Connect-E - Getting Started

Connect-E simplifies taking payments on your site by removing the need to handle card details. It simplifies PCI compliance by only handling card details on our secure servers.

Access Tokens

To use either Connect-E Standard or Connect-E Checkout you must acquire an access token. These can be generated from the Connect-E REST API. Each access token can only be used once and has a lifetime of 30 minutes. Once an access token has expired or is used, another one must be generated. See the documentation of our REST API for more information.

Connect-E Standard

Connect-E Standard allows you to apply custom styles to the payment form while maintaining the security of having card details managed within our secure environment. This gives the best user experience as the payment form sits seamlessly within your site.

Features

  • Reduced PCI burden
  • Card number formatting
  • Input validation
  • Custom styling
  • Custom label and placeholder text
  • Recurring Payments
  • 3D Secure
  • 3D Secure 2

Connect-E Checkout

Connect-E Checkout removes the hassle of creating and styling a payment form. Simply reference our JavaScript and pass in some configuration and when the payment is complete the outcome is posted to your server.

Features

  • Reduced PCI burden
  • Card number formatting
  • Input validation
  • Pre-built payment form
  • 3D Secure
  • 3D Secure 2

Sample Code

Check out our sample implementations here on GitHub.

Environments

We have two environments, test and production. This allows you to test your integration is working correctly in our isolated testing environment before pushing to live. You will be issued separate API keys for each environment, these are linked to the user names associated with you test and live gateway accounts.

Test

In our test environment the JavaScript can be loaded from https://web.e.test.connect.paymentsense.cloud/assets/js/client.js and requests to the REST API are on the domain e.test.connect.paymentsense.cloud

Production

In our production environment the JavaScript can be loaded from https://web.e.connect.paymentsense.cloud/assets/js/client.js and requests to the REST API are on the domain e.connect.paymentsense.cloud

Content Security Policy Headers

We recommend setting Content Security Policy headers on sites that implement either Connect-E Standard or Checkout.
This adds another layer of security to your site, by limiting where content can be loaded from as well as stopping your site being embedded into another page.

Please read the related documentation as the requirements will differ from site to site depending on where the application loads content from. If you're loading content from any other domains such as a content delivery network they'll need to be added to the Content Security Policy header returned by your site. Below is a good starting point, all content is loaded from the domain the site is hosted on or from a subdomain of paymentsense.cloud and the page cannot be used in a frame. We allow frame contents to be loaded from anywhere so the 3DS authorization page can be loaded into an iframe.

default-src 'self' *.paymentsense.cloud *.dojo.tech *.googletagmanager.com; connect-src 'self' *.paymentsense.cloud *.dojo.tech *.googleapis.com *.googletagmanager.com *.google-analytics.com; font-src 'unsafe-inline' *; script-src 'self' 'unsafe-inline' *.paymentsense.cloud *.dojo.tech *.google.com *.googletagmanager.com *.online-metrix.net; style-src 'self' 'unsafe-inline' *; frame-src 'self' *; img-src 'self' 'unsafe-inline' *;

Please check back here frequently if you apply the above configuration to your website, as we may from time to time update this configuration to whitelist more third party provider URLs from within our supplied iframe

3D Secure

3D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the "three domains" which interact using the protocol: the merchant/acquirer domain, the issuer domain and the interoperability domain.

3D Secure 2

3D Secure 2 has a better user experience as it was designed to offer innovative authentication experiences through their mobile banking apps, so the cardholder can authenticate a payment through the banking app by just using their fingerprint, or even facial recognition instead of receiving a text message or entering a password. It helps to minimise costly fraudulent transactions by adding an extra layer of protection to the payment process. The solution enables issuers to authenticate the cardholder using various available methods—from a one-time password to biometrics. Successful authentication helps confirm that the transaction comes from a real cardholder. This makes it more likely that the transaction will be authorised.

Next Steps

Once you've got started with the Connect-E connection, you're ready to start familiarising yourself with the Payment Flows.