
Transaction description that may appear on statements.
"customerPresent": true,
Indicates physical customer presence. Important for bank APMs requiring user login.
"skipInitialSurcharge": true,
Bypasses initial surcharge calculation if handling externally.
"enableNuveiPaymentEvent": true
Enables postMessage events from iframe for parent window communication.
}
UI Impact: These flags directly control what fields the end-user sees (CVV, billing info, email). Use transaction_c1 for ERP or invoice mapping.
"accountBillingInfo": {
"name": "Babe Ruth",
Cardholder's full name as it appears on the payment method.
"email": "[email protected]",
Customer email for receipts and notifications.
"customerID": "CUST001",
Your internal customer identifier for reconciliation.
"address": "123 Main St",
Street address for AVS verification.
"city": "New York",
Billing city name.
"state": "NY",
State/province code (2-letter for US).
"zip": "10001",
Postal/ZIP code. Critical for AVS and surcharge calculation.
"country": "US",
ISO 3166-1 alpha-2 country code.
"phone": "5551234567"
Customer phone number for verification.
}
UI Impact: Pre-fills billing fields in the UI. Required for certain APMs. If omitted where needed, UI may prompt for missing info.
"transactionPayment": {
"amount": "67.89",
REQUIRED – Total transaction amount. Drives the total displayed in UI.
"displayAmount": "$67.89",
Formatted display amount with currency symbol.
"taxAmount": "6.22",
Tax portion of total. May be displayed separately in breakdown.
"orderId": "ORD1234567890",
REQUIRED – Unique order identifier for confirmation and duplicate prevention.
"currencyCode": "USD",
ISO 4217 currency code. Controls currency symbol in UI.
"currencySymbol": "$",
Currency symbol for display formatting.
"transactionType": "authorization",
REQUIRED – Transaction type: authorization, capture, or credit.
"subTotalAmount": 64,
Base amount before surcharge. Adds breakdown line in UI.
"surchargeAmount": 2.89,
Fee amount. Set null for auto-calculation via InterPayments.
"dutyAmount": 1,
Duty/customs amount for international orders. Used in Level 2/3 data.
"ponumber": "PO12345",
Purchase order number for B2B transactions. Included in Level 2 data.
"taxExempt": false
When true, indicates tax-exempt transaction for reporting.
"level3": { // B2B/Commercial Card Data
"freightAmount": 29,
Shipping/freight charges. Required for Level 3 qualification.
"orderDate": "06-06-2025",
Order date. Format varies by gateway (typically MM-DD-YYYY).
"shipFromZip": "44556",
Origin ZIP code for shipment.
"shipToZip": "75007",
Destination ZIP code for shipment.
"taxRate": 0,
Tax rate applied as percentage.
"items": [ // Line Item Detail Array
"description": "Item 1",
Item description for Level 3 reporting.
"quantity": 1,
Item quantity.
"unitCost": 0,
Per-unit cost before tax.
"netAmount": 0,
Line total (quantity × unitCost).
"taxAmount": 0,
Tax amount for this line item.
"taxRate": 0,
Tax rate percentage for this item.
"productCode": "",
Your internal product/SKU code.
"unitCode": "EA",
Unit of measure code (EA, LB, KG, etc.).
"commodityCode": ""
Standard commodity code for B2B reporting.
]
}
}
UI Impact: amount → Main total on payment screen. transactionType → Determines flow and prompts. level3 → Required for commercial card processing to qualify for lower interchange rates.
"feeRule": {
"fixedAmount": 0,
Fixed fee amount to add to transaction.
"percentRate": 0
Percentage rate for fee calculation.
}
UI Impact: If included with values, surcharge/fee details appear in the payment breakdown.
"transactionAccountInformation": {
"profileId": "",
Existing customer profile ID. If provided, UI skips account entry.
"accountId": "",
Existing account ID for stored payment methods.
"createProfile": true,
Tokenize payment method for future use. Adds "Save this card" option.
"accountType": "CC"
REQUIRED – Payment method type code: CC, ACH, or APM codes like googlepay.
}
UI Impact: accountType drives which fields appear (card entry vs ACH vs wallet). createProfile adds checkbox for saving payment details.
Common Pitfalls:
  • Missing transactionType → Blank or incorrect UI flow.
  • Missing amount or orderId → Request will fail validation.
  • Including surcharge fields without x-version: 3 header → Surcharge not calculated.
  • Sending empty strings for optional fields → Omit entirely to avoid validation errors.
  • Wrong accountType → UI shows incorrect payment method fields.
  • Incomplete level3 data for commercial cards → Transaction may not qualify for lower interchange rates.
Part 11: The Anatomy of Account/Save & Tokenization UI  NEW #accounts

Path: api/Account/Save    

The Account/Save endpoint allows you to tokenize payment methods without processing a transaction. This is essential for storing cards for future use, setting up recurring billing, or building card-on-file systems. The endpoint returns a hosted UI for secure payment data collection.

Required Headers:
x-version: 3 → API version
x-gateway: [Gateway Name] → e.g., ncpv1, payaconnect
x-credentials: [Middleware Token] → From /api/gateway/credentials
Root Level Fields
"accountType": "CC",
Payment method type: 'CC' for credit card, 'ACH' for bank account, or APM codes.
"language": "en",
ISO 639-1 language code for UI localization. Examples: en, es, fr
"locale": "en-US",
BCP 47 locale for regional formatting.
"displayInIframe": true,
When true, renders form in iframe. When false, opens popup.
"displayReCaptcha": false,
Enables reCAPTCHA verification on the form.
"isConfirm": true,
When true, prevents form from auto-closing but disables "pay" button.
"createProfile": true,
When true, creates a new customer profile.
"verify": false,
When true, performs a $1 authorization to verify the card is valid.
"isEdit": false,
When true, indicates editing an existing account (vs creating new).
"profileId": "",
Existing profile ID when editing or adding to existing profile.
"accountId": ""
Existing account ID when editing a specific payment method.
UI Impact: accountType determines what fields appear (card vs ACH). createProfile triggers profile creation. verify adds $1 auth validation.
"accountBillingInfo": {
"name": "Test User",
Cardholder's full name as it appears on the payment method.
"email": "[email protected]",
Customer email for receipts and notifications.
"customerID": "CUST001",
Your internal customer identifier.
"address": "123 Main St",
Street address for AVS verification.
"city": "New York",
Billing city name.
"state": "NY",
State/province code (2-letter for US).
"zip": "10001",
Postal/ZIP code. *Critical for AVS verification.
"country": "US",
ISO 3166-1 alpha-2 country code.
"phone": "5551234567"
Customer phone number.
}
UI Impact: Pre-fills billing information into pay-form (may still be edited by end-user) and helps to ensure valid and complete billing data for APMs and services such as address verification.
"customFields": {
"isCvvRequired": true,
Enforces CVV entry on the form.
"isBillingInfoRequired": true,
Requires full billing address entry.
"isEmailRequired": true,
Makes email a required field.
"description": "Account Save",
Account description for identification in portal.
"enableNuveiPaymentEvent": true
Enable postMessage events for parent window communication.
}
UI Impact: These flags give intgrators control over select field-level validation and enable greater visbility of SDK/server activity.
Common Pitfalls:
  • Missing accountType → Form doesn't know what payment fields to show.
  • Setting createProfile: false without profileId → No profile created and no token returned.
  • Not handling postMessage events → Miss the token/profileId response.
  • Using verify: true with ACH → $1 auth only works for cards.
💡 Pro Tip: After a successful Account/Save, listen for the postMessage event containing the profileId and token. Store these values to use with ProcessTransaction for future charges without re-entering card details.

Explorer Settings

© 2025 Nuvei Corp. All Rights Reserved
Privacy notice | Terms of use