Last Updated: 09 June 2025 | Change Log
Setup a Payment
SMB (Worldpay eCommerce)
Our Hosted Payment Pages API generates a URL in the response. Redirect your customer to this URL to take a payment.
Integration overview
Prerequisites
Pull your credentials from your dashboard.
Set your headers
Setting your headers is an important part of an API request. The headers represent the meta-data associated with your API request.
Authorization: {your_credentials}
Content-Type: application/vnd.worldpay.payment_pages-v1.hal+json
Accept: application/vnd.worldpay.payment_pages-v1.hal+json| Header | Description |
|---|---|
Authorization | The mandatory Authorization header is used for authentication and identification of our merchants within Access Worldpay. Replace {your_credentials} with your base64-encoded Basic Auth username and password you have received from us. |
Content-Type | The Content-Type header is required if the request you're sending includes a request body, and if the HTTP method is a POST or a PUT. |
Accept | Use the mandatory Accept header to identify which version of our Hosted Payment Pages API you are using. |
Info
If you're using both the Content-Type and Accept headers, they must match.
Send your request
POST your request to the payment_pages:setup action link to setup a payment.
POST https://try.access.worldpay.com/payment_pages
Example request with minimum required fields:
{
"transactionReference": "MyTransaction123",
"merchant": {
"entity": "POxxxxxxxxx"
},
"narrative": {
"line1": "Mind Palace Ltd"
},
"value": {
"currency": "GBP",
"amount": 123
}
}Mandatory parameters
| Parameter | Description | Data type | Field Length |
|---|---|---|---|
transactionReference | A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format. | String | Must be between 1 to 64 characters. |
merchant | An object that contains information about the merchant. | Object | N/A |
merchant.entity | You can find your entity in your Dashboard under "Developer Tools". Using your own entity reference causes the transaction to fail. | String | Must be between 1 and 32 characters. |
narrative | An object that helps your customers better identify you on their statement. | Object | N/A |
narrative.line1 | An object that helps your customers better identify you on their statement. | String | Must be between 1 and 24 characters |
value | An object that contains information about the payment transaction. | Object | N/A |
value.currency | The 3 character ISO currency code. | String | 3 character ISO currency code |
value.amount | The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table. | Integer | N/A |
Store a card
You can save your customer's card as part of a payment request by creating a token. You can use this card for any subsequent payments using this token. This is known as a Customer Initiated Transaction (CIT) or card on file transaction.
Code examples with minimum and all fields:
{
"transactionReference": "MyTransaction123",
"merchant": {
"entity": "POxxxxxxxxx"
},
"narrative": {
"line1": "Mind Palace Ltd"
},
"value": {
"currency": "GBP",
"amount": 123
},
"createToken": {
"type": "worldpay",
"namespace": "SHOPPER_ID_1234567890",
"description": "Test Token Description",
"optIn": "ASK"
}
}| Value | Required? | Description |
|---|---|---|
createToken | ✅ | An object that instructs us to create a token for the payment details supplied. |
type | ✅ | The type of token. The value is "worldpay". |
namespace | ✅ | A namespace is used to group up to 16 cards, e.g. for one customer. A card can exist in more than one namespace. |
description | ✅ | A description of your token. If not supplied, a default description is created for you. |
optIn | ✅ |
Note If your customer does not consent, then no card details are saved. |
The below table contains fields required for the first transaction in the series of Merchant Initiated Transactions.
| Value | Required? | Description |
|---|---|---|
customerAgreement | ✅ | An object that contains specific customer agreements for the transaction. |
type | ✅ | The processing arrangement agreed with your customer. The value is "cardOnFile". |
storedCardUsage | ✅ | Set to "first" to store a card or "subsequent" to use a previously stored card. |
Note
We return the token via a webhook.
Take a payment from a stored card (card on file)
Use a previously stored card (Customer Initiated Transaction (CIT)) to take a payment. We capture the CVC as part of this flow.
Examples
Response
application/vnd.worldpay.payment_pages-v1.hal+json
Successful response
{ "url": "https://payments.worldpay.com/app/hpp/integration/transaction/xxxxxxxxxxxxxxxxxxxx&cs=yyyyyy", "_links": { "self": { "href": "https://access.worldpay.com/paymentQueries/payments?transactionReference=174420000000000" } } }
| Value | Required | Description |
|---|---|---|
paymentInstrument | ✅ | An object that contains the payment type and details. |
type | ✅ | The payment type details. Value is "card/tokenized". |
href | ✅ | We return this after token creation via the webhook. |
Optional parameters
We handle 3DS authentication and fraud assessments on your behalf. However, supplying the additional optional fields below, increases the chance of a frictionless flow for your customer.
Info
The result URLs are required to redirect your customer to your defined URL at the end of their payment journey.
| Parameter | Required? | Description | Data type | Field Length |
|---|---|---|---|---|
description | ❌ | An optional text, when supplied is displayed to your customer on payment pages. | String | Maximum of 128 characters. |
billingAddress | ❌ | An object containing the billingAddress information. | Object | N/A |
billingAddress.firstName | ❌ | Customer's first name. | String | Maximum of 22 characters |
billingAddress.lastName | ❌ | Customer's last name. | String | Maximum of 22 characters |
billingAddress.address1 | ✅ | Only required when billing address is provided. | String | Maximum of 85 characters. |
billingAddress.address2 | ✅ | Only required when billing address is provided. | String | Maximum of 85 characters. |
billingAddress.address3 | ✅ | Only required when billing address is provided. | String | Maximum of 85 characters. |
billingAddress.postalCode | ✅ | Only required when billing address is provided. | String | Maximum of 15 characters. |
billingAddress.city | ✅ | Only required when billing address is provided. | String | Maximum of 50 characters. |
billingAddress.state | ✅ | Only required when billing address is provided. For the United States or China (must be ISO-3611-2, only provide two characters after "US-" or "CN-", e.g. FL for Florida or BJ for Beijing). | String | Maximum of 50 characters. |
billingAddress.countryCode | ✅ | Only required when billing address is provided. | String | Must be a valid ISO3166-1 alpha-2 country code. |
resultURLs | ❌ | An object containing the different URLs we redirect your customers to when we receive the payment result. We recommend that you provide us with your custom result URLs. | Object | N/A |
resultURLs.successURL | ❌ | When we receive the payment result for a successful payment, we redirect your customer to the success URL. | String | N/A |
resultURLs.pendingURL | ❌ | When we receive the payment result for a pending payment transaction, we redirect your customer to the pending URL. | String | N/A |
resultURLs.failureURL | ❌ | When a payment fails, we redirect your customer to the failure URL. | String | N/A |
resultURLs.errorURL | ❌ | When we receive the payment result for an erroneous payment, we redirect your customer to the error URL. | String | N/A |
resultURLs.cancelURL | ❌ | When your customer cancels a transaction, we redirect that customer to the cancel URL. | String | N/A |
resultURLs.expiryURL | ❌ | When a customer leaves the payment transaction uncompleted within the maximum allowed time frame, we redirect your customer to the expiry URL. | String | N/A |
custom | ❌ | An object containing all data that can be used to configure manual fraud rules. | Object | N/A |
custom.string1-9 | ❌ | 9 available slots for custom string values you can use to configure manual fraud rules. | String | N/A |
riskData | ❌ | To increase the chances of a frictionless flow, we recommend sending additional data in the riskData object. | Object | N/A |
settlement | ❌ | An object containing information relating to whether auto settlement is turned on or off. | Object | N/A |
settlement.auto | ✅ | A value when specified allows you to turn auto settlement off. The default behaviour is always on and there is nothing to specify. | Boolean | N/A |
cancelOn | ❌ | An object containing configuration for when a payment is sent for cancellation automatically. | Object | N/A |
cancelOn.cvcNotMatched | ✅ | A value when specified allows you to continue to sent for settlement. By default a payment will be sent for cancellation if the CVC is not matched and there is nothing to specify for the default behaviour. | String | N/A |
expiry | ❌ | Allows you to configure the duration your customer can access the payment link. If not provided, defaults to 3600 seconds. | Object | min 300 seconds - max 2,592,000 seconds |
customisation_id | ❌ | A unique value that identifies which customization should be used for this transaction. Set it to null to use the default customization. | String | 21 characters |
locale | ❌ | When we receive one of the supported locale values, the payment pages are loaded in the language of the locale. If locale is not specified, the payment pages load in English. | String | Maximum of 5 characters |
hostedCustomization | ❌ | An object containing CSS customization. | String | N/A |
hostedProperties | ❌ | An object containing functional properties customization. | String | N/A |
Risk data
There are three riskData objects you can include in your request:
Account
| Parameter | Description |
|---|---|
account | Object containing all customer account related risk data. |
account.previousSuspiciousActivity |
|
account.type |
|
account.email | The customer's email address. |
account.history.createdAt | When the account was created. |
account.history.modifiedAt | When the account was last modified. |
account.history.passwordModifiedAt | When the account password was last changed. |
account.history.paymentAccountEnrolledAt | Date the payment account was added to the cardholder account. |
Transaction
| Parameter | Description |
|---|---|
transaction | Object containing all customer transaction related risk data. |
transaction.reorder | Repeat of a previous order :
|
transaction.preOrderDate | Expected date that a pre-ordered purchase will be available. |
transaction.firstName | Customer's first name. |
transaction.lastName | Customer's last name. |
transaction.phoneNumber | Customer's phone number. |
transaction.history | Object containing details of the last transaction. |
history.attemptsLastDay | Number of transactions (successful or abandoned) for this cardholder account within the last 24 hours. |
history.attemptsLastYear | Number of transactions (successful or abandoned) for this cardholder account within the last year. |
history.completedLastSixMonths | Number of purchases with this customer account during the previous six months. |
history.addCardsLastDay | Number of attempts to add a card in the last 24hrs. |
history.shippingAddressFirstUsedAt | When the shipping address used for the transaction was first used. |
transaction.giftCardsPurchase | If the order is being used to purchase a gift card. |
giftCardsPurchase.totalValue.currency | The three digit currency code. See list of [supported currencies. If provided must include totalValue.amount. |
giftCardsPurchase.totalValue.amount | The amount being placed on the gift card. If provided, must include totalValue.currency. |
giftCardsPurchase.quantity | The number of gift cards being purchased. |
transaction.threeDS | Object containing information relating to whether 3DS is turned off. |
threeDS.type | A value allowing you to turn off 3DS. The default is "on". |
transaction.fraud | Object containing information relating to whether FraudSight is turned off. |
fraud.type | A value allowing you to turn off FraudSight. The default is "on". |
Shipping
| Parameter | Description |
|---|---|
shipping | Object containing all data related to how the order will be shipped. |
shipping.nameMatchesAccountName | Customer name on account is identical to the shipping name:
|
shipping.method |
|
shipping.timeFrame |
|
shipping.email | The email address used for an electronic delivery. |
shipping.address | An object containing the shipping address information. If included, you must send at least:
|
Full example request
{
"transactionReference": "MyTransaction123",
"merchant": {
"entity": "POxxxxxxxxx"
},
"narrative": {
"line1": "line1"
},
"value": {
"currency": "GBP",
"amount": 123
},
"description": "Mind Palace Ltd",
"billingAddressName": "Sherlock Holmes",
"billingAddress": {
"firstName": "John",
"lastName": "Watson",
"address1": "221B Baker Street",
"address2": "Marylebone",
"address3": "Westminster",
"postalCode": "NW1 6XE",
"city": "London",
"state": "Greater London",
"countryCode": "GB"
},
"resultURLs": {
"successURL": "https://mindpalace-website/result/success",
"pendingURL": "https://mindpalace-website/result/pending",
"failureURL": "https://mindpalace-website/result/failure",
"errorURL": "https://mindpalace-website/result/error",
"cancelURL": "https://mindpalace-website/result/cancel",
"expiryURL": "https://mindpalace-website/result/expiry"
},
"riskData": {
"shipping": {
"firstName": "James",
"lastName": "Moriarty",
"address": {
"city": "Durham",
"address1": "The Palatine Centre",
"address2": "Durham University",
"address3": "Stockton Road",
"state": "County Durham",
"countryCode": "GB",
"postalCode": "DH1 3LE",
"phoneNumber": "01189998819999197253"
},
"method": "verifiedAddress",
"nameMatchesAccountName": false,
"email": "james.moriarty@example.com",
"timeFrame": "nextDay"
},
"custom": {
"string1": "foo",
"number1": "1",
"string2": "foo",
"number2": "1",
"string3": "foo",
"number3": "1",
"string4": "foo",
"number4": "1",
"string5": "foo",
"number5": "1",
"string6": "foo",
"number6": "1",
"string7": "foo",
"number7": "1",
"string8": "foo",
"number8": "1",
"string9": "foo",
"number9": "1"
},
"account": {
"shopperId": "1234",
"dateOfBirth": "1835-04-01",
"history": {
"createdAt": "1876-06-01",
"modifiedAt": "1876-08-13",
"paymentAccountEnrolledAt": "1876-06-01",
"passwordModifiedAt": "1876-06-01"
},
"type": "fidoAuthenticator",
"previousSuspiciousActivity": false,
"email": "sherlock.holmes@example.com"
},
"transaction": {
"firstName": "James",
"lastName": "Moriarty",
"phoneNumber": "01189998819999197253",
"preOrderDate": "1876-08-13",
"reorder": false,
"history": {
"attemptsLastYear": 3,
"completedLastSixMonths": 4,
"attemptsLastDay": 2,
"shippingAddressFirstUsedAt": "1876-06-01",
"addCardsLastDay": 1
},
"giftCardsPurchase": {
"totalValue": {
"amount": 10000,
"currency": "GBP"
},
"quantity": 1
}
}
},
"hostedCustomization": {
"fonts": {
"family": [
"Comic Sans MS"
]
},
"buttons": {
"backgroundColor": "#ff0",
"border": {
"style": "solid",
"color": "#0ff",
"width": "3px",
"radius": "0px"
},
"hover": {
"backgroundColor": "#ddf"
},
"focus": {
"backgroundColor": "#dfd"
}
},
"inputs": {
"backgroundColor": "#ffffff",
"border": {
"style": "solid",
"width": "2px",
"radius": "2px",
"color": "#fff"
},
"placeholder": {
"color": "#001"
},
"hover": {
"backgroundColor": "#ff0000",
"color": "#7f0000",
"border": {
"color": "#0ff"
}
},
"focus": {
"backgroundColor": "#0240ff",
"color": "#001f7f",
"border": {
"color": "#0ff"
}
},
"validation": {
"ok": {
"color": "#00f"
},
"error": {
"color": "#f00"
}
}
},
"page": {
"backgroundColor": "#333",
"color": "#fff"
}
},
"hostedProperties": {
"showBillingAddress": "EDIT",
"showShippingAddress": "HIDE",
"showCountryList": "false",
"showLanguageList": "false",
"showContactDetails": "HIDE",
"sendURLParameters": "true",
"showPoweredByWorldPay": "true",
"showCancelButton": "true",
"showChangePaymentMethodButton": "false",
"disableStrictUrls": "true",
"showHeader": "true",
"showFooter": "true",
"showCardIcons": "false",
"paymentButtonLabel": "makePayment",
"showCardholderName": "true",
"showPaymentDetailsHeader": "true",
"passBackErrorReasons": "true",
"maskCardDetails": "false",
"googlePayButtonColour": "black",
"googlePayButtonLabel": "long",
"applePayButtonType": "plain",
"applePayButtonStyle": "black"
},
"settlement": {
"auto": true,
"cancelOn": {
"cvcNotMatched": "disabled"
}
},
"expiry": "600"
}Response
Response
application/vnd.worldpay.payment_pages-v1.hal+json
Successful response
{ "url": "https://payments.worldpay.com/app/hpp/integration/transaction/xxxxxxxxxxxxxxxxxxxx&cs=yyyyyy", "_links": { "self": { "href": "https://access.worldpay.com/paymentQueries/payments?transactionReference=174420000000000" } } }
You receive:
- a
urlelement to redirect your customer to the payment pages and complete the payment - a
hrefelement to query for next action links once a payment has been made
Important
Worldpay's Hosted Payment Pages use and switch traffic between multiple domains. To prevent disruptions in service, do not whitelist domains.
Info
In case of an error, you can get further information in our error reference.
Next steps