How to seamlessly integrate with a payment gateway using API? What are the common mistakes made in the process of designing? How to design transactions’ flow in the system? How much can it cost you? Do you need still a test gateway after integration?
So many questions, yet all answers can be found in this tutorial. Awesome, right?
Transaction processed != implementation completed
Lots of developers think that the first successfully processed transaction is the right moment to finish the implementation. Nothing more misleading, it should be where the real fun begins! Basically, after that you can only be sure that you’ve implemented the fundamental transaction flow. What’s more important and complicated, your application has to handle all non predicted cases. You have to watch out for errors that can be returned by the gateway: error codes, reason codes etc. All of them can help you to avoid rejected transactions in the future.
You have to be sure that all payment attempts will be logged in your system. It can save you a lot of time finding bugs in the future. After your customer submits a payment form, save into the database all the fields which can turn out helpful when recognizing a transaction:
- status of transaction (it can be “pending” at the beginning),
- customer name,
- customer email,
- transaction description,
- amount and currency,
- date and time of transaction.
The said information are quite enough to monitor the system. But remember – you cannot store credit card data. That’s the payment gateway’s job and that’s why they go through PCI audits and so on – to make sure that the credit card data will be properly secured.
After that, you are ready to send the transaction to the payment gateway. Now everything can happen. The acquirer’s server can be down, communication errors can occur, requested gateway may be reached, but its response may be lost. But don’t panic, you are saved – all lost request can be found in your database (with the “pending” status). You should regularly collect them and ask your payment provider about their statuses. Depending on the responses you get, you should mark transactions as “completed” or “failed”.
In the usual way, you get a response from the payment gateway, you have to analyze the result codes and update a previously saved record with status “completed” if the payment was successfully processed. Otherwise, if an error occurs and you update the transaction status with “failed”, please also remember to save all returned error information (error code, error description etc.) As I said previously, it can save your ass, believe it!
Congratulations, now your implementation is completed. One more thing, don’t even think about testing your system using production credentials/access. It never ends up well. Keep your access to the test environment even after you’ve completed the integration. You will never know when you will be forced to change the functionality :)