Last Updated: 25 June 2024 | Change Log

Setup a Payment

Worldpay eCommerce merchants only

Our Hosted Payment Pages API generates a URL in the response. Redirect your customer to this URL to take a payment.

Integration overview

Prerequisites

Pull your credentials from your dashboard.

Set your headers

Setting your headers is an important part of an API request. The headers represent the meta-data associated with your API request.

Authorization: {your_credentials}
Content-Type: application/vnd.worldpay.payment_pages-v1.hal+json
Accept: application/vnd.worldpay.payment_pages-v1.hal+json

Header	Description
`Authorization`	The mandatory `Authorization` header is used for authentication and identification of our merchants within Access Worldpay. Replace `{your_credentials}` with your base64-encoded Basic Auth username and password you have received from us.
`Content-Type`	The `Content-Type` header is required if the request you're sending includes a request body, and if the HTTP method is a `POST` or a `PUT`.
`Accept`	Use the manadatory `Accept` header to identify which version of our Hosted Payment Pages API you are using.

Info

If you're using both the Content-Type and Accept headers, they must match.

Send your request

POST your request to the payment_pages:setup action link to setup a payment.

POST https://try.access.worldpay.com/payment_pages

Example request with minimum required fields:

{
  "transactionReference": "MyTransaction123",
  "merchant": {
    "entity": "POxxxxxxxxx"
  },
  "narrative": {
    "line1": "Mind Palace Ltd"
  },
  "value": {
    "currency": "GBP",
    "amount": 123
  }
}

Mandatory parameters

Parameter	Description	Data type	Field Length
`transactionReference`	A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format.	String	Must be between 1 to 64 characters.
`merchant`	An object that contains information about the merchant.	Object	N/A
`merchant.entity`	You can find your entity in your Dashboard under "Developer Tools". Using your own entity reference causes the transaction to fail.	String	Must be between 1 and 32 characters.
`narrative`	An object that helps your customers better identify you on their statement.	Object	N/A
`narrative.line1`	An object that helps your customers better identify you on their statement.	String	Must be between 1 and 24 characters
`value`	An object that contains information about the payment transaction.	Object	N/A
`value.currency`	The 3 character ISO currency code.	String	3 character ISO currency code
`value.amount`	The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table.	Integer	N/A

Store a card

You can save your customer's card as part of a payment request by creating a token. You can use this card for any subsequent payments using this token. This is known as a Customer Initiated Transaction (CIT) or card on file transaction.

Code examples with minimum and all fields:

{
  "transactionReference": "MyTransaction123",
  "merchant": {
    "entity": "POxxxxxxxxx"
  },
  "narrative": {
    "line1": "Mind Palace Ltd"
  },
  "value": {
    "currency": "GBP",
    "amount": 123
  },
  "createToken": {
    "type": "worldpay",
    "namespace": "SHOPPER_ID_1234567890",
    "description": "Test Token Description",
    "optIn": "ASK"
  }
}

Value	Required?	Description
createToken	✅	An object that instructs us to create a token for the payment details supplied.
type	✅	The type of token. The value is "worldpay".
namespace	✅	A namespace is used to group up to 16 cards, e.g. for one customer. A card can exist in more than one namespace.
description	✅	A description of your token. If not supplied, a default description is created for you.
optIn	✅	"Silent" - (default value) The card details will always be saved (you must already have their consent to do this) "Notify" - The card details will always be saved (you must already have their consent to do this) and your customer will see this within our hosted payment pages "Ask" - The card details will be saved if your customer provides their consent. This adds a "Save payment details" tickbox to the page, which they tick to opt-in, or ignore to opt-out. Note If your customer does not consent, then no card details are saved.

Note

We return the token via a webhook.

Take a payment from a stored card (card on file)

Use a previously stored card (Customer Initiated Transaction (CIT)), to take a payment. We capture the CVC as part of this flow.

Code examples with mandatory and all fields:

{
  "transactionReference": "MyTransaction123",
  "merchant": {
    "entity": "POxxxxxxxxx"
  },
  "narrative": {
    "line1": "Mind Palace Ltd"
  },
  "value": {
    "currency": "GBP",
    "amount": 123
  },
  "paymentInstrument": {
    "type": "card/tokenized",
    "href": "https://try.access.worldpay.com/tokens/eyJrIjoxLCJkIjoialRBL0FFelBzcnZpNCtzRGNRemh0NzI0NE1rdUtjMUFJdjYxVnlibWZuUT0ifQ"
  }
}

Value	Required	Description
`paymentInstrument`	✅	An object that contains the payment type and details.
`type`	✅	The payment type details. Value is "card/tokenized".
`href`	✅	We return this after token creation via the webhook.

Optional parameters

We handle 3DS authentication and fraud assessments on your behalf. However, supplying the additional optional fields below, increases the chance of a frictionless flow for your customer.

Info

The result URLs are required to redirect your customer to your defined URL at the end of their payment journey.

Parameter	Required?	Description	Data type	Field Length
`description`	❌	An optional text, when supplied is displayed to your customer on payment pages.	String	Maximum of 128 characters.
`billingAddress`	❌	An object containing the billingAddress information.	Object	N/A
`billingAddress.address1`	✅	Only required when billing address is provided.	String	Maximum of 85 characters.
`billingAddress.address2`	✅	Only required when billing address is provided.	String	Maximum of 85 characters.
`billingAddress.address3`	✅	Only required when billing address is provided.	String	Maximum of 85 characters.
`billingAddress.postalCode`	✅	Only required when billing address is provided.	String	Maximum of 15 characters.
`billingAddress.city`	✅	Only required when billing address is provided.	String	Maximum of 50 characters.
`billingAddress.state`	✅	Only required when billing address is provided. For the United States or China (must be ISO-3611-2, only provide two characters after "US-" or "CN-", e.g. FL for Florida or BJ for Beijing).	String	Maximum of 50 characters.
`billingAddress.countryCode`	✅	Only required when billing address is provided.	String	Must be a valid ISO3166-1 alpha-2 country code.
`resultURLs`	❌	An object containing the different URLs we redirect your customers to when we receive the payment result. We recommend that you provide us with your custom result URLs.	Object	N/A
`resultURLs.successURL`	❌	When we receive the payment result for a successful payment, we redirect your customer to the success URL.	String	N/A
`resultURLs.pendingURL`	❌	When we receive the payment result for a pending payment transaction, we redirect your customer to the pending URL.	String	N/A
`resultURLs.failureURL`	❌	When a payment fails, we redirect your customer to the failure URL.	String	N/A
`resultURLs.errorURL`	❌	When we receive the payment result for an erroneous payment, we redirect your customer to the error URL.	String	N/A
`resultURLs.cancelURL`	❌	When your customer cancels a transaction, we redirect that customer to the cancel URL.	String	N/A
`resultURLs.expiryURL`	❌	When a customer leaves the payment transaction uncompleted within the maximum allowed time frame, we redirect your customer to the expiry URL.	String	N/A
`custom`	❌	An object containing all data that can be used to configure manual fraud rules.	Object	N/A
`custom.string1-9`	❌	9 available slots for custom string values you can use to configure manual fraud rules.	String	N/A
`riskData`	❌	To increase the chances of a frictionless flow, we recommend sending additional data in the `riskData` object.	Object	N/A
`expiry`	❌	Allows you to configure the duration your customer can access the payment link. If not provided, defaults to 3600 seconds.	Object	min 300 seconds - max 2,592,000 seconds

Risk data

There are three riskData objects you can include in your request:

Account

Parameter	Description
`account`	Object containing all customer account related risk data.
`account.previousSuspiciousActivity`	true false
`account.type`	`guestUser` - Order placed without full merchant account registration (no password) `registeredUser`- Order placed with full merchant account registration (password entered) `federatedAccount` - Using a Federated ID `issuerCredentials`- Using issuer credentials `thirdPartyAuthentication` - Using third party authentication `fidoAuthenticator` - FIDO authentication standard
`account.email`	The customer's email address.
`account.history.createdAt`	When the account was created.
`account.history.modifiedAt`	When the account was last modified.
`account.history.passwordModifiedAt`	When the account password was last changed.
`account.history.paymentAccountEnrolledAt`	Date the payment account was added to the cardholder account.

Transaction

Parameter	Description
`transaction`	Object containing all customer transaction related risk data.
`transaction.reorder`	Repeat of a previous order : true false
`transaction.preOrderDate`	Expected date that a pre-ordered purchase will be available.
`transaction.firstName`	Customer's first name.
`transaction.lastName`	Customer's last name.
`transaction.phoneNumber`	Customer's phone number.
`transaction.history`	Object containing details of the last transaction.
`history.attemptsLastDay`	Number of transactions (successful or abandoned) for this cardholder account within the last 24 hours.
`history.attemptsLastYear`	Number of transactions (successful or abandoned) for this cardholder account within the last year.
`history.completedLastSixMonths`	Number of purchases with this customer account during the previous six months.
`history.addCardsLastDay`	Number of attempts to add a card in the last 24hrs.
`history.shippingAddressFirstUsedAt`	When the shipping address used for the transaction was first used.
`transaction.giftCardsPurchase`	If the order is being used to purchase a gift card.
`giftCardsPurchase.totalValue.currency`	The three digit currency code. See list of [supported currencies. If provided must include `totalValue.amount`.
`giftCardsPurchase.totalValue.amount`	The amount being placed on the gift card. If provided, must include `totalValue.currency`.
`giftCardsPurchase.quantity`	The number of gift cards being purchased.

Shipping

Parameter	Description
`shipping`	Object containing all data related to how the order will be shipped.
`shipping.nameMatchesAccountName`	Customer name on account is identical to the shipping name: true false
`shipping.method`	`billingAddress` - Ship to customers billing address `verifiedAddress`- Ship to another verified address on file with merchant `otherAddress`- Ship to address that is different than billing address `store` - Ship to store (store address should be populated on request) `digital` - Digital goods `unshippedTickets` - Travel and event tickets, not shipped `other` - Other
`shipping.timeFrame`	`electronic` `sameDay` `nextDay` `twoDaysPlus`
`shipping.email`	The email address used for an electronic delivery.
`shipping.address`	An object containing the shippping address information. If included, you must send at least: `address1` `city` countryCode `postalCode`

Full example request

{
  "transactionReference": "MyTransaction123",
  "merchant": {
    "entity": "POxxxxxxxxx"
  },
  "narrative": {
    "line1": ""
  },
  "value": {
    "currency": "GBP",
    "amount": 123
  },
  "description": "Mind Palace Ltd",
  "billingAddressName": "Sherlock Holmes",
  "billingAddress": {
    "address1": "221B Baker Street",
    "address2": "Marylebone",
    "address3": "Westminster",
    "postalCode": "NW1 6XE",
    "city": "London",
    "state": "Greater London",
    "countryCode": "GB"
  },
  "resultURLs": {
    "successURL": "https://mindpalace-website/result/success",
    "pendingURL": "https://mindpalace-website/result/pending",
    "failureURL": "https://mindpalace-website/result/failure",
    "errorURL": "https://mindpalace-website/result/error",
    "cancelURL": "https://mindpalace-website/result/cancel",
    "expiryURL": "https://mindpalace-website/result/expiry"
  },
  "riskData": {
    "shipping": {
      "firstName": "James",
      "lastName": "Moriarty",
      "address": {
        "city": "Durham",
        "address1": "The Palatine Centre",
        "address2": "Durham University",
        "address3": "Stockton Road",
        "state": "County Durham",
        "countryCode": "GB",
        "postalCode": "DH1 3LE",
        "phoneNumber": "01189998819999197253"
      },
      "method": "verifiedAddress",
      "nameMatchesAccountName": false,
      "email": "james.moriarty@example.com",
      "timeFrame": "nextDay"
    },
    "custom": {
      "string1": "foo",
      "number1": "1",
      "string2": "foo",
      "number2": "1",
      "string3": "foo",
      "number3": "1",
      "string4": "foo",
      "number4": "1",
      "string5": "foo",
      "number5": "1",
      "string6": "foo",
      "number6": "1",
      "string7": "foo",
      "number7": "1",
      "string8": "foo",
      "number8": "1",
      "string9": "foo",
      "number9": "1"
    },
    "account": {
      "dateOfBirth": "1835-04-01",
      "history": {
        "createdAt": "1876-06-01",
        "modifiedAt": "1876-08-13",
        "paymentAccountEnrolledAt": "1876-06-01",
        "passwordModifiedAt": "1876-06-01"
      },
      "type": "fidoAuthenticator",
      "previousSuspiciousActivity": false,
      "email": "sherlock.holmes@example.com"
    },
    "transaction": {
      "firstName": "James",
      "lastName": "Moriarty",
      "phoneNumber": "01189998819999197253",
      "preOrderDate": "1876-08-13",
      "reorder": false,
      "history": {
        "attemptsLastYear": 3,
        "completedLastSixMonths": 4,
        "attemptsLastDay": 2,
        "shippingAddressFirstUsedAt": "1876-06-01",
        "addCardsLastDay": 1
      },
      "giftCardsPurchase": {
        "totalValue": {
          "amount": 10000,
          "currency": "GBP"
        },
        "quantity": 1
      }
    }
  },
  "expiry": "600"
}

Response

{
  "url": "https://payments.worldpay.com/app/hpp/integration/transaction/xxxxxxxxxxxxxxxxxxxx&cs=yyyyyy"
}

Important

Worldpay's Hosted Payment Pages use and switch traffic between multiple domains. To prevent disruptions in service, do not whitelist domains.

Use the link in the url element to redirect your customer to the payment pages and complete the payment.

Info

In case of an error, you can get further information in our error reference.

Next steps

Redirect your customer

Setup a Payment

Integration overview

Prerequisites

Set your headers

Send your request

Mandatory parameters

Store a card

Code examples with minimum and all fields:

Take a payment from a stored card (card on file)

Code examples with mandatory and all fields:

Optional parameters

Risk data

Account

Transaction

Shipping

Full example request

Response

Do you like our page?